Research & Writeups

From the Lab

Security research, vulnerability analysis, and technical writeups from real engagements and lab work.

P25 Side-Channel Fingerprinting from Control Channel Metadata

Building radio fingerprints from timing, power, and IQ features without decrypting a single voice frame. A passive analysis technique using commodity SDR hardware.

Coming Soon AI Security

MCP Tool Poisoning: When Your AI Calls the Wrong Function

Auditing 158 MCP tools for injection vectors — prompt poisoning, parameter manipulation, and exfiltration paths.

Coming Soon Wireless

WPA3 SAE Downgrade Resistance on Modern Clients

Testing Samsung S24 resistance to concurrent deauth and CSA attacks with PMF enabled. Spoiler: the client is immune.

Coming Soon Network

Residential Network Segment Audit: What Your ISP Left Open

A methodical audit of a Cox residential segment — gateway, switch, NAS, smart TV, and everything in between.

Coming Soon RF/SDR

P25 Encryption Mapping: Identifying Cipher Usage Across a Simulcast System

Passive identification of DES-OFB, AES-256, and cleartext talkgroups using control channel metadata and ESS analysis.

Coming Soon Writeup

Evil Portal Credential Capture: Design, Deploy, Detect

Building pixel-perfect captive portals, deploying on a WiFi Pineapple, and documenting the detection signatures defenders should look for.

Coming Soon AI Security

Stingray Simulation with srsRAN: Building a Rogue Base Station for IMSI Detection Research

Configuring srsRAN on a USRP B210 to simulate a rogue eNodeB — and testing Rayhunter detection capabilities.

Have a Vulnerability to Report?

We do responsible disclosure. If you've found something, reach out.