Dark Mentor LLC
@darkmentor.com
Specializing in full-stack bluetooth security, firmware security, and security education.
Pinned
Dark Mentor LLC
@darkmentor.com
· Apr 11
Bluetooth Low Energy - Full Stack Attack | Dark Mentor LLC
4 day class covering the full Bluetooth Low Energy (BLE) protocol stack from the bottom (PHY) up to the top (GATT). The core of the class is built around playing with a game application on an Android ...
darkmentor.com
Bluetooth Low Energy - Full Stack Attack 4-day public and private training outline here: darkmentor.com/training/ble...
Reposted by Dark Mentor LLC
🧵I originally started working on Blue2thprinting to try and figure out where @veronicakovah.bsky.social's over-the-air exploits against Texas Instruments & Silicon Labs (darkmentor.com/publication/...) applied...
September 8, 2025 at 10:05 AM
🧵I originally started working on Blue2thprinting to try and figure out where @veronicakovah.bsky.social's over-the-air exploits against Texas Instruments & Silicon Labs (darkmentor.com/publication/...) applied...
Reposted by Dark Mentor LLC
📣"Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" is now released!📣
ost2.fyi/BT2222
This class teaches you about the 30+ data types that the Blue2thprinting software can collect for when you're trying to determine what a device is, and whether it has any known vulnerabilities.
ost2.fyi/BT2222
This class teaches you about the 30+ data types that the Blue2thprinting software can collect for when you're trying to determine what a device is, and whether it has any known vulnerabilities.
September 8, 2025 at 9:23 AM
📣"Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" is now released!📣
ost2.fyi/BT2222
This class teaches you about the 30+ data types that the Blue2thprinting software can collect for when you're trying to determine what a device is, and whether it has any known vulnerabilities.
ost2.fyi/BT2222
This class teaches you about the 30+ data types that the Blue2thprinting software can collect for when you're trying to determine what a device is, and whether it has any known vulnerabilities.
Reposted by Dark Mentor LLC
🧵Those "hacked" crosswalk buttons last week were most likely just things that hadn't changed the default password (from "1234"), and then someone used the Polara app to upload new audio. Today I decompiled the Android app and added the UUIDs to CLUES: github.com/darkmentorll...
April 21, 2025 at 12:34 AM
🧵Those "hacked" crosswalk buttons last week were most likely just things that hadn't changed the default password (from "1234"), and then someone used the Polara app to upload new audio. Today I decompiled the Android app and added the UUIDs to CLUES: github.com/darkmentorll...
Reposted by Dark Mentor LLC
Sometimes @veronicakovah.bsky.social is too humble, to her detriment... I wanted her to say "and we're Bluetooth hackers!" but she said that felt too cocky (despite the fact that she has multiple over the air BT RCE firmware exploits... ¯\_(ツ)_/¯)
In this video @xenokovah.bsky.social and I give a quick overview of some of the material covered in our "Bluetooth Low Energy: Full Stack Attack" class, which will be delivered at the upcoming hardwear.io USA May 27-29 hardwear.io/usa-2025/tra...
www.youtube.com/watch?v=uuyX...
www.youtube.com/watch?v=uuyX...
"Blueooth Low Energy: Full Stack Attack" Trailer Hardwear.io
YouTube video by DarkMentorLLC
www.youtube.com
April 18, 2025 at 12:07 PM
Sometimes @veronicakovah.bsky.social is too humble, to her detriment... I wanted her to say "and we're Bluetooth hackers!" but she said that felt too cocky (despite the fact that she has multiple over the air BT RCE firmware exploits... ¯\_(ツ)_/¯)
Reposted by Dark Mentor LLC
In this video @xenokovah.bsky.social and I give a quick overview of some of the material covered in our "Bluetooth Low Energy: Full Stack Attack" class, which will be delivered at the upcoming hardwear.io USA May 27-29 hardwear.io/usa-2025/tra...
www.youtube.com/watch?v=uuyX...
www.youtube.com/watch?v=uuyX...
"Blueooth Low Energy: Full Stack Attack" Trailer Hardwear.io
YouTube video by DarkMentorLLC
www.youtube.com
April 18, 2025 at 12:05 PM
In this video @xenokovah.bsky.social and I give a quick overview of some of the material covered in our "Bluetooth Low Energy: Full Stack Attack" class, which will be delivered at the upcoming hardwear.io USA May 27-29 hardwear.io/usa-2025/tra...
www.youtube.com/watch?v=uuyX...
www.youtube.com/watch?v=uuyX...
Bluetooth Low Energy - Full Stack Attack 4-day public and private training outline here: darkmentor.com/training/ble...
Bluetooth Low Energy - Full Stack Attack | Dark Mentor LLC
4 day class covering the full Bluetooth Low Energy (BLE) protocol stack from the bottom (PHY) up to the top (GATT). The core of the class is built around playing with a game application on an Android ...
darkmentor.com
April 11, 2025 at 1:07 PM
Bluetooth Low Energy - Full Stack Attack 4-day public and private training outline here: darkmentor.com/training/ble...
Reposted by Dark Mentor LLC
. @VeronicaKovah.bsky.app and I have a new class on Bluetooth Low Energy security which we're teaching at @hardwear-io.bsky.app May 27-29: hardwear.io/usa-2025/tra.... In the class we walk through the entire BLE stack to show you where all the bodies (and attack surfaces) are buried.💀
Bluetooth Low Energy - Full Stack Attack | Veronica & Xeno Kovah | hardwear.io USA 2025
In this training by Veronica Kovah & Xeno Kovah, you will learn how to use fault-injection to do just that. You will learn how to use techniques such as crowbar glitching, spiking and electro-magnetic...
hardwear.io
April 7, 2025 at 12:18 PM
. @VeronicaKovah.bsky.app and I have a new class on Bluetooth Low Energy security which we're teaching at @hardwear-io.bsky.app May 27-29: hardwear.io/usa-2025/tra.... In the class we walk through the entire BLE stack to show you where all the bodies (and attack surfaces) are buried.💀
Reposted by Dark Mentor LLC
🔵🦷🔒📈🆙🧵‼️
Bluetooth Security Timeline Update Thread!
👇
Bluetooth Security Timeline Update Thread!
👇
April 11, 2025 at 11:24 AM
🔵🦷🔒📈🆙🧵‼️
Bluetooth Security Timeline Update Thread!
👇
Bluetooth Security Timeline Update Thread!
👇
Reposted by Dark Mentor LLC
My talk "Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability" is now posted here darkmentor.com/publication/..., and the @districtcon.bsky.social video has also been posted www.youtube.com/watch?v=pJgi...
April 11, 2025 at 10:41 AM
My talk "Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability" is now posted here darkmentor.com/publication/..., and the @districtcon.bsky.social video has also been posted www.youtube.com/watch?v=pJgi...
Reposted by Dark Mentor LLC
I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice, which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. https://darkmentor.com/blog/esp32_non-backdoor/
The ESP32 "backdoor" that wasn't | Dark Mentor LLC
4 day class covering the full Bluetooth Low Energy (BLE) protocol stack from the bottom (PHY) up to the top (GATT). The core of the class is built around playing with a game application on an Android phone, talking via Bluetooth to an IoT-type piece of hardware, and analyzing the communication between them. The 4th day is focused on assessing a cutomized Ultra-Vulnerable Peripheral firmware, running on Zephyr RTOS, which has had vulnerabilities introduced into it which are representative of vulnerabilities found in the past across many other platforms.
darkmentor.com
March 9, 2025 at 12:50 PM
I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice, which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. https://darkmentor.com/blog/esp32_non-backdoor/
Reposted by Dark Mentor LLC
@shmoocon.bsky.social is dead. Long live ShmooCon!
But what’s past is prolog and I’m off to check the vibe at @districtcon.bsky.social today (and speak tomorrow) and see if it’s picking up the baton.
But what’s past is prolog and I’m off to check the vibe at @districtcon.bsky.social today (and speak tomorrow) and see if it’s picking up the baton.
February 21, 2025 at 1:08 PM
@shmoocon.bsky.social is dead. Long live ShmooCon!
But what’s past is prolog and I’m off to check the vibe at @districtcon.bsky.social today (and speak tomorrow) and see if it’s picking up the baton.
But what’s past is prolog and I’m off to check the vibe at @districtcon.bsky.social today (and speak tomorrow) and see if it’s picking up the baton.
Reposted by Dark Mentor LLC
@veronicakovah.bsky.social and I have too much material for our 4-day BLE training at RingZer0. So I made a separate free workshop. If you’re in attendance you’ll get to go deep into BLE device identification and 2thprinting! https://ringzer0.training/bootstrap25-workshop-blue2thprinting/
Workshop: Blue2thprinting: identifying the form and function of the Bluetooth devices // Xeno Kovah
Right now you are enveloped in the warming glow of dozens to hundreds of Bluetooth devices. Aren’t you curious what all those little critters are?! In this workshop we’ll use the Blue2thprinting tools to poke at these apparitions and get a sense of what they are and what they want from us!
ringzer0.training
February 21, 2025 at 12:57 PM
@veronicakovah.bsky.social and I have too much material for our 4-day BLE training at RingZer0. So I made a separate free workshop. If you’re in attendance you’ll get to go deep into BLE device identification and 2thprinting! https://ringzer0.training/bootstrap25-workshop-blue2thprinting/
Reposted by Dark Mentor LLC
Last bump for @veronicakovah.bsky.social and my “Bluetooth Low Energy: Full Stack Attack” training March 18th-21st in Austin TX at RingZer0! https://ringzer0.training/bootstrap25-bluetooth-low-energy-full-stack-attack/
These interactions between the BT host and controller is just 3 slides!
These interactions between the BT host and controller is just 3 slides!
February 21, 2025 at 12:39 PM
Last bump for @veronicakovah.bsky.social and my “Bluetooth Low Energy: Full Stack Attack” training March 18th-21st in Austin TX at RingZer0! https://ringzer0.training/bootstrap25-bluetooth-low-energy-full-stack-attack/
These interactions between the BT host and controller is just 3 slides!
These interactions between the BT host and controller is just 3 slides!
Reposted by Dark Mentor LLC
🔵🦷Bluetooth Timeline darkmentor.com/bt.html update thread!🧵
Bringing you 7 new talks from 2024 (including one from today @ CCC!) and 7 from prior years
👇
Bringing you 7 new talks from 2024 (including one from today @ CCC!) and 7 from prior years
👇
Bluetooth Security Timeline — By @XenoKovah of @DarkMentorLLC
darkmentor.com
December 29, 2024 at 11:00 PM
🔵🦷Bluetooth Timeline darkmentor.com/bt.html update thread!🧵
Bringing you 7 new talks from 2024 (including one from today @ CCC!) and 7 from prior years
👇
Bringing you 7 new talks from 2024 (including one from today @ CCC!) and 7 from prior years
👇
@veronicakovah.bsky.social and @xenokovah.bsky.social Kovah will be presenting their new training "Bluetooth Low Energy - Full Stack Attack" for the second time ever at hardwear.io in Santa Clara CA May 27-29th 2025. hardwear.io/usa-2025/tra...
Bluetooth Low Energy - Full Stack Attack | Veronica & Xeno Kovah | hardwear.io USA 2025
In this training by Veronica & Xeno Kovah, you will learn how to use fault-injection to do just that. You will learn how to use techniques such as crowbar glitching, spiking and electro-magnetic fault...
hardwear.io
December 30, 2024 at 1:16 AM
@veronicakovah.bsky.social and @xenokovah.bsky.social Kovah will be presenting their new training "Bluetooth Low Energy - Full Stack Attack" for the second time ever at hardwear.io in Santa Clara CA May 27-29th 2025. hardwear.io/usa-2025/tra...
@veronicakovah.bsky.social and @xenokovah.bsky.social will be presenting for the first time ever their new training "Bluetooth Low Energy - Full Stack Attack" at RingZer0 Training in Austin TX March 18-21 2025. ringzer0.training/bootstrap25-...
Bluetooth Low Energy - Full Stack Attack
It's pretty fun to hack things wirelessly. And hey, it turns out there's literally *billions* of Bluetooth Low Energy (BLE) things sold per year, so let's learn how to hack those!
ringzer0.training
December 30, 2024 at 1:14 AM
@veronicakovah.bsky.social and @xenokovah.bsky.social will be presenting for the first time ever their new training "Bluetooth Low Energy - Full Stack Attack" at RingZer0 Training in Austin TX March 18-21 2025. ringzer0.training/bootstrap25-...
@xenokovah.bsky.social will be presenting "Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability" at districtcon.bsky.social Feb 22nd 2025 in Washington DC www.districtcon.org/bios-and-tal...
A year of updates to the Blue2thprinting code, including a new crowdsourcing capability.
A year of updates to the Blue2thprinting code, including a new crowdsourcing capability.
LinkedIn
This link will take you to a page that’s not on LinkedIn
lnkd.in
December 30, 2024 at 1:11 AM
@xenokovah.bsky.social will be presenting "Crowdsourcing Bluetooth identity, to understand Bluetooth vulnerability" at districtcon.bsky.social Feb 22nd 2025 in Washington DC www.districtcon.org/bios-and-tal...
A year of updates to the Blue2thprinting code, including a new crowdsourcing capability.
A year of updates to the Blue2thprinting code, including a new crowdsourcing capability.
2024-03-23 @xenokovah.bsky.social created "Architecture 1005: RISC-V Assembly" ost2.fyi/Arch1005 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
Architecture 1005 RISC-V Assembly Short URL Redirect
ost2.fyi
December 30, 2024 at 1:07 AM
2024-03-23 @xenokovah.bsky.social created "Architecture 1005: RISC-V Assembly" ost2.fyi/Arch1005 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
2023-11-02 @xenokovah.bsky.social presented "Blue2thprinting (blue-[tooth)-printing]: answering the question of 'WTF am I even looking at?!'" at Hardwear.io, and subsequently at H2HC and ShmooCon
The extended-cut (1.5h) video & slides are available here darkmentor.com/publication/...
The extended-cut (1.5h) video & slides are available here darkmentor.com/publication/...
Blue2thprinting (blue-[tooth)-printing]: answering the question of 'WTF am I even looking at?!'
| Dark Mentor LLC
If one wants to know (for attack or defense) whether a Bluetooth (BT) device is vulnerable to unauthenticated remote over-the-air exploits, one needs to be able to query what firmware or OS the target...
darkmentor.com
December 30, 2024 at 1:07 AM
2023-11-02 @xenokovah.bsky.social presented "Blue2thprinting (blue-[tooth)-printing]: answering the question of 'WTF am I even looking at?!'" at Hardwear.io, and subsequently at H2HC and ShmooCon
The extended-cut (1.5h) video & slides are available here darkmentor.com/publication/...
The extended-cut (1.5h) video & slides are available here darkmentor.com/publication/...
2023-10-19 @xenokovah.bsky.social presented "Open Wounds: The last 5 years have left Bluetooth to bleed" at Hack.lu.
The conference video & slides are available here darkmentor.com/publication/...
The conference video & slides are available here darkmentor.com/publication/...
Open Wounds: The last 5 years have left Bluetooth to bleed
| Dark Mentor LLC
Over the past 20 years there have been 3 waves of Bluetooth (BT) security research. The first wave peaked in 2004, and rather abruptly ended after 2005. Then for a long time there was very low interes...
darkmentor.com
December 30, 2024 at 1:06 AM
2023-10-19 @xenokovah.bsky.social presented "Open Wounds: The last 5 years have left Bluetooth to bleed" at Hack.lu.
The conference video & slides are available here darkmentor.com/publication/...
The conference video & slides are available here darkmentor.com/publication/...
2023-08-24 @xenokovah.bsky.social presented "It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic..." at HITB PKT, and subsequently Hacktivity, HackFest.ca, NoHat, and SecTor.
The extended-cut (2h!) video & slides are available here darkmentor.com/publication/...
The extended-cut (2h!) video & slides are available here darkmentor.com/publication/...
It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic...
| Dark Mentor LLC
During the pandemic I took up Bluetooth (BT) sniffing as a way to get out of the house. I didn’t know what was out there for BT devices, but it felt important to know what the implications were of the...
darkmentor.com
December 30, 2024 at 1:06 AM
2023-08-24 @xenokovah.bsky.social presented "It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic..." at HITB PKT, and subsequently Hacktivity, HackFest.ca, NoHat, and SecTor.
The extended-cut (2h!) video & slides are available here darkmentor.com/publication/...
The extended-cut (2h!) video & slides are available here darkmentor.com/publication/...
2023-03-27 @xenokovah.bsky.social created "Vulnerabilities 1002: C-Family Software Implementation Vulnerabilities 2" ost2.fyi/Vulns1002 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
Vulnerabilities 1002 Short URL Redirect
ost2.fyi
December 30, 2024 at 1:04 AM
2023-03-27 @xenokovah.bsky.social created "Vulnerabilities 1002: C-Family Software Implementation Vulnerabilities 2" ost2.fyi/Vulns1002 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
2022-12-26 @xenokovah.bsky.social created "Hardware 1101: Intel SPI Analysis" ost2.fyi/HW1101 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
Hardware 1101 Short URL Redirect
ost2.fyi
December 30, 2024 at 1:04 AM
2022-12-26 @xenokovah.bsky.social created "Hardware 1101: Intel SPI Analysis" ost2.fyi/HW1101 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
2022-05-19 @xenokovah.bsky.social created "Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities 1" ost2.fyi/Vulns1001 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
Vulnerabilities 1001 Short URL Redirect
ost2.fyi
December 30, 2024 at 1:04 AM
2022-05-19 @xenokovah.bsky.social created "Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities 1" ost2.fyi/Vulns1001 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
2021-11-04 @xenokovah.bsky.social created "Architecture 4001: x86-64 Intel Firmware Attack & Defense" ost2.fyi/Arch4001 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social
Architecture 4001 Short URL Redirect
ost2.fyi
December 30, 2024 at 1:04 AM
2021-11-04 @xenokovah.bsky.social created "Architecture 4001: x86-64 Intel Firmware Attack & Defense" ost2.fyi/Arch4001 and donated the material under a CC-BY-SA license to @opensectraining.bsky.social