Phonerator logo

Phonerator – An advanced valid phone number generator

Last year, at DEF CON‘s Recon Village and Bsides Las Vegas, I gave a talk explaining a new OSINT technique to obtain a target’s phone number by knowing their email address. Feel free to read the detailed post explaining the techniques or watch the talk. If you insist on a TL;DR, I demonstrate how the …

Read more

email2phonenumber logo

From email to phone number, a new OSINT approach

Lately I’ve been spending time researching weaknesses and attack vectors in password reset options. At BSides Las Vegas I presented a tool called “Ransombile”. It automates the password reset process over SMS for many Alexa top 100 websites and facilitates targeted attacks when having physical access to locked mobile devices for a short period of …

Read more

Google Meet Roulette logo

GoogleMeetRoulette: Joining random meetings

A while ago, I was at a friend’s house and he mentioned he had to join a work meeting. He used Google Meet to join. The WiFi was acting weird and he was not able to follow the discussion. Someone suggested that he could “call in” making a regular phone call. I overheard that and immediately found …

Read more

Ransombile logo

Ransombile: Yet another reason to ditch SMS

There are more mobile devices than actual people on this planet. These contain loads of personal information, private files and sensitive data. We carry them everywhere at all times and as such, we are prone to lose them or leave them unattended. What are the real consequences of doing so? News like the Apple vs FBI …

Read more

voicemailcracker logo

Compromising online accounts by cracking voicemail systems

I just achieved one of my career goals, giving a talk at DEF CON. What an incredible experience, I cannot thank enough the amazing people that make this con happen. My talk’s title was “Compromising online accounts by cracking voicemail systems” and I thought I write a blog post about it for people that was …

Read more

Call relay protocol logo

DIY Spy Program: Abusing Apple’s Call Relay Protocol

Introduction Apple introduced a new set of features in iOS 8 and Yosemite under the name “Continuity”. These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named …

Read more

Lastpass and Google Authenticator

Design flaws in Lastpass 2FA implementation

As part of a Red Team engagement I found myself looking for a way to bypass two-factor authentication (2FA) in Lastpass. Unfortunately this happened before Tavis Ormandy reported multiple 0-days in Lastpass. Would have saved us so much time! Anyway, 2FA is an additional layer of security to protect user accounts from attackers that have already compromised your password. I mention …

Read more

Venmo post logo

How to steal $2,999.99 in less than 2 minutes with Venmo and Siri

Venmo is a very popular mobile app which simplifies payments among friends. Once you link your bank account or credit card, you can start sending money to others, instantly. With Venmo, you are not limited to just make payments. It allows you to charge others as well. Say your friend had no cash for that tasty burrito …

Read more

Breaking LastPass vaults logo

Even the LastPass Will be Stolen, Deal with It!

I am back from Amsterdam after presenting our research at Blackhat “Even the LastPass Will be Stolen, Deal with It!” together with Alberto Garcia. We had a blast at the conference and we got great feedback from the audience. Many asked for the video, slides, etc. so I though it was worth writing a post …

Read more

About today’s LastPass breach

Today, LastPass issued a security notice on their blog explaining that they detected some suspicious activity on their network. They believe that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised” but also that the encrypted passwords (the vault) was not accessed. What does all this really mean? I found …

Read more