log 1010
A bestie visited me yesterday night; insomnia.
I was super hype and spend some time busy with this: DEF CON Safe Mode Wireless Village - FreqyXin - The Basics Of Breaking BLE v3 a 101 BLE security. I've trying to check if my 1+ would be valid to sniff BLE. OK, right now I do not, need to root the device and I procrastinated the task. But seems that the device is able to write btsnoop_hci logs, the only issue that on "modern" devices the location of this file is out of the scope of a non-root user.
Thinking about playing around with the ESP32 BLE.
The hype came from a DC31 video Snoop unto them, as they snoop unto us by Dataparty.
Did some modifications to my simple testing utility CST, I added a raw assertion way, to give more flexibility and keep simplicity on code side, e.g.
cst_a("this should be true", 1 == 1);
And updated the tests at CanaryUSB that is the only code where I'm using it right now. I think that the test utility it's almost done for now, since I could afford all the cases that I had before.
During the visit of my bestie I found this: Free Download Manager backdoored – a possible supply chain attack on Linux machines Just to resume: A malicious Debian package that uses cron to start a backdoor on every startup and tries to steal data from the system. And the most scary thing is that allegedly it was there maybe about 3 years ago.
I'm wondering if would possible to system monitor the indicators of compromise, like files/directories and use CanaryTokens in order to get notifications.
rec: Unknown Pleasures Joy Division 1979
<3 & Hack the Planet.