CatSniffer: Swiss Army for IoT RF Hacking

CatSniffer (😼) is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates the new chips TI CC1352, Semtech SX1262, and Microchip SAMD21E17.

This board is a swiss army for IoT security researchers, developers, and enthusiasts. The board can be used with different types of software including third-party sniffers such as SmartRF Packet SnifferSnifflezigbee2mqttZ-Stack-firmwareUbiqua Protocol Analyzerour custom firmware, or you can even write your own software for your specific needs.

CatSniffer can operate in 3 different frequencies:

  • LoRa
  • Sub 1 GHz
  • 2.4 GHz


  • Thread
  • Zigbee
  • Bluetooth 5 Low Energy (BLE)
  • IEEE 802.15.4g
  • 6LoWPAN (IPv6 over Low power Wireless Personal Area Networks)
  • Sub 1GHz and patented systems
  • LoRa/LoRaWAN
Bring a CatSniffer home

Quick notes about Azure Table Storage Injection in Windows Azure Mobile Services

One beautiful afternoon you come across the popular Azure Table Storage service during an assessment. Shit, a NoSQL service hosted on Azure. It must be secure right?Well, again it is up to the developer’s implementation and unsurprisingly, it is possible to use SQL injection (NoSQL injection?) to extract more data than intended if the developers failed at sanitizing parameters. 

How do you identify this service?

  • Look for apps sending requests to *
  • Requests sent to /tables/
  • Requests containing the operators shown next included in the request variable ‘filter’

What operators can you use to extract information?

Extract information from other tables using the following supported comparison operators:

  • eq (Equal) 
  • gt (GreaterThan)
  • ge (GreaterThanOrEqual)
  • lt (LessThan)
  • le (LessThanOrEqual) 
  • ne (NotEqual)

 I hope you find the operators reference useful and remember to stay on the hunt ;).

Querying tables and entities: