Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
remy🐀 Profile picture
remy🐀
@_mattata
Dad, Vulnerability Research, Packet connoisseur. He/Him. Cyber Security Architect @GreyNoiseIO, DM's open. Top percentage Rattata. #cve #infosec #cybersecurity
Jul 27, 2024 4 tweets 1 min read
Day 1 in Germany with a single rattagatta node deployed on a T-Dongle-S3 (loving these trains!)

22,675 BTLE devices
14,804 are connectable
7,797 were connected and indexed
AVG RSSI of -88 for connected
1,056 unique characteristic/service pairs Image Compared with US:
Same brands of Bluetooth headphones but EVERYWHERE, Xiaomi/Redmi watches and phones, Lime scooters and Segways, same hardware key lockbox systems (STANMORE), Lots of smart kettles/waffle irons/cappuccino etc..., Polestar (electric cars)
contd.
Mar 21, 2024 13 tweets 3 min read
RE: APEX / ALGS / EAC Remote Code Execution

👋 I wrote undectable cheats for online games for challenge and sport for many, many years. I know enough to know that no one has the answers, but I'd like to call out some things you may have glazed over, and put them in context. 🧵 Image About a month ago, the suspected individual talked on stream about cheating and attempted to defer the accusation by saying "you can't cheat on console"

I am very familiar with this claim, and why it's important in context!
Jan 10, 2024 4 tweets 2 min read
“The research institute says the sender's device name, email address, and mobile phone number are hashed in the iOS device logs.”

Yeah, those hashes are in the wireless handshake too, and you don’t need physical access to the device. This has been known for a loooooooong time The Chinese researchers used a rainbow table.
I… downloaded the US Facebook DB dump, and then generated the hash table assuming that phones near me had the local area code.

Took like 4 hours. Could tell the email and phone number of everyone in wireless proximity instantly.
Feb 19, 2023 4 tweets 1 min read
Lotta hot takes today about about SMS 2FA, so I’ll add mine. Remember all those “text NNNN for a ringtone, only $0.99!” commercials?
Yeah… those telco premium rate sms services are still around, and SMS 2FA is ripe for abuse by registering premium rate numbers. Anyways, SMS fraud is a fun world to know about.
“Why didn’t they just rate limit the SMS 2FA to only distribute one code per hour, limiting volume fraud that could occur?”
Scammers just make more accounts, and despite public statements, Twitter actually cannot identify bots.