Mastodawn

It's time for our FIRST HAM radio license exam at DMA on Monday March 16th! 📡✨🎉

If you're interested in taking the exam it is FREE but be sure to pre-register so we have an accurate head count. See QR code or link below to register.

Regular radio night starts at 7:30pm

https://ham.study/sessions/6995ec0a4cc504eca8d2c0cf/1

#radio #hamradio #fcc #AmateurRadio #pnw #seattle #hackerspace

Karl Jan 6

Show thread

Jeff Moss Jan 4

@supersat @defcon It was over taken by events when Resorts World senior management were caught up in a money laundering investigations, and everyone was essentially fired. Since then we have been watching from a distance to see if they have changed.

Karl Jan 4

It's been a year and a half since former @defcon partner Resorts World decided to barge into guest rooms booked under the DEF CON room block with security

We were promised an update after everyone left in 2024, and still no update!

@thedarktangent you promised a response... where is it?!

Karl Jan 3

Does anyone have an Austin amp transit card??

Karl Dec 26

Who is taking the IRS Direct File code, modifying it for 2025, and hosting it as a free, non-profit service?

Bonus points if they are (or are applying to be) an IRS Electronic Return Originator

Karl Nov 28

💜💙💚💛🧡❤️ vanta rainbow black ❤️🧡💛💚💙💜Nov 28

The Washington Hilton, completed 1965, was designed by architect William Tabler. It's notable not only for its distinctive exterior, but also for the prominent events hosted there. The hotel is or has been home to the White House Correspondents Association Dinner, the National Prayer Breakfast, the Shmoocon conference, and the 1981 assassination attempt on Ronald Reagan, among many other things.

It has extensive back-of-house facilities and security features to accommodate high profile VIPs.

Karl Nov 27

elly Nov 27

About 1.5 years ago my friend was (falsely) accused of terrorism.

All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).

Of course police didn’t find any evidence. Culprit that impersonated my friend (and many others) got arrested recently (article in Polish).

Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.

Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.

My crime is that of curiosity

As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.

Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.

If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.

Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:

Samsung Z Flip3 5G (SM-F711B)
Android build SP2A_220305.013.F711BXXS2CVHF

Rough execution flow:

1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules (hid_steam, hid_apple, hid_prodikeys, hid_logitech_hidpp, hid_magicmouse, hid_aksys and tries to exploit quirks)
4. Module 'hid_aksys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
	- /data/local/tmp/chrome-command-line
	- /data/local/tmp/android-webview-command-line
	- /data/local/tmp/webview-command-line
	- /data/local/tmp/content-shell-command-line
	- /data/local/tmp/frida-server-16.1.4-android-arm64
	- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)

Have fun!

Słynny bomber zatrzymany – ogromny sukces organów ścigania | Zaufana Trzecia Strona

Prokuratura Regionalna w Poznaniu oraz poznańskie CBZC ogłosiły właśnie wielki sukces - udało się znaleźć i zatrzymać sprawcę mnóstwa alarmów bombowych, który bezkarnie działał od…

Zaufana Trzecia Strona

Karl Nov 14

marble 弹珠 Nov 13

Ayylmao, got Linux running on my @hackaday #supercon badge.
Now it just needs a display and keyboard driver :3

Karl Oct 10

Does anyone know how to configure a Cisco router to initiate V.120 ISDN data calls over a PRI?

I can successfully make a test call but I want a TCP port or session to automatically attach to this call

As it is, the B channel doesn't seem to be connected to anything. See this screenshot. Serial0/1/0 is the PRI. :23 is the D channel.

:0 is the B channel, but I think that's dynamically allocated, and I'm not even sure how to treat it as a terminal for testing. All I get is the usual command prompt.