Home
Avengers Infosec
Cancel

Could I read your PIN/PASSWORD from platform authenticator?

Android Accessibility Service Android provides accessibility service for disabilities people. This service can access all events on phone’s screen. The security hole is that it can access platform ...

How do we validate NFC ID card correctly?

NFC ID Card - new challenge for fraudsters. NFC ID card is new challenge for fraudsters and banking/fintech. Based on cryptography, the data on card must be consistent. NFC ID card overview: Da...

DNS Security Part 2: Is ECH saving us from MITM?

ECH is final piece of big privacy picture. When we connect to website, the TLS helps us with confidence, security but no privacy. The eyes of ISP still see your target server via SNI. They could te...

Retrieve kafka stream from unavailable place.

Problem I discovered some Kafka brokers. And when I consume topic, I get the error: failed to get offset for topic pushgatway_send Partition 3: dial tcp 172.18.19.58:9092: i/o timeout or failed to ...

Extract passport NFC's SoD certificate

NFC data is followed ICAO’s specification. We must verify the Security Object Document (SoD), it contains signature, data and certificate of Document Signer (DS). Wait, what’s Document Signer Cer...

Google BeyondCorp Walkthrough

ZeroTrust is just a access context management Some years ago, I heard that zerotrust would become the future of security. Nowaday, I see zerotrust in every security product advertisment. From my pe...

TLS fingerprint and mobile security

The use case Mobile applications are replacing the traditional web applications. Some techniques are developed to identify the requests are coming from official application - which they own and not...

DNS Security: Part 1 which can we do if we manage the dns?

If you think dns only resolved the records, think it again. In IoT’s world, it involved more than a resolver. The question When the DNS server is controlled by someone, what can they do with our t...

Setup Macos smartcard login only

This page is for Silicon MacBook only. If you’re locked out from vault, press: Option+Shift+Return to input recovery code and login again. The problem MacOS supports smartcard for login but the im...

[2023] New DNS Service announcement

In late March, we migrated from nginx to knot-resolver. Because of some problems with nginx, user’s switching network from LTE to wifi and vice versa cannot keep connection to dns server over tls. ...