What I've done so far with the Flipper Zero:

1. Infrared - Onboard IR can easily detect, clone, and emulate IR codes. Used this to control a few devices at home.
2. 125 kHz RFID - I've been able to detect, clone, and emulate several 125kHz RFID badges and keyfobs.
3. NFC - I can read, clone, and emulate NFC tags. I cloned one of the ones I wrote earlier that can jump on guest wifi. Emulating it works great to connect to guest wifi on my phone!
4. U2F - Works but I prefer Yubikeys. I'm also wondering if there's a way to do the U2F via NFC instead of USB, which would bring it closer to the Yubikey use case. No FIDO2 though (yet).
5. Sub-GHz - I cloned the signal from my car key to unlock my car, but it caused my car to stop trusting my key and it stopped working. I fixed it by resetting my car and key, but it's risky and might make your key stop working. Don't try it unless you're prepared for that. It could cost you your keys!
6. Bluetooth - Sync'd to the phone and Flipper app and found it a useful addition.
7. Wifi Module - Loaded Marauder and it scans and performs attacks successfully.
8. Alternate Firmware - Tried Unleashed. Works great! I'm looking to try some others to see what they offer. RogueMaster up next.

To Do:

1. iButton testing.
2. BadUSB testing.
3. RogueMaster testing.
4. Test more RFID cards.
5. Test more apps.
6. Level up the Flipper!

#FlipperZero #hardware #hardwarehacking #badusb #rfid #infrared #nfc #wifi #hacking #infosec #security #cybersecurity

Last night I set up an instance of Stable Diffusion to generate #aiart and I've been having a great time generating images. Now I don't have to be rate limited by hosted solutions like OpenAI Dall E 2 or Midnight Journey.

#homelab #selfhosted

Finished setting up some new LXC containers: InfluxDB / Grafana collecting Proxmox cluster data and Proxmox Backup Server data.

Not a bad integration but I need to figure out how to do the same for VMs and containers. Also I haven't seen a good Proxmox cluster dashboard yet for Grafana.

#homelab #influxdb #grafana #proxmox #lxc #monitoring

That was fun to watch @nova and the hachyderm team work live on the hachyderm.io Mastodon network. A nice peek into production work.

...And we get some neat stats and official updates:

Generate a gpg key if you don't have one. Generate a password in your password manager to use and store the private key in your pw mgr when you're done:
gpg --full-gen-key

Copy the fingerprint of your generated key:
gpg --fingerprint

Generate an initial public key to export with an email you can verify:
gpg --armor --export EMAIL > pubkey.asc

Upload pubkey.asc to keys.openpgp.org:
https://keys.openpgp.org/upload

Confirm your verification email after it uploads.

Add a tweet on birdsite, include the text, replace with your fingerprint with no spaces:
[Verifying my cryptographic key: openpgp4fpr:FINGERPRINT]

Copy the link to your tweet for later use.
https://twitter.com/USER/status/TWEET_ID

Add the same verification string to your infosec.exchange profile.

Copy the link to your Mastodon profile for later use.
https://infosec.exchange/@USER

Now we go back to your gpg to add notations to your key.
gpg --edit-key FINGERPRINT
uid 1 <enter>

We'll be adding two notations:
notation <enter>
[email protected]=https://twitter.com/USER/status/TWEET_ID
notation <enter>
[email protected]=https://infosec.exchange/@USER
save <enter>

Now we can upload the new key easily:
gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT

Once that's done you can validate at your keyoxide fingerprint page:
https://keyoxide.org/FINGERPRINT

You should see check marks for Mastodon and birdsite validating ownership.

If anyone is unsure whether you own the account asking for proof you can direct them to your keyoxide page.

If I missed steps let me know but you can also read the docs for more features and service providers: https://docs.keyoxide.org/