samy kamkar
@samykamkar
Followers
63,280
Following
3,535
Media
293
Statuses
3,944
think bad, do good. | | cofounder @openpathsec
los angeles
Joined June 2008
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Usyk
• 466888 Tweets
América
• 437465 Tweets
オークス
• 153566 Tweets
Luka
• 99505 Tweets
Mavs
• 86050 Tweets
Chivas
• 69423 Tweets
Kyrie
• 59964 Tweets
Mustafa Kemal Atatürk
• 46698 Tweets
Shai
• 39336 Tweets
Spor Bayramımız
• 37216 Tweets
ステレンボッシュ
• 26075 Tweets
#cgUT_福岡昼
• 22518 Tweets
BINISpecialTreat OnAsap
• 19052 Tweets
ライトバック
• 15064 Tweets
Chicharito
• 11638 Tweets
チェルヴィニア
• 11634 Tweets
ノースフライト
• 10751 Tweets
スウィープフィート
• 10143 Tweets
Last Seen Profiles
Pinned Tweet
I’m finally getting some decent results producing 100%-edible iridescent tempered chocolate. The colors are from the chocolate (not any ingredient or coating) diffracting light after being forcefully molded onto a diffraction grating in vacuum.
1K
8K
45K
I've released NAT Slipstreaming, a spooky new technique that allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website. Happy Halloween!
129
2K
5K
34
271
3K
As a high school dropout, I often struggle comprehending mathematical formulas from academic papers (aka numbers combined with squiggly lines). This github just explained so much to me:
32
770
2K
I've developed a new technique for bypassing firewalls/NATs and producing full TCP/UDP session to targeted user. Anyone have RCE for a service that's typically only run behind NATs (eg desktop software like Sonos, Spotify, Dropbox, etc which bind to *) and want to merge projects?
84
412
2K
I've released PoisonTap; attacks *locked* machines, siphons cookies, exposes router & backdoors browser w/RasPi&Node
89
756
1K
I've released webscan, a browser-based internal network scanner that detects victim's LAN IP (loops back via WebRTC) & other network hosts just by visiting a page. Can be chained w/NAT Slipstreaming+other attacks; works on mobile; no TURN/STUN/ICE needed.
35
342
1K
Sniff network traffic from your iOS device, no jailbreak necessary! Just plug into your mac and run: system_profiler SPUSBDataType|perl -0 -ne'/iP(?:hone|ad):.*?Serial Number: (\S+)/s?`rvictl -s $1`:0' ; sudo tcpdump -i rvi0 # standard tcpdump options/filters apply
10
359
1K
This is so deceptive. When you "disable" WiFi and Bluetooth in iOS Control Center and they gray out, they're technically still enabled. Even with Airplane Mode on, your device continues to transmit and your name can even be discovered nearby via AirDrop!
100
404
1K
Every time I attempt to code in a new language, "yeah, I totally got this"
22
136
924
Very cool, macOS now prevents (current) USBdriveby/Rubber Ducky attacks where USB device emulates keyboard to take control of system just by plugging in. I suspect this can be defeated by simulating a USB hub+mirrored monitor over USB, screen scraping to extract code, then typing
Usbdriveby: horrifying proof-of-concept USB attack
http://t.co/gpUhDY3BI3
http://t.co/EFWEn88Ebc
4
47
45
41
258
885
Ahh, fresh meat! Diablo (1996 game) by
@Blizzard_Ent
reverse engineered and released as an open source project, compilable onto modern hardware.
20
386
832
I've released frisky, a tiny collection of info, iOS tools for jailbreaking, examples of techniques to sniff/alter/reverse/inject code into closed-source mobile apps, etc, based off of the incredible work from
@fridadotre
and others.
8
369
826
@risknc
Yup, hard sugar candies would work really well and is an easier process. Much more common to see neat optical properties in those; chocolate just seemed more unique and ultimately was a much more challenging process (for me :)
8
9
783
I've drawn out the Contact Tracing spec (crypto/BLE/device/server) as it stands today from Apple & Google. Interesting way to anonymize+prevent tracking of users every 10mins until user opts-in to reveal themselves over past 14 days. Chart w/links avail @
18
337
765
@StrangeAttract5
I rather release full details (sort of did in the tweet) so anyone can make it. It's all yours.
18
5
717
I've released MagSpoof, which can wirelessly spoof credit cards/magstripes, disable Chip&PIN, and predict Amex cards
47
680
679
This is crazy. Australia banned & censors The Anarchist Cookbook, a book I grew up learning electronic attacks, surveillance techniques, and methods of detecting surveillance tools. I've published it at . I will leave it up unless any legal copyright claim.
27
210
641
Awesome! Vim has a built-in spellchecker that only spellchecks *comments* when writing code. :setlocal spell
17
133
593
Uber created a software upgrade (Android) using the signal to noise ratio of GNSS (including GPS) signals in conjunction with 3D maps to improve location accuracy in urban areas, like determining side of street from a weak, reflected signal off a building.
6
254
570
New technique for cracking WPA PSK passwords on 802.11i/p/q/r networks
4
233
494
@L_AGalloway
I saw 3D printing on diffraction grating a while back, tried it, worked really well (very poor print, but the effect worked well - black PLA). Thought it would be cool to do with food!
7
16
495
Created insulated ice tray to make clear ice via directional freezing. Ice freezes clear until water has no where to go/expand so insulating allows it to freeze top down while reservoir below the silicone tray w/holes becomes the cloudy portion, vs normal tray freezing outside in
19
21
463
Had opportunity to collab w/
@gregoryvish
&
@BenSeri87
of
@ArmisSecurity
, releasing NAT Slipstreaming v2, an upgraded technique that allows attacker to remotely access any TCP port bound to *any system* behind victim's NAT just by victim visiting a website.
16
162
447
Old fashioned + maraschino cherry spheres that explode in your mouth! I've improved & sped up the reverse spherification process by using cryobath (dry ice + ethanol) to freeze the alcoholic shots, pull vacuum on alginate bath to remove bubbles in minutes & sweetened the alginate
22
19
441
@cybergibbons
Simple tool I wrote for comparing binary strings between each other, as well as against other groups of binary strings. Used primarily in proprietary protocol research
7
68
383
Get your NAND game on. Build a 16-bit computer starting from just NAND gates (which in reality you can build from just two relays) in this online game:
10
125
373
I've released
http://t.co/OLldCUqn7i,
a camouflaged USB charger+Arduino to sniff Microsoft wireless keyboards. SMSs & logs keystrokes online
30
410
362
Circuit Coder was an absolutely awesome iOS game that gamified and taught building circuits and logic components from scratch. It's no longer available. Does anyone know the author(s) from Tricycle Design HB? I'd like to help get it back up.
14
97
354
First time successfully evaporating aluminum in home built vacuum chamber! Test coated acrylic disc as a mirror. Now to get reflectivity/transmission measurement going in vacuum to build controlled beamsplitters for single-photon experiment similar to Elitzur–Vaidman bomb tester
12
31
350
Your devices' components reveal your passwords through sound.
7
56
311
I’ve released USBdriveby: device to weaponize mouse clicks, evade firewall, install backdoor & reroute DNS in seconds
http://t.co/Bg8q4hrkXD
22
290
286
Built a Raman spectrometer for chemical analysis based on the awesome
@openraman
project; new optical breadboard design w/performant components to augment more + quick alignment. Exciting to "see" light change color via Raman scattering! Example acetone spectra vs public db's
11
45
274
Got an NFC continuous glucose monitor out of curiosity to see how food (read: pints of Ben & Jerry's Half Baked) affects my glucose & if linked to mood/energy/hangry. Swapped the sensor, Abbott Freestyle Libre CGM, last night and did a quick teardown and X-ray. IC: RF430TAL152H
13
30
270
Want to actually *see* the data on your credit card or magstripe? You can with the naked eye
10
250
259
Current Bluetooth research using the latest in Faraday cage technology. From Ikea.
http://t.co/QAcpcVp74M
18
156
252
This was released 20 years ago. Unfortunately no one can be told what the Matrix is. You have to see it for yourself.
9
47
233
v1 of my design of a mechanical Wimshurst high voltage electrostatic generator. No magnets. Instead of Leyden jars, a single aluminum sheet in the base acts as a capacitor plate to 2 plates in the sides. Sides detach to move the 10s of kilovolts of charge to other HV projects.
10
16
226
I've released OpenSesame, a new vulnerability that can open fixed code garages in under 10 seconds with a Mattel toy
15
249
222
@matthew_d_green
In addition to phones tracking routers! When I first reverse engineered iOS, Android & Windows (RIP) in 2011, they all sent wifi MACs+RSSI strength of all nearby routers+GPS to parent companies correlating routers to location. iOS sent cell tower+MACs even w/Location Services off
10
66
216
Take a look at this IP address.
http://31.10.590
Before you tell me that it's invalid and won't work, try it.
110
407
1K
11
37
212
I've released SkyJack, a RasPi drone that seeks out and hacks drones, turns them into zombie drones that you control.
http://t.co/o3VVtKpLZp
45
400
207
Had a lot of fun on
@WIRED
's "5 Levels" discussing hacking, its various techniques, and some underlying principles, with increasing levels of complexity from a child (Level 1) to an expert (Boss Level,
@colinoflynn
)
5
35
203
Blow out an LED!
@hackaday
just ran article on blowing out an LED with a resistor & microcontroller. You can get rid of the resistor and just use internal pullup! Temperature affects diode (LED) voltage drop, thus measurable by the MCU's ADC across pullup.
5
28
200
@LoialOtter
I didn't get as much optical vibrance without the vacuum chamber. My guess is that air was being trapped in the rulings between the grating and chocolate, but this is just a guess. Yup, tempered with 2/3rds at 41-45°C, mixed other 1/3rd in till reached 30°C, then cast
3
8
200
Life tip. When waiting for your flight and watching your phone to see if departure time is close, make sure you’re not staring at a screenshot from an hour ago.
12
4
187
I've released
http://t.co/AyMPUMFeMr,
an open, more advanced
#ProxyHam
device. Proxies wifi2radio 10km+&serializes a shell GLOBALLY over GSM
10
220
189
Cool to see Lenz's law in action w/o enveloping the magnet. I cut away part of a copper tube for full view of Neo the magnet on its journey as it induces current in the conductive partial-tube (Henry/Faraday) which in turn generates a magnetic field (Oersted), opposing Neo here
5
21
187
Amazing work from
@axi0mX
with first iPhone bootrom exploit since 2010. Sets stage for permanent and *unpatchable* jailbreak, affects iPhone 4S through X (A5-11).
3
30
185
Amazing YouTube channel from Michel van Biezen with playlists teaching various areas of math, physics, mechanical engineering, chemistry, astronomy, and more! It's so good.
2
34
190
@mikko
I now exchange leftover currency onto my Starbucks gift card. Holds value, internationally accepted, and no fees!
8
13
189
Excited to have just raised a $20 million funding round with an amazing team
@Openpathsec
! Stepping up our security, research and dev
23
21
189
You enter password to decrypt email (PGP w/RSA). CPU instructions executed based on the key, diff instructions = diff power. Power delivered to capacitors+inductors produce electro+magnetostrictive+piezoelectric effects, Lorentz force, others. Components vibrate the key under EM!
7
23
181
Making liquid nitrogen @ home by extracting nitrogen from air (adsorbing O2) & pumping into cryocooler (~77K!) extracted from superconducting RF filter. Next up, liquid cooling the cryocooler to remove (loud) fan and producing pressure swing adsorption system to run indefinitely
7
16
178
Amazing. Created by
@redpepper
using
@Raspberry_Pi
,
@GCPcloud
's AutoML, and
@UFACTORY_UF
's uArm Swift Pro & uArm Vision Camera Kit
3
31
174
GPU Accelerated JavaScript (perform massively parallel GPGPU computations using WebGL):
7
75
174
@Viss
@gsuberland
After failures attempting lasing gratings, finally designed mold in
@adskFusion360
, laser cut acrylic plates (variable thickness) w/
@glowforge
, turned rods w/Grizzly G0765, CNCd diffraction grating w/
@Inventables
Carvey, tempered+pressure injected chocolate, pulled vacuum @ 4torr
10
24
173
Press F12 to pay respects.
Journalist won't be prosecuted for pressing 'view source'
11
72
214
5
21
167
@gsuberland
If refrigerated, it persists. I'm guessing it will melt away at room temp somewhat quick, but longer now that I'm tempering it. That image is from chocolate that was in the fridge for a few days.
3
1
164
tty tip: if your terminal is out of whack after accidentally cat'ing binary, run `reset` to fix the crazy characters
9
30
165
@femtoduino
I actually think that's a great question...not everyone will like it, but that may be a good filter to find a place where respectful debate/challenge is accepted despite hierarchy (though I would answer their question first)
5
3
158
I've revealed OwnStar, a device that intercepts OnStar RemoteLink mobile app and can locate/unlock/remote start cars
11
227
152
Cool idea, an anti-forensic tool that shuts down your computer if USB is tampered with (eg w/a mouse jiggler)
11
84
152
@atomicthumbs
Do you know which is the most common device going into this recycle mode? I'd like to purchase a non-recycled one and investigate liberation from recycle mode.
13
6
148
Older versions of iOS are (accidentally?) currently signed by Apple, meaning you can *downgrade* for the first time! if you want to jailbreak, downgrade to a jailbreakable version right now!
7
107
146
Woot! Excited to launch our product today and work with such an amazing team at
@OpenpathSec
on fun hardware, software & research!
23
26
147
Is anyone familiar with tools to perform out-of-band snooping+modification of AV signals for HDMI? Seems like it would be an effective game cheat tactic, eg adding improved/assisted zoom on weapons, improved contrast, HUD locating surround-sound sonic signatures of footsteps, etc
14
15
142
I want a book-reading vid-chat group where you jump in/out @ any time to read quietly near others. Host always playing lofi hip hop, can be muted/unmuted, and you'd just hear people flipping through pages/(dry)coughing. Take a break in the text chat to share your book/chit-chat.
15
7
141
I discovered a ridiculously simple way to defeat motion-sensor secured doors with canned air
5
119
140
Wow. 3D printed, 30-watt hand cranked power generator by Even Erichsen -- so cool!
1
100
134
I want a `DT` (Do Track) HTTP header. If I'm using the browser where I *do* want cookies, I don't want to click 'Accept cookies' from the legit sites I visit. I'm really over those popups as "malicious" trackers will track you regardless via fingerprinting, evercookie, etc
9
30
130
Ah, so that’s what those mean.
3
18
133
Cool to see how simple the mechanism of a rotary vane vacuum pump is & that there’s no such thing as “sucking”. As rotor+spring loaded vanes turn, one side volume increases/pressure lowers. Inlet wants to equalize pressure so air rushes in then gets compressed/pushed out exhaust.
3
9
132
Love it! Half-duplex version:
perl -ne'$,=":44"x5;map{`sudo packit -minject -tarp -e44$, -E$_ 2>&1`}join":",map{unpack"H2",chr(ord()<<1|1)}split//,$&.$/."\0"x4,6while+s/.{1,6}//'
sudo tcpdump -le ether host 444444444444|perl -ne'/> (\S+)/;print+map+chr(hex()>>1),split/:/,$1'
dst2dst, a multicast chat protocol tunneled over any ethernet frame and bounced off the router
10
66
393
2
15
129
@annewils0n
@PlanetaryPiggy
I couldn't tell it was any different on my tongue. I licked the grating just now & also can't tell it's any diff from non-ruled side. Only way I can tell which side is which is by rubbing finger to produce squeak sound. Gratings are ~2µm. Wonder how the freq of sound is related?
2
4
130
Whoa, nondestructive detection of single photons (QND)! Can this break BB84 quantum crypto protocol? Polarizing beamsplitter->45˚ PBS @ outputs->QND (det|refl)ectors @ outputs; recover *both* basis states based on detector! Going to need a bigger kitchen.
12
17
126
@elonmusk
Would love to join and contribute. Happy to demonstrate some potential attacks and solutions!
8
2
125
Best starting word for Wordle is "ALTER", tested by getting most used letters in its dictionary, finding word w/each unique letter & most letters in most likely positions: curl |perl -ne'/=\[".*?\]/;$.{$_}++for$&=~/\w/g;print+(sort{$.{$b}-$.{$a}}%.)[0..5]'
10
16
126
Very cool, Arduino has a yield() function built into delay -- if you overload yield() with your own function, it will run *during* delay()s without need for interrupts or any other code changes!
1
19
122
There was a petition to make "hella" an official SI unit prefix for 10^27. The International Bureau of Weights and Measures were not impressed, but Google and Wolfram Alpha adopted this useful multiple.
6
40
113
Whoa, I just created a free
@ComedyCentral
account with a never-before-used email in a private browser window, and it showed me a CNC milling machine advertisement (I have two CNCs) which they'd never show a generic audience. Thoughts on how? Only IP address seems reasonable...
37
24
115
I've released C-C-C-Combo Breaker! A motorized, portable, 3D printed, Arduino-based, open source combo lock cracker:
http://t.co/WMuFxfGhQX
16
97
117