Music, cybersecurity, open source and AI • Author of bettercap, pwnagotchi, opensnitch, bleah, legba and a few other things. Chief Architect @ 🥷

And now Amazon too!!! Funny, i'm not qualified as senior software engineer, or AI engineer, or defensive tech engineer even tho I spent the last 15+ years working on exactly that (some of them are actually using my code). Ages ago I developed one of the first WAFs before Cloudflare was even a thing (evilsentinel, in php, it was crap but visionary), Google scans Android apps for malware every single day with my code ... Amazon is working with technologies I have a patent for ... but I'm not qualified I guess! LOL how freaking disconnected is the hiring process from reality?
rejected by both Google and Cloudflare in less than 48h 🕺
414
1,427
16,329
4,533,434
5 years from now, hacking will be like in the 90s when you just had to telnet into something and login with admin:admin.
vibe code so hard, your entire waitlist is visible in frontend.
54
614
10,803
615,248
New Github badge.
59
369
5,490
194,053
TIL you can enumerate valid email addresses for any G Suite domain with a simple HTTP request ... pretty neat!
70
550
5,244
747,732
Sometimes Linux developers are M0R0NS. Ubuntu 22 LTS, apt upgrade to kernel 6.8, rebooted, networking is gone, no interfaces ... why? Because some IDIOT decided to move a huge amount of network drivers to the linux-modules-extra package, not installed by default. Once you reboot, without networking, you can only install it via USB drive ... if you manage to figure out WHY your network interfaces are all unclaimed. Who the hell thought this was a good idea?
364
228
4,540
365,046
* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago. * Full disclosure happening in less than 2 weeks (as agreed with devs). * Still no CVE assigned (there should be at least 3, possibly 4, ideally 6). * Still no working fix. * Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot. * Devs are still arguing about whether or not some of the issues have a security impact. I've spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can't accept that their code is crap - responsible disclosure: no more.
82
480
2,753
364,956
Replying to @z1poc
i had referrals for all 3 jobs
11
10
2,412
201,363
rejected by both Google and Cloudflare in less than 48h 🕺
44
30
1,760
4,831,947
llama3 8B (not quantized) running on an heterogeneous home cluster made of: - iPhone 15 Pro Max - iPad Pro (not sure which version XD) - MacBook Pro ( M1 Max ) - NVIDIA GeForce 3080 (not visible in video) - 2x NVIDIA Titan X Pascal Very soon also supporting Android (I *have* to also add my NVIDIA Shield GPU!!!!!). Single code base, single model format (reduced and optimally distributed to every node to save space). Everything (including iOS code) is open here github.com/evilsocket/llama3… ... it would be really nice, with the help of the community, taking this project to the next level in terms of optimization and support. My vision is about a distributed inference server that can run any model on any backend in any cluster topology - let's fight programmed obsolescence and democratize inference!
60
235
1,742
304,073
Replying to @dafr0g_
that makes a lot of sense! did not consider it, thanks for the different perspective
6
20
1,618
135,153
You can turn a cheap rpi0w into a plug and play ethernet gadget to upgrade any device to a pentest platform. Nexmon allows monitor mode on the default WiFi running @bettercap and its web UI. Boots in seconds, deauths and gets handshakes like a mf 😬
24
294
1,332
Reminder: you don't need a Kali VM on your macOS with aircrack/replay/mon/etc, @bettercap can put your default wifi ( en0 ) in monitor mode without additional drivers and perform all sorts of wifi attacks (including deauth and handshakes sniffing) ^_^
15
411
1,261
Ironically, DMCA notices indexes are way better than traditional search engines to find movies ☠️
24
338
1,230
fact
39
146
1,029
51,019
Full disclosure happening at 20:00 UTC today, in a bit more than 2 hours.
104
1,004
259,271
LTS my ass
7
13
995
46,701
working on @bettercap's web ui ... it's gonna be a game changer 😈
28
184
799
I've just open sourced uroboros, a GNU/Linux monitoring and profiling tool focused on single processes, written in Go. Happy new Year everybody 🎁 github.com/evilsocket/urobor…
21
168
812
I just published pwnagotchi 1.0.0a on github, i will not offer any form of support before it gets to a stable 1.0.0, but sharing the process toget there might be fun, it also helps me relax a bit #reasons :D github.com/evilsocket/pwnago…
36
247
760
Pwnagotchi progress and better demo, waking up, doing recon (napping) sending an association frame (for PMKID grabbing), deauthing a couple of stations and capturing an handshake. RaspberryPi0w + ePaper display + nexmon + bettercap + Pwnagotchi software itself. #hacktheplanet
38
195
727
121 days ago I reported something to Apple, no fixes and no follow ups after my ping yesterday, so here it goes the full disclosure. Apple CUPS does not verify TLS allowing an attacker on the same network to impersonate any previously used IPPS printer (or any device really) via spoofed Bonjour advertisements and therefore forcing the Bonjour discovery service to (automatically and silently) connect to an arbitrary host (also external to LAN), leaking sensitive information and allowing the attacker to interact with a plethora of other system services in nasty ways. Of course this also allows anyone to intercept, read and modify print jobs on the network, but frankly that is the least impactful attack vector here. github.com/apple/cups/blob/m…
17
124
745
66,091
from its next release @bettercap wifi.recon module will automatically sniff, save handshakes on a pcap file and mark networks in red if a full 4way handshake has been captured 😎
11
242
710
For the first time in humankind history we have free access to way more knowledge of any past emperor, leader, artist or scientist. There are not excuses for not learning something new everyday and become whatever you want. Geniuses do not exist, curiosity and hard work do.
16
193
701
Pwning WPA/WPA2 Networks With BetterCap and the PMKID Client-Less Attack evilsocket.net/2019/02/13/Pw…
17
313
672
You can force any v8/Electron process to execute arbitrary js code (child_process, http, etc) by forcefully enabling and abusing the builtin debug mechanism ... here's VS Code executing Calc, but I suspect any Electron app is susceptible 🔥 it works with SIP enabled on macOS
17
184
656
Replying to @thiago_peres @z1poc
fair enough! i've just been working as a contractor and then took a sabbatical, that kind of explains it? does it really take that much of an imagination effort? XD
12
7
593
66,704
And if you happen to have an NVIDIA gpu and its drivers got updated as well, booting an older kernel won’t work anymore 🎉 So you are left with guessing WTF is going on and doing things via USB drives if and when you find the issue.
13
6
570
74,970
yeah ... idk ... maybe those places are not for me if they work like that ;)
7
3
531
146,710
A mostly complete chart of neural networks
5
159
514
OMFG I did it!!! I've reversed that mf of Apple's Multipeer Connectivity framework protocol 🥳🎉
10
47
517
Hi, I’m #Pwnagotchi v1.0a
20
102
496
Replying to @DaysGone_1
Except, you can go and be pedantic about terminology somewhere else. Package maintainers, linux developers, people working with linux distros ... whatever.
10
3
500
19,298
I KNOW RIGHT?!?!?!!?
2
452
60,452
Enumerate/Bruteforce/Attack All the Things! Presenting Legba evilsocket.net/2023/11/02/En…
5
108
431
56,850
Like, I write software, I get it, I get how someone can be defensive about the stuff they write, I really do. But holy sh, if your software has been running on everything for the last 20 years, you have a freaking responsibility to own and fix your bugs instead of using your energies to explain to the poor bastard that reported them how wrong he is, even tho he's literally giving you PoC after PoC and systematically proving your assumptions about your own software wrong at every comment. This is just insane.
7
12
422
40,875
I love how everybody is like "oooh boring, the user has to print something!" and entirely ignoring the buffer overflows and whatnot in a process running as root :'D small, small people :D
26
15
434
58,577
Replying to @PR0GRAMMERHUM0R
that'll loop 1001 times tho
5
2
422
7,086
The writeup is gonna be fun, not just for the technical details of it, not just because this RCE was there for more than a decade, but as a freaking example on how NOT to handle disclosures.
2
10
411
35,401
For the record: this is a coordinated disclosure because CERT's VINCE had a leak.
2
16
409
76,498
started working on shellz, a small utility to keep track of your SSH identities, servers and run commands on multiple machines at once. Demo -> asciinema.org/a/203726
16
103
390
Folks with a server behind Cloudflare thinking they are protected: there are tools and services to find the IP address of your origin server, however you can use shieldwall.me/ for free and your firewall will block anything that's not a CF IP address, making it unreachable anyway. Bonus: email notifications if your server is down, and clean intel about malicious IPs from /var/log/syslog because no legit user would connect directly.
🛡️ cf-hero – Technical Overview cf-hero is an open-source CLI tool that reveals the real IP addresses of websites hidden behind Cloudflare’s reverse proxy protection. GITHUB Link 🔗 ⤵️⤵️
13
60
421
47,776
Introducing project #pita ... ultra portable WiFi/BLE scanner running only on nexmon drivers and @bettercap and control channel over bluetooth with btnap
23
88
404
I love people.
19
13
370
70,675
I'm so bitter about this because on that server I host a web app with the meds schedule for my old and sick dogs in order for the dog sitter to know what to give them and when, including pain and cancer treatment. And this morning it was down.
20
4
388
42,725
Spent a couple of days developing an extremely fast Rust API that allows me to search for CVEs given a product and its version, evaluating the whole CPE 2.3 tree and version ranges. Testing it on kernel 5.11.0-34 on Ubuntu 21.04 ... ignorance is a bliss...
16
43
353
This is going to be the writeup opening statement. It's an actual comment from the github conversation. I mean, it's not wrong ...
7
14
337
42,213
as seen on linkedin
7
60
327
27,408
And YES: I LOVE hyping the sh1t out of this stuff because apparently sensationalism is the only language that forces these people to fix.
9
4
319
32,106
Today I found a way to circumvent Twitter API rate limits, fetched all accounts followed by @premiumbusiness and created a database. This db is used by this "Veryfied" browser extension I wrote to mark pre-Musk era verified accounts with the SVG badge, for free. github.com/evilsocket/veryfi…

ALT Troll Troll Face GIF

14
93
312
While literally every other OS fails with tons of alarming errors by default, when you do TLS MITM against Microsoft Windows 10, the user is prompted to install the new certificate ( "Yes" btn focused by default and then "Install certificate..." is focused by default ) ...
8
149
326
Aaaand here’s another piece of sh1t who ripped my research, picture by picture (even the fpga fw version mistake) and made a presentation out of it without credits ... piped.video/D1qLoj5h-8w -> evilsocket.net/2016/03/31/ho…
17
100
319
because it takes an amount of time that i'm not currently willing to sacrifice from my personal life, plus at least one partner that you trust.
4
11
327
37,252
fuck infosec influencers, bring this back
13
21
317
19,658
Nerve ( github.com/evilsocket/nerve ) and the code_auditor example tasklet ( github.com/evilsocket/nerve/… ) using GPT-4o to find a RCE vulnerability in the widget-options v4.0.7 Wordpress Plugin 🧠 Zero code, fully autonomous agent as a simple YAML file.
11
71
341
33,423
felt inspired today and i coded Ditto, a tool for IDK homograph attacks that can also be used for detection by monitoring your company domain github.com/evilsocket/ditto
9
89
321
Replying to @ArnoldLabour
Developers involved in the Linux ecosystem, being either package maintainers or whoever else took that decision. Nobody mentioned kernel developers so just chill and get a life.
3
1
320
17,520
The next @bettercap release will passively extract hostnames from mDNS packets on the network (fingerprint macOS and iOS devices like a boss)
8
104
315
Just wanted to add for the sake of clarity, that i have *so much respect* for the people at Canonical that have been trying to help & mediate from the beginning, I really don't know how they manage to keep their cool like this.
1
4
296
36,523
That is not what he said.
5
296
200,128
Have you ever had to work on a piece of obfuscated javascript, or python, or elf, or anything you can imagine detonating in a container and needed a simple tool to "see what it does"? 👉 github.com/dreadnode/dyana (works on macOS too 🦄)
8
65
305
24,949
somebody might consider the idea that if a single person writes something on twitter and the media picks up only part of what they said and make it sounds like it's the apocalypse, maybe the problem is in the media system
11
15
294
28,071
bettercap (master) now supports PMKID, full and half WPA handshakes. #hacktheplanet
3
86
281
since i was 5-6 i wanted to be an inventor, today at age 32 i'm writing (well, someone else is writing it for me) my first patent ... feels good
27
10
279
The work these gentlemen did is awesome. You can now compile Go apps to run on ARM without an OS but basically as the OS itself. This reduces the attack surface ridiculously. Hats off 👏
We are so excited to announce TamaGo: bare metal Go for ARM SoCs. This project allows, with minimal adaptation to upstream Go, execution of 100% Go applications on the USB armory and hopefully more platforms in the future. Check it out! github.com/inversepath/tamag…
4
62
275
information must be free
8
49
268
lesson learned: if you want people to get interested and understand things, put a cute face on them.
10
20
268
Releasing SpyCast, a cross-platform mDNS enumeration tool written in Rust. github.com/evilsocket/spycas…
7
51
276
Replying to @TakumiHisoka
i'm programming language fluid!
3
1
267
44,449
When your pwnagotchi pwned all nearby networks already and is bored ... ift.tt/31KHakA
12
29
253
bettercap running on a Steam Deck 😍 all modules working, including wifi, ble and hid ❤️
3
15
257
"write a python function for decrypting https traffic from a pcap file" #ChatGPT idk how but it understands context very well. this is original code. It picked the best libraries (TIL about pyshark!) and sketched how decryption would look like (not sure about that though) ... 🤯
4
32
261
I've had a walk for 3 hours, 33 minutes, 2 seconds and kicked 101 clients! I've met 737 new friends and got 60 handshakes! #pwnagotchi #pwnlog
11
40
247
i'm a bit better, trying to keep my mind focused on projects because if i allow it to go somewhere else there's only darkness right now - thanks to everybody who reached out. i'm writing about the story of Pwnagotchi, I've never been so emotional about a blog post. 1.0.0 is near
10
5
239
There's a bunch of people in infosec with the _you don't know who i am_ attitude, asserting their opinions as they were laws that can't be challenged, bashing everyone who _dares_ to disagree with them ... well ... hacking is the exact opposite of that 🖕
17
52
239
@bettercap ❤️ keyboard sniffing #workinprogress #nrf24 #dell
7
40
220
Replying to @BillDemirkapi
i think you didn't understand what you read
6
1
219
21,214
Replying to @veorq
HOW DARE YOU MAKE FUN OF THEM!! Don't you know that their Director of Cryptography "dedicated the last fifteen years to decrypting mathematical codes in Shakespeare’s writings that have revealed unknown sacred geometry hidden in the pyramids of Giza" FOR F SAKE?! BOW, NOW.
20
39
202
This is so cool, i just pushed ssh reverse tunneling support for #shellz and now i can browse: https://localhost:8443/ -> shellz] -> (tor) ... (tor) -> [rpi with tor at home] -> [rpi with arc at home] way better than dyndns or natting the ports 💪^___^ 👍
4
77
218
LOL it also works for non gmail domains that have been transferred to gmail :D
3
14
211
39,534
Today I'm open sourcing Nerve, a tool that allows creating stateful agents with any LLM of your choice - without writing a single line of code. The tool provides to the model a framework of functionalities for planning, saving or recalling memories, etc (you can think about it as a "standard library" of functions for the LLM to use) by dynamically adapting the prompt and making it stateful over multiple inferences. The model will be able to access and use these functionalities in order to accomplish the task you provided. github.com/evilsocket/nerve
4
42
218
36,450
still slow af to start (~20 minutes to load TF and initialize the model) but all hail @pwnagotchi new AI mode, powered by the same type of models that can play Super Mario and Atari games :D #ai #dqn #a2c #skynet
7
41
198