Vangelis tix Stykas
@evstykas
Followers
2,256
Following
410
Media
517
Statuses
5,261
Father of two sons and ARIS fan. Named NOT A UNICORN!🦄 IDOR as a service. @_ifigeneia husband @atroposai jack of all trades Never ethical , mostly legal...
Thessaloniki
Joined December 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#FreenXMintMagTH
• 77763 Tweets
ナイトメア
• 72157 Tweets
FREEN X TIFFANY & CO
• 71222 Tweets
超・獣神祭
• 68807 Tweets
#モンスト
• 67965 Tweets
Kep1er
• 49446 Tweets
Alianza
• 42442 Tweets
Marcelo
• 41465 Tweets
Coyuca de Benítez
• 40957 Tweets
Cerro
• 38693 Tweets
Mets
• 37031 Tweets
ナイトウェア
• 35012 Tweets
あなたの悪夢
• 33776 Tweets
Luciano
• 30956 Tweets
Bharpai Kaun Karega
• 30811 Tweets
HEALING OUR ANGEL'S HEART
• 25793 Tweets
Falcón
• 24370 Tweets
Deku
• 21104 Tweets
Florencia
• 19551 Tweets
#MHA424
• 19477 Tweets
Soto
• 18832 Tweets
Talleres
• 17647 Tweets
Estrada
• 16952 Tweets
Natalia
• 15181 Tweets
Huachipato
• 14277 Tweets
Zubeldia
• 12224 Tweets
#VamosColoColo
• 10390 Tweets
シールド
• 10301 Tweets
Wife just bought a washing machine that has a webserver in it. WHAT COULD POSSIBLY GO WRONG ?
59
39
539
Hello
@xiaomi
and
@XiaomiIndia
is there a reason my phone that is setup on India region has a constant connection over XMPP to a US ip ? It seems this is from your internal com.xiaomi.xmsf app
38
130
394
Fun little snippet from xiaomi Mint Launcher. If you are in EU don't send Analytics, if not you have consented ? Thanks GDPR :)
7
106
343
@MakisSinodinos
@TheKoulWay
Όταν ο πόλεμος τελειώσει οι πολιτικοί παίρνουν πίσω τα εναπομείναντα πυρομαχικά, οι πλούσιοι παράγουν περισσότερη τροφή και οι φτωχοί ψάχνουν τα μνήματα με τα ονόματα των παιδιών τους…
2
18
176
therapist: and what do we do when we’re sad?
me: find an API to play with
therapist: no
5
11
68
Totally Pwning the Tapplock Smart Lock (the API way)
Special thanks to
@TheKenMunroShow
and
@cybergibbons
for all their help for this disclosure.
@Tapplock
brought the api down until its fixed after some pressure so I am able to release this.
3
22
62
So my wife just told me "what IoT do you want as a gift to hack for your birthday?". Other people get shirts and travels, I will get a scada modem! I see it as a win!
3
4
58
Things I want to write : "I am considering this app the toilet brush of web development"
Things that I write : " The architecture needs improvement"
3
4
50
Also is there a reason you are sending all kind of "telemetry" including the known URLs issue to which seems to be hosted in Hong Kong ? I vaguely remember someone reassuring that ALL india data is kept within india. This is most certainly not an India IP
2
6
41
So what I get for YouTube comments of a video explaining that 3 MILLION CARS WERE VULNERABLE is that I have a terrible accent... Fair enough I guess.
5
2
38
9yo: our teacher does not allow us to turn off cameras but I have visual effects, freeze myself by using a video of the past minute and do what I want. I don't know if I should be proud or furious...
6
2
41
Hello
@XiaomiIndia
and
@Xiaomi
how are you ? Remember me ? I am that strange guy tha constantly look at your requests... So you know what is going to happen right ? A Saturday thread about you Mi pay indian app.
3
13
38
I decided to take a deeper look on EV chargers industry. After more than a year of research :
✔️3 account takeover vulnerabilities
✔️2 platform takeover vulnerabilities
✔️multiple hardware vulnerabilities.
I can say: mission accomplished.
We looked at 6 smart electric car chargers: VERY variable security. Trivial account hijack, missing request authorisation, potential to destabilise power grid & more.
@evstykas
explains:
5
43
101
2
8
36
Hello and good morning again
@Xiaomi
and
@XiaomiIndia
, I can see from here that you are trying to cover GDPR but yeah: I see you missed quite a few: Norway requires you to follow GDPR. And yes I set my region to Norway and you sent data to a hong kong...
3
10
33
Our 6 months research with
@s0lfer
on stalkerware talk was really well received in
@BSidesLondon
.
3
5
35
Ok was just joking with my last question I know how to opt out. When I switch my region to a GDPR country no "telemetry" (except the browser) is being sent. So you either care too much about Europe users privacy or too little about their "better experience". I am sure its No 1
1
4
28
Your "music" app EVERY click that I do + all the songs that I play, stop and pause back in batches. Is this something you monitor for "better usage" ? If yes can we just opt out somehow ?
1
2
27
@printfJess
I have so many questions too. But my main goal is not to get killed or a divorce so I will try to get a shell once I am back in Greece in a month. If I break it remotely while not being in the house , my wife will find me and WILL KILL ME
2
1
31
Today I was obliged to learn about ifs and whiles in pseudocode by my son's teacher. It was really interesting to see how other parents with no connection to CS struggled. It was so really scary when I understood how many things I took for granted when explaining shit to people.
2
0
27
So a spammer decided to send a COVID-19 specific spam message from facebook to me. As I am in a lunc break, lets dive into that rabbit hole.
2
5
26
I don't believe I have to say that after 4 years but: DO NOT USE CHEAP GPS DEVICES TO TRACK ANYTHING.
It was not funny 4 years ago, it still isn't. Trackmageddon devices are still being actively sold. FFS
1
8
25
Iot vendors that feel that having a root account with a hardcoded password on ALL your devices that you don't mention is ok. STOP. This will not end well for you or your users.
2
2
23
15% of car APIs still have basic (and I mean IDOR or no auth BASIC) vulnerabilities but hey adding AI in the mix will fix most of it.
4
3
26
Continuing on my quest "Present on every bsides possible", I was accepted to present on Bsides Dublin!
2
0
25
That's from a coal-fired power station in Ptolemaida Greece. Broadcasted on national TV.
Hope that this is not Internet connected.
1
6
25
I now have a repliclable way of restarting the washing machine remotely by crashing the webserver. Someone is not really happy :D
Wife just bought a washing machine that has a webserver in it. WHAT COULD POSSIBLY GO WRONG ?
59
39
539
0
5
23
Half an hour of me talking on how to charge your car for free (spoiler alert: don't do it. It's a crime).
@BSidesLondon
on Track 1 at 14:45.
1
0
23
Funny as it might seem this will be my first time in Cyprus :). Really happy to present in
@BSidesCyprus
!
2
3
24
And WHY all those metrics stop IMMEDIATELY when I put my region in the EU ? (they work if my region is in India, US or China) Is there a reason you don't need all those intrusive statistics for someone in Europe ?
1
3
18
Just got a cold email explaining how a “car alarm takeover” worked and what I could do to protect myself.... I am slight amused.
0
0
20
This one is going to be a really interesting one. Talking on
@BSidesCymru
on owning 100 million devices.
IN 10 SLIDES!
IN 10 MINUTES.
2
3
19
Hello
@Xiaomi
and
@XiaomiIndia
remember me ? I am that strange guy with the Redmi device! Is there a reason you are sending 1 request every minute to (ip is 161.117.193.95 and location is CHINA not India).
5
9
22
Now after that what could we do ? Probably RCE but that's beyond our scope and well within CMA region. What we should do ?
Mark as spam wait for chrome to process it and educate our friends about scams and phishing.
Nice start for the week !
4
1
20
So to sum up : Consistent constant XMPP connection to a US server. Super intrusive "telemetry" that stop immediately when region is in the EU and a daemon application that has no place and seems to be able to gather EVERYTHING from the phone. That does not look good.
1
1
18
Guess who reached 6 owned c2 panels on his
#defcon31
talk ? Interesting panel , written in go.
Also "Signer - Currently doesnt work. have to get real EV cert"
"the purchase of certain malicious software products for educational purposes"
Also, the word malware is mentioned 8 times in the text.
😂
4
2
25
2
4
20
Ok I stand corrected. This is all the apps that I have run through the day. I cannot see any reason that this is needed. Also this is attached to the md5 of my IMEI. ALL those data are going to a Hong Kong server.
2
1
16
Folks , could you please stop putting SCADA devices on the fucking internet with no auth ? It was never funny...
1
0
19
That's definitely something you don't want to see being send to a Hong kong server.
1
1
16
Today I am talking on
@AutoSecResGroup
on how you can attack cars from the cloud. It's mostly videos of frustrated colleagues with bricked cars in the UK and me laughing in Greece...
2
1
17
I told you today is going to be strange... IDOR to expose half a million internal networks. 2 weeks to patch. The irony of using a firewall as a backdoor device from the cloud is GOLD
1
6
18
So you've got your iphone stolen, tried calling it from several phones and it was turned off. Soon after all phones get an SMS with a phishing link that tell you to login so that you can see where your phone is.
A 🧵with a (not so deep) dive in a panel ->
1
9
19
As my grandma used to say: If you remove the don't drink it warning from the bleach bottles, we will have a lot less idiots in a year...
1
2
15
Σοκ παιδιά είναι όταν είναι πρώτη φορά. Όταν ΔΟΛΟΦΟΝΕΙΤΑΙ και εισαγγελέας λέει πλημέλλήμα, και όταν πέσιμο σε άσχετους το ξεπλένετε σαν "συμπλοκή" γιατί το ρούβλι στο μεντεγίν της ελλάδας είναι πολύ, δεν έχετε δικαίωμα να σοκάρεστε. Συλλυπητήρια στη οικογένεια.
Έγινε μια, έγινε δύο και θα ξαναγίνει. Γιατί; Γιατί κάποιοι λειτουργούν με πλάτες. Καμία οπαδική συμπλοκή. Συνεχίστε να τους κοιτάτε μαλάκες
0
44
130
0
10
16
So its one of those days , that
@cybergibbons
asks you about an API and you end up with a legitimate function that is named "crash server"...
Why do you do this to yourself and your products ?
1
1
17
API developers that think passing raw sql as a parameter is a good idea. ITS NOT. It never is. It never was. And it will NEVER BE. On a totally unrelated note, you should also have a daily backup.
3
3
16
- What do you do for a living Dad ?
- Finding IDORs and holes in clouds mainly.
- Clouds as in the sky ?
- NO
- So your name is Jesus ?
- NO
- So you can manipulate everything over...
- NO
- Can I watch "Cloudy with a Chance of Meatballs" ?
- Yes
Grandstream provide IP video, voice, Wi-Fi & related services and equipment around the world. Our
@evstykas
had a look at their GWN Cloud management platform...
'Cloud-y, with a chance of hacking all the wireless things'
#IDOR
#VulnerabilityDisclosure
0
5
5
0
0
14
So luckily enough we have an unobfuscated app from Xiaomi to better understand what is going on :). Hooray! Coffee refill and let's see.
1
0
16
I can only guess why this is done (GDPR might ring a bell), but I have to give extra credit that the developer went the extra mile and said that "if the country is empty lets assume he is in the EU just to be safe"
1
1
15
So mint launcher RegionUtil seems an awful lot like Mint browser C0872b obfuscated class. We can assume that m1555a is the isInEurRegion
1
0
15
So
@olihough86
gave us this really nice gift of bad code annd I have 20 minutes free before kiddos undestand I am not actually working so lets download the source and see what the heck is wrong with this :)
Gather around folks that gonna be FUN!
1
3
14
Another thing I really cannot understand is why you need the name of the theme that I use, and If I am using a custom personal wallpaper.
1
1
13
So this is my weeks office outfit... It seems we did a thing again...
@TheKenMunroShow
@ghostie_
&
@ZephrFish
4
0
15
So I had a great time presenting stuff we found through the year with
@tautology0
at
@BSidesAth
. First talk of a series that is coming... Need to up my skills on speaking!
1
2
15
#bsidesberlin
and Berlin in general were epic! Really happy that I was able to present my C2 research for the last time. Next one is
@BSidesLondon
and connected chaos !
1
0
16
Thanks for having me
@BSidesRoma
! A ready nice event with a lot of interesting talks. Next stop
@BSidesCymru
!
0
5
16
Keep in mind that the music and shareme apps seem to have over 100 million downloads on Google play store so this is a rather big userbase that is affected.
1
2
12
All your building are belong to us... As always with a simple IDOR that lead to platform admin.
1
2
16
So 2020 goal was to prove to myself that I can get some certifications. OSCP done. Azure fundamentals done. AWAE starting this week. Lets see how many I can do by end of this year :)
0
0
15
The day that
@cybergibbons
and
@TheKenMunroShow
said "oh FUCK!" came. That's going to be extra fun!
0
0
13
Third
@BSidesCymru
was awesome! Electryone was well received :) Next one is bsides Sofia I guess :)
0
0
15
Is it moraly ok to drop a 0 day to take over ~400k devices when the vendor accepts "only bug bounty vendor" reports ? Asking for a friend.
8
0
15
Bsides Dublin next week and its going to be St. Particks week! Hooray!
2
4
15
Today is one of the "no cyber" and "no hack" nice Mondays I guess...
2
0
14
The application has the same issue that your browser had back in March and
@cybergibbons
reported it, but it's a little bit worse. Would definitely want to see your opinion of this "non issue" again
2
2
13
My wifes car has an app!
We all know how this is going to end...
2
0
14
Back home after a really nice
#BsidesLDN2022
!
Really happy that I saw so many people yesterday (and sorry I missed people that I shouldn't!)
Next one is
@BSidesRoma
!
1
0
14