My Flock Safety independent security research has reached the point where it felt necessary to compile it all into a formal white paper and statement. Moving forward, all vulnerabilities will be added first to this white paper during the responsible disclosure embargo.
Tag: Ethical Hacking
Addition to the $150 Private LTE Network
The first addition, a awesome 4G LTE router that runs a flavor of OpenWRT, anti-forensics blue merle plugin and supports CBRS bands (aka the $150 private LTE network). First documented case of this being supported!
Setting up your own 4G LTE Network (<$150) for your Embedded System & IoT Hacking Lab via Open5GS + CBRS eNodeB on Ubuntu 24.04
Step by Step instructions to setting up your own private LTE network for cheap, great for home labs, hacking and penetration testing.
Button Presses to Wireless RCE: Shell on Flock Safety’s License Plate Cameras Over Wi-Fi
A combination of reused default passwords, hidden triggers, and completely unauthenticated APIs results in reliable wireless RCE, data disclosure, and device control in the field on Flock Safety's License Plate Readers.
Fly-By – Device 2: The Falcon/Sparrow – Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More
Covering the next batch of disclosures in regards to my Flock Safety security research.
Trap Shooter – Flock Safety Sniffer & Alarm
Custom firmware for the M5NanoC6 (ESP32-C6) that sniffs and then alerts you of nearby Flock Safety devices. Will be integrated into a exploit tool releasing on 09/27/25 for Flock Safety devices!
GainSec in the Middle!
Implementation of Man-in-the-Middle (MiTM) Router / Access Point (AP). Great for embedded, IoT, hardware or similar penetration tests, hacks or research. Creates all interfaces and configurations on the fly, integrates other functionality to make TLS stripping, Android use or Burp Suite use more streamlined.
Unbricking and Flashing the Yardstick One
Bricked your Yardstick One? This step-by-step guide shows how to recover it using its cousin, the GreatFET, by erasing, flashing, and verifying full Sub 1 GHz sniffer functionality.
The quickest and simplest guide to spinning up a powerful local AI stack. Part 7 – Current Stack – Docker Deploy
Going to keep this post extremely brief. I have published the current stack and how to spin it up yourself on my GitHub. Next Part will be implementing Local Agentic RAG with Crawl4AI! Check out the repo HERE
The quickest and simplest guide to spinning up a powerful local AI stack. Part 6 โ Open-WebUI To Crawl4AI โ Chat
Step by Step instructions on how to Integrate Crawl4AI as a tool within Open-WebUI to be used by any model.