My Flock Safety independent security research has reached the point where it felt necessary to compile it all into a formal white paper and statement. Moving forward, all vulnerabilities will be added first to this white paper during the responsible disclosure embargo.
Introducing LeakScope
An all-in-one Shodan & ZoomEye supported tool to search, browse, preview and dump data leakage across 20+ services. Pulls real exposure straight from the sources instead of guessing. Drop it into your workflow and watch it surface leaks you won't find anywhere else.
BirdEye
A TensorFlow Lite harness I threw together for some security research in regards to my long going Bird Hunting Season project!
Addition to the $150 Private LTE Network
The first addition, a awesome 4G LTE router that runs a flavor of OpenWRT, anti-forensics blue merle plugin and supports CBRS bands (aka the $150 private LTE network). First documented case of this being supported!
Setting up your own 4G LTE Network (<$150) for your Embedded System & IoT Hacking Lab via Open5GS + CBRS eNodeB on Ubuntu 24.04
Step by Step instructions to setting up your own private LTE network for cheap, great for home labs, hacking and penetration testing.
Button Presses to Wireless RCE: Shell on Flock Safety’s License Plate Cameras Over Wi-Fi
A combination of reused default passwords, hidden triggers, and completely unauthenticated APIs results in reliable wireless RCE, data disclosure, and device control in the field on Flock Safety's License Plate Readers.
Fly-By – Device 2: The Falcon/Sparrow – Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More
Covering the next batch of disclosures in regards to my Flock Safety security research.
Root from the Coop – Device 3: Root Shell on Flock Safety’s Picard/Bravo Compute Box
Covering the newest and likely rarest of Fock's Devices I've had the chance to get my hands on. In this case, it's a (edge) Compute Box. Much newer harder then the other stuff and its own huge set of challenges. Come see how little I've explored this device and how to get root on it so you can start diving in too!
Roadside to Everyone – Intelligent Traffic Systems (ITS) Research – Kapsch TrafficCom AG (C)V2X Roadside Units (RSU)
I will keep this article brief as I still owe a full disclosure article walking through what was covered in my Phrack Article 'Roadside to Everyone (R2E) Phase 1: Physical & Local Vulnerabilities in (C)V2X RSUs' LINK. This will include more pictures, some deeper explanations of the vulnerabilities, etc. For now I just wanted to … Continue reading Roadside to Everyone – Intelligent Traffic Systems (ITS) Research – Kapsch TrafficCom AG (C)V2X Roadside Units (RSU)
Handling Two-Way Communication as a Technical Leader
Technical leadership requires more than directing tasksโit demands the careful management of two-way communication. A leader serves as the bridge between strategic intent from above and operational reality from below. That responsibility means presenting information in a clear and digestible way, without omitting what is beneficial, so both sides remain aligned in their respective roles. One effective approach is shielding: a strategy where the leader anticipates reactions, filters complexity, and ensures that both technical practitioners and senior leadership receive accurate, balanced communication. Shielding is not passiveโit requires consistent effort, empathy, and accountability. While demanding, it is the most reliable way to build and maintain trust, ensuring that decisions are informed, practitioners are represented fairly, and leadership remains confident in execution.