Key Takeaways

1. Take care of your team, and your team will take care of you.
   My role has been closer to a coach than a commander. The more I invested in the team’s well being and clarity, the more they owned the product and exceeded expectations.

2. Challenge the status quo relentlessly.
   Efficiency is not about hitting KPIs blindly. It is about constantly asking: could we do this better? That curiosity must be part of the team DNA.

   ... ➦

Since 2017, I have created and been maintaining cfptime.org, a community-driven project aimed at centralizing call-for-papers information for information security conferences.

Initially, my first goal was simple: we had an intern joining our team and who was about to work on Django Framework, I didn’t know it and I wanted to know the basics. Additionally, some other goals were simply to have fun, contribute something valuable to the community.

Connecting Meross MSG100 to TUBAUTO ProCom 7-3 Garage Door: A Quick Guide

Modernizing your garage door to be smart-enabled can greatly enhance convenience and security. The Meross MSG100 Smart Wi-Fi Garage Door Opener offers an easy solution to connect your garage door to your home network, allowing you to control it remotely through the Meross application. If you have a TUBAUTO ProCom 7-3 garage door opener, integrating it with the Meross MSG100 is straightforward with the right guidance.

In the ever-evolving landscape of software development, GitOps has emerged as a powerful paradigm, initially associated with cloud-native applications. However, its significance personally extends beyond the realms of modern, containerized environments. GitOps has proven to be a valuable concept for legacy (or “more traditional”) applications too, providing a bridge that captures technical expertise and establishes deterministic operations resulting in a better quality of service.

The Essence of GitOps

GitOps is fundamentally rooted in the principles of declarative infrastructure and version control. At its core, it leverages Git repositories as the single source of truth for both application code and infrastructure configurations. Changes to the system are managed through pull requests, allowing for collaboration, versioning, and a clear audit trail.

Incident clustering, also known as event clustering or anomaly clustering, is a technique used in data analysis and machine learning to group similar incidents or events together based on their characteristics or patterns.

In order to deep dive into this, we used sklearn and matplotlib to both do machine learning and visualize results in an easy way. In few words:

• Scikit-learn is a powerful and popular open-source machine learning library in Python. It provides a wide range of tools for various machine learning tasks such as classification, regression, clustering, dimensionality reduction, and more. Scikit-learn is built on top of other Python libraries like NumPy, SciPy, and matplotlib and integrates well with the scientific Python ecosystem.
• Matplotlib is a 2D plotting library in Python that allows you to create a wide variety of static, animated, and interactive visualizations. It is highly customizable and can be used to visualize data in the form of line plots, scatter plots, bar plots, histograms, and more.

The main idea is quite simple - clustering incidents and try to find “clusters” - aka ~incidents categories so that we group them and go from 900 dedicated incidents to 10 categories, easier when we want to tackle big subjects which will ease our work in the upcoming days.

This article aims at providing you some insights about the experience I had in the “infosec world” for the past few years. I had an amazing journey and grateful for everything that happened. Don’t get me wrong with the title, even if the road was sometimes “bumpy” (aka ‘bad’ experiences), I got some good lessons learnt through them and live by them. I am not trying to convince anyone with this article, except just do what’s good for you and preserve yourself. Just that.

... ➦

Hi everyone!

Here is a pretty quick blog post on some Frida/Objection things I’ve been tinkering with.

I had this Android application which had premium features and wanted to understand how that mechanism worked and if it was robust enough. Let’s see what was the journey on how I’ve bypassed it using Frida.

After disassembling the application with Jadx, I was able to perform a simple grep -r -i 'premium' . into the sources and leading me to where the Premium checks were done.

“DevOps” movement started “publicly” (first time we heard this term) circa 2007. Based on that, we (you?) might think that in 2021 that thing is utterly oudated but I totally disagree and I thought I would share some thoughts about DevOps in 2021, and what it means in real life.

I am quite uncomfortable using the word “DevOps”. I’m serious. I guess it’s because we’re putting so many things behind it and I feel we might have lost track of the real sense behind that term - “DevOps”.

Hi everyone!

This article aims at providing you survival steps while tinkering around with Smali & Android applications. The name of the original application I did my search on will remain secret but I created a dummy application doing the same so that you can do it on your own. The link of the MainActivity.java and MainActivity.smali is here

Create a dummy application with Android Studio and just import this. PLACEHOLDER_* strings will have to be replaced with proper ones if you want to try.

While developing/maintaining the WHID Mobile Injector app, it turns out that I received messages and issues on Github telling me that users were:

• Able to access the ESPloit interface through the browser
• but not through the app and the toggle in the side-menu was staying RED (meaning it is unable to connect to the ESPloit interface).

Weird.

After some investigations, I was able to reproduce the issue on some phones at home, and while looking at logcat, I saw some strange lines like this: