research – calderonpale.com

CatSniffer: Swiss Army for IoT RF Hacking

November 1, 2021December 5, 2021 calderpwn Leave a comment

CatSniffer (😼) is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates the new chips TI CC1352, Semtech SX1262, and Microchip SAMD21E17.

This board is a swiss army for IoT security researchers, developers, and enthusiasts. The board can be used with different types of software including third-party sniffers such as SmartRF Packet Sniffer, Sniffle, zigbee2mqtt, Z-Stack-firmware, Ubiqua Protocol Analyzer, our custom firmware, or you can even write your own software for your specific needs.

CatSniffer can operate in 3 different frequencies:

LoRa
Sub 1 GHz
2.4 GHz

Protocols

Thread
Zigbee
Bluetooth 5 Low Energy (BLE)
IEEE 802.15.4g
6LoWPAN (IPv6 over Low power Wireless Personal Area Networks)
Sub 1GHz and patented systems
LoRa/LoRaWAN

Nmap Network Exploration and Security Auditing Cookbook (3rd edition)

September 17, 2021December 5, 2021 calderpwn Leave a comment

The third edition of “Nmap: Network Exploration and Security Auditing Cookbook is out today. Most of the things I’ve learned about Nmap in past years are scattered throughout the book. Shares and Amazon reviews are super appreciated 🙂

Quick notes about Azure Table Storage Injection in Windows Azure Mobile Services

April 25, 2020September 5, 2020 calderpwn Leave a comment

One beautiful afternoon you come across the popular Azure Table Storage service during an assessment. Shit, a NoSQL service hosted on Azure. It must be secure right?Well, again it is up to the developer’s implementation and unsurprisingly, it is possible to use SQL injection (NoSQL injection?) to extract more data than intended if the developers failed at sanitizing parameters.

How do you identify this service?

Look for apps sending requests to *.azure-mobile.net
Requests sent to /tables/
Requests containing the operators shown next included in the request variable ‘filter’

What operators can you use to extract information?

Extract information from other tables using the following supported comparison operators:

eq (Equal)
gt (GreaterThan)
ge (GreaterThanOrEqual)
lt (LessThan)
le (LessThanOrEqual)
ne (NotEqual)

I hope you find the operators reference useful and remember to stay on the hunt ;).
Reference:

Querying tables and entities: https://docs.microsoft.com/en-us/rest/api/storageservices/querying-tables-and-entities#supported-comparison-operators

Another IoT horror story

April 17, 2020September 5, 2020 calderpwn Leave a comment

Last year a smart water bottle got into my hands, and of course, as a curious person I needed to check how secure it was… Unsurprisingly, it was not.

IoT shit
Stay tuned for the full write-up describing issues found in this product in the BLE implementation, the mobile application and more.

Estadísticas 2015 de Redes Wifi en México

January 1, 2016January 1, 2016 calderpwn Leave a comment

ecosistema de redes 802.11 en México (INFOGRAFIA) y aquí les presento las estadísticas del 2015. Si quieren saber más detalles no duden en contactarme. ]]>