Gabriele Biondo

@[email protected]
22 Followers
63 Following
21 Posts
25 y+ penetration testing • Reverse Engineer • Lecturer • macOS independent security researcher
Irreverent, misanthropic, cat lover
Research and traininghttps://bytearchitect.io
Tools - 0tHhttps://zero-the-hero.run
Tools - the Mechanixhttps://www.mechanix.run
Consultinghttps://www.reveng3.org
Gabriele Biondo1d ago

Reverse Engineering or Necromancy? 🧟‍♂️⚖️

What do you do when the company goes dark, the app vanishes from the App Store, and your "smart" scale becomes a 100€ paperweight?

You reverse it.

I’m starting a new series on ByteArchitect about bringing the QardioBase2 back to life. No ChatGPT-farts here—just raw bluetoothd logs, GATT discovery, and the sad sight of a backend that keeps saying "cancelled."

In this first part:
- Sniffing BLE traffic on iOS (without a jailbreak)
- Mapping proprietary GATT services & characteristics
- Realizing the servers are officially dead (RIP Qardio)

If you despise planned obsolescence as much as I do, join me in this "zombie" recovery:

https://bytearchitect.io/security-reversing/Reverse-with-me-Qardio-necromancy/

#ReverseEngineering #Infosec #BLE #iOS #HardwareHacking #Obsolescence #CyberSecurity #GATT #Necromancy

Gabriele BiondoMar 14
shellsharksMar 13

📜 Scrolls volume 33 is out. Happy Friday!

https://shellsharks.com/scrolls/scroll/2026-03-13

Thanks to everyone below. Their work was featured this week!

@[email protected] @piccalilli @CSSence @desiree @theresmiling @cory @mapache @tlohde @rohitfarmer @brennan @adele @nickle4apickle @renkotsuban @mapache @mtwb @katemorley @enarocks @adulau @manton @gifs_bot @gbiondo @dinosaurs @ai6yr @strider @michaelharley @frank @calebhailey @securedrop @BowieSpace @naturepunk @matdevdug

#indieweb #fediverse #infosec #cybersecurity

Scroll trīgintā trēs

Arcane curation from the IndieWeb, Fediverse and Cybersecurity realms

shellsharks
Gabriele BiondoMar 11

Apparently Electric Eye made it to riskybiz. Not bad for day one.

https://news.risky.biz/risky-bulletin-gen-joshua-rudd-confirmed-as-next-cybercom-and-nsa-head/

Gen. Joshua Rudd confirmed as next CyberCom and NSA head

In other news: US to establish new inter-agency cyber cell; UK to launch Online Crime Centre in April; Coruna exploit kit traced back to L3Harris.

Risky.Biz
Show threadGabriele BiondoMar 10

@yoasif

It's in its development phase. I was thinking to add like a ring around the icon to show the status (green, amber, red), or stgh. like that.

Thanks for the suggestion, anyway. I will implement some visual feedback shortly.

Gabriele BiondoMar 10

Stop chasing blacklists. It's a losing game. I built a Rust engine
to spot AitM proxies where they bleed: in the DOM. Meet Electric Eye.

https://bytearchitect.io/network-security/Bypassing-MFA-with-Reverse-Proxies-Building-a-Rust-based-Firefox-Extension-to-Kill-AitM-Phishing/

#infosec #rust #firefox

Gabriele BiondoMar 2

New post: Hardening macOS pt.5 — Communications

Email clients, providers, PGP, and chat. For a Cypherpunk, talking about communications is like talking politics at the pub. I tried to be factual. Mostly succeeded.

Also: a special note for my Italian readers on PEC. With appropriate levels of contempt.

https://bytearchitect.io/macos-security/MacOS-Hardening-6-email-and-pgp/

#infosec #macOS #privacy #security #PGP #email #Signal

Gabriele BiondoFeb 25

No Hardening macOS this week. Got distracted.

Starkiller is a new phishing kit that proxies REAL login pages in real-time. It steals credentials, MFA tokens and session cookies — and MFA won't save you.

I wrote a full technical analysis: how AitM works, why traditional defences fail, and what to actually do about it.

Also released ja3-probe, a Rust PoC for TLS fingerprinting of phishing proxies.

→ Post: https://bytearchitect.io/network-security/Starkiller-Phishing-Kit-Why-MFA-Fails-Against-Real-Time-Reverse-Proxies/?ref=mastodon
→ PoC: https://github.com/gb-at-r3/ja3Probe

#infosec #phishing #AitM #MFA #TLS #security #rust

Gabriele BiondoFeb 23
Show threadshellsharksFeb 20

Special thanks to everyone mentioned below. Their work was featured in this week’s issue and because of them it’s awesome!

@atomicker @nyurakim @wendyg @thr3d33 @joel @xinicit @regina_nyckelharpista @kniebes @cferdinandi @loebas @webintents @HolosSocial @dyne @gbiondo @quillmatiq @asterisk @nicolasgouny @hrbrmstr @flamed @db @troublewithwords @eeentropyyy @jed @adulau @dtm @HailsandAles @fediway @mttaggart @st3phvee @kitkatwastaken @ingenieur @to3k @64bithero @cmdr_nova @PagedOut

Gabriele BiondoFeb 23
Thanks a lot! 🙏
Show threadGabriele BiondoFeb 23
@shellsharks @atomicker @nyurakim @wendyg @thr3d33 @joel @xinicit @regina_nyckelharpista @kniebes @cferdinandi @loebas @webintents @HolosSocial @dyne @quillmatiq @asterisk @nicolasgouny @hrbrmstr @flamed @db @troublewithwords @eeentropyyy @jed @adulau @dtm @HailsandAles @fediway @mttaggart @st3phvee @kitkatwastaken @ingenieur @to3k @64bithero @cmdr_nova @PagedOut