Offensive Security

Introduction The Bluetooth Low Energy (BLE) protocol has become a fundamental standard within the IoT ecosystem, used in wearables, sensors, peripherals, and a wide variety of connected devices. It is possible to capture and analyze its traffic in real time using dedicated hardware. For this purpose, the nRF52840 Dongle from Nordic Semiconductor, together with the tool nRF Sniffer for Bluetooth LE, constitutes an accessible and powerful solution. The necessary firmware will be installed on the dongle, the sniffer will be integrated into a Linux environment, and BLE traffic will be captured in Wireshark. Three analysis scenarios are also addressed with different levels of security: connections without pairing, vulnerable classic pairing (Legacy Pairing), and modern and robust pairing based on elliptic curves (LE Secure Connections). ...

Introduction Dynamic analysis of Android applications has become an essential discipline for those who develop or audit their own mobile projects. Instrumenting an app in real time allows us to fully understand how it behaves, which code paths are involved in each operation, and how our defensive mechanisms respond to different scenarios. Among the tools that facilitate this process stand out Frida and Objection. To explore these concepts in a controlled way, we will use the application Android SSL Pinning Demo by httptoolkit, an open-source project designed to experiment with various methods of certificate pinning. We will also make use of the scripts published by the same team to analyze the internal workings of TLS verification. This lab is ideal because it offers a secure environment in which it is possible to test instrumentation techniques without impacting third-party software. ...

Introduction After the configuration in previous articles of the lab, we will proceed to its step-by-step resolution. Solution of the environment Now, in order to participate in the resolution of the environment, it will be necessary to deploy a virtual machine with an operating system such as Kali Linux with a network interface connected to the NatNetwork network created earlier with the OpenVPN .ovpn file to connect to the lab network. We connect to the VPN. ...

Introduction With the network infrastructure already defined in OPNsense with the article above, the next step consists of preparing the virtual machines that will form part of the CTF lab. From this point on, each VM must be correctly integrated into the DMZ and internal networks, respecting the previously established segmentation. Installation of the virtual machines We will perform the installation in VirtualBox of two Debian Linux virtual machines with the smallest number of tools installed since the necessary ones will be installed later. To speed up the installation time, the network version of Debian can be used. The requirements for the machines will be 2 CPU cores, 2 GB of RAM, and 8 GB of storage. ...

Introduction The Capture The Flag (CTF) have become one of the most effective methods to learn cybersecurity in a practical way. The possibility of facing real challenges in a controlled environment allows students and professionals to experiment with pentesting techniques without risks. In this article, the design of a multi-user CTF-oriented lab is described, built on Oracle VirtualBox and OPNsense, where each participant has a completely isolated environment from the rest. ...

Introduction Modulation by frequency shift (FSK, Frequency Shift Keying) is a digital modulation technique where binary information is transmitted by varying the frequency of a carrier between two or more discrete values. In its simplest form, 2-FSK, a bit 0 is represented with a specific frequency (f0) and a bit 1 with another (f1). This technique is widely used in low-speed wireless communications, such as remote controls, telemetry systems, RFID, and IoT devices. ...

Introduction The Flipper Zero is a multifunction device for hacking, security testing and radio frequency protocol exploration. One of its most highlighted features is the ability to transmit and receive SubGHz signals, using the Texas Instruments CC1101 chip, a programmable low-power RF transmitter. SubGHz refers to the range of radio frequencies below 1 GHz (typically between 300 MHz and 928 MHz, depending on the region). These frequencies are used by devices such as remote garage door controls or wireless sensors (temperature, movement, alarms). ...

Introduction The firmware is the embedded software that controls the basic functioning of electronic devices, from routers and IP cameras to smart home appliances and industrial systems. Unlike traditional software, firmware operates directly on hardware, making it a critical target in terms of security, functionality, and privacy. Firmware analysis involves examining this embedded software to understand its internal workings, detect potential vulnerabilities, identify backdoors, and in some cases modify or extract relevant information. This type of analysis is particularly relevant in security audits, forensic investigations, reverse engineering, or exploit development. ...

Introduction️ DMR (Digital Mobile Radio) is a digital radio standard developed by the ETSI (European Telecommunications Standards Institute), designed to replace analog radio systems and offer more efficient communications. It operates in TDMA (Time Division Multiple Access) with two time slots within a 12.5 kHz channel, allowing for simultaneous transmissions on the same frequency. It allows additional services beyond voice transmission, such as data sending, like text messages or location reports of terminals. Around voice, it allows both individual calls similar to mobile phone calls and group calls, where registered terminals can participate.️ ...

Introduction️ With the deployment of a virtual base station virtual and a mobile device with OsmocomBB software, it is now possible to analyze traffic generated when making a phone call or sending text messages using Wireshark.️ Starting the Wireshark tool.️ We start a new session of Wireshark, monitoring by -f UDP packets with the filter -Y gsmtap on the interface -i lo.️ wireshark -k -f udp -Y gsmtap -i lo Start of the virtual base station.️ We are starting the virtual base station.️ ...