Eric Gragsone
@virusfriendly.deadpacketsociety.net
IoT and Embedded Systems Vulnerability Researcher. Specializing in Network/RF Communications and reverse engineering Firmware
https://deadpacketsociety.net/
https://deadpacketsociety.net/
Pinned
I was a teen in the 90s, consuming the Cyberpunk worlds of Gibson and Sterling. Hacking was about having a deep understanding of the the systems that operate our cities. Having the power to hack traffic lights and office buildings. As an adult, my research is still focused on Cyber-physical systems.
Sometimes I think about changing my handle...
December 18, 2025 at 1:52 PM
Sometimes I think about changing my handle...
@anduriltech.bsky.social When are you going to start releasing Aim Bots and Wall Hacks for IRL CoD?
December 15, 2025 at 8:23 PM
@anduriltech.bsky.social When are you going to start releasing Aim Bots and Wall Hacks for IRL CoD?
December 15, 2025 at 12:58 AM
@humblebundle.com is having a @nostarchpress.bsky.social book bundle. I own several books already, but what a great time to pick up a few more and help out @eff.org
www.humblebundle.com/books/hackin...
www.humblebundle.com/books/hackin...
Humble Tech Book Bundle: Hacking by No Starch
Turn your curiosity about computer hacking into a fast-paced, proven, and practical career with the latest Humble Tech Book Bundle!
www.humblebundle.com
December 13, 2025 at 4:17 AM
@humblebundle.com is having a @nostarchpress.bsky.social book bundle. I own several books already, but what a great time to pick up a few more and help out @eff.org
www.humblebundle.com/books/hackin...
www.humblebundle.com/books/hackin...
Watched a SentinelOne EDR agent analysis by Matthieu Barjole It's a short video
Key takeaways include:
- Identifying UTF-16 XOR
- Exploiting wildcards in exclusions to bypass EDRs
- Register your own agents to swamp the soc with fake alerts
#Infosec #hacker #talks www.youtube.com/watch?v=4thn...
Key takeaways include:
- Identifying UTF-16 XOR
- Exploiting wildcards in exclusions to bypass EDRs
- Register your own agents to swamp the soc with fake alerts
#Infosec #hacker #talks www.youtube.com/watch?v=4thn...
Matthieu Barjole lightning talk: Bypassing EDRs SentinelOne agent analysis
YouTube video by x33fcon
www.youtube.com
December 11, 2025 at 3:20 PM
Watched a SentinelOne EDR agent analysis by Matthieu Barjole It's a short video
Key takeaways include:
- Identifying UTF-16 XOR
- Exploiting wildcards in exclusions to bypass EDRs
- Register your own agents to swamp the soc with fake alerts
#Infosec #hacker #talks www.youtube.com/watch?v=4thn...
Key takeaways include:
- Identifying UTF-16 XOR
- Exploiting wildcards in exclusions to bypass EDRs
- Register your own agents to swamp the soc with fake alerts
#Infosec #hacker #talks www.youtube.com/watch?v=4thn...
Just watched Breaking Client-Side Encryption for Bounties by Samuel Orellana (aka: samux)
Key takeaways include:
- Identifying commonly used JS Crypto Libraries
- Quick review of JS tracing
- Real world scenarios where JS crypto is being used
#Javascript #Crypto www.youtube.com/watch?v=-f4p...
Key takeaways include:
- Identifying commonly used JS Crypto Libraries
- Quick review of JS tracing
- Real world scenarios where JS crypto is being used
#Javascript #Crypto www.youtube.com/watch?v=-f4p...
Breaking Client-Side Encryption for Bounties - Samuel Orellana (aka: samux)
YouTube video by Ekoparty Security Conference
www.youtube.com
December 10, 2025 at 3:21 PM
Just watched Breaking Client-Side Encryption for Bounties by Samuel Orellana (aka: samux)
Key takeaways include:
- Identifying commonly used JS Crypto Libraries
- Quick review of JS tracing
- Real world scenarios where JS crypto is being used
#Javascript #Crypto www.youtube.com/watch?v=-f4p...
Key takeaways include:
- Identifying commonly used JS Crypto Libraries
- Quick review of JS tracing
- Real world scenarios where JS crypto is being used
#Javascript #Crypto www.youtube.com/watch?v=-f4p...
Ekoparty posted a bunch of talks. Here are the top 4 I plan to watch... mainly because these are in English and my Spanish is basura.
Breaking Client-Side Encryption for Bounties www.youtube.com/watch?v=-f4p...
The Brute Art of Bypass www.youtube.com/watch?v=GZMS...
#Hacker #Infosec #Talks
Breaking Client-Side Encryption for Bounties www.youtube.com/watch?v=-f4p...
The Brute Art of Bypass www.youtube.com/watch?v=GZMS...
#Hacker #Infosec #Talks
Breaking Client-Side Encryption for Bounties - Samuel Orellana (aka: samux)
YouTube video by Ekoparty Security Conference
www.youtube.com
December 10, 2025 at 1:51 PM
Ekoparty posted a bunch of talks. Here are the top 4 I plan to watch... mainly because these are in English and my Spanish is basura.
Breaking Client-Side Encryption for Bounties www.youtube.com/watch?v=-f4p...
The Brute Art of Bypass www.youtube.com/watch?v=GZMS...
#Hacker #Infosec #Talks
Breaking Client-Side Encryption for Bounties www.youtube.com/watch?v=-f4p...
The Brute Art of Bypass www.youtube.com/watch?v=GZMS...
#Hacker #Infosec #Talks
Just finished watching The Perfect BLEnd by @rmast.bsky.social
Not my first bluetooth rodeo, but this talk still had some insightful ideas for me to add to my notes.
#BLE #IoT www.youtube.com/watch?v=vvpP...
Not my first bluetooth rodeo, but this talk still had some insightful ideas for me to add to my notes.
#BLE #IoT www.youtube.com/watch?v=vvpP...
The Perfect BLEnd: Reverse engineering a bluetooth controlled blender for better smoothies
YouTube video by BSidesLV
www.youtube.com
December 9, 2025 at 9:02 PM
Just finished watching The Perfect BLEnd by @rmast.bsky.social
Not my first bluetooth rodeo, but this talk still had some insightful ideas for me to add to my notes.
#BLE #IoT www.youtube.com/watch?v=vvpP...
Not my first bluetooth rodeo, but this talk still had some insightful ideas for me to add to my notes.
#BLE #IoT www.youtube.com/watch?v=vvpP...
TIL you can get fine resolution mouse coords via `LowLevelMouseProc()` and then use them to eavesdrop.
#DearSanta can I get a Metasploit payload for this?
www.tomshardware.com/tech-industr...
#DearSanta can I get a Metasploit payload for this?
www.tomshardware.com/tech-industr...
Motion sensors in high-performance mice can be used as a microphone to spy on users, thanks to AI — Mic-E-Mouse technique harnesses mouse sensors, converts acoustic vibrations into speech
This mouse has ears.
www.tomshardware.com
December 9, 2025 at 5:48 PM
TIL you can get fine resolution mouse coords via `LowLevelMouseProc()` and then use them to eavesdrop.
#DearSanta can I get a Metasploit payload for this?
www.tomshardware.com/tech-industr...
#DearSanta can I get a Metasploit payload for this?
www.tomshardware.com/tech-industr...
@bsideslv.org just posted videos from their conference. A lot of interesting topics, but here are the top 5 I'm looking at first
Reverse Engineering a Bluetooth Controlled Blender
www.youtube.com/watch?v=vvpP...
#InfoSec #Hacker #Talks #Bsides
Reverse Engineering a Bluetooth Controlled Blender
www.youtube.com/watch?v=vvpP...
#InfoSec #Hacker #Talks #Bsides
The Perfect BLEnd: Reverse engineering a bluetooth controlled blender for better smoothies
YouTube video by BSidesLV
www.youtube.com
December 9, 2025 at 1:53 PM
@bsideslv.org just posted videos from their conference. A lot of interesting topics, but here are the top 5 I'm looking at first
Reverse Engineering a Bluetooth Controlled Blender
www.youtube.com/watch?v=vvpP...
#InfoSec #Hacker #Talks #Bsides
Reverse Engineering a Bluetooth Controlled Blender
www.youtube.com/watch?v=vvpP...
#InfoSec #Hacker #Talks #Bsides
#vericoban now has data for the runners to steal!
December 4, 2025 at 3:03 AM
#vericoban now has data for the runners to steal!
The current working title for the cyberpunk game I'm working on is.... vericoban
December 3, 2025 at 5:41 PM
The current working title for the cyberpunk game I'm working on is.... vericoban
Added command shortening, so you can save your keyboard! Also, added the ability to supply a password that you learned from a friend, or just try to manually brute force it yourself. But trust me, the brute program is way more efficient at it.
December 3, 2025 at 3:55 PM
Added command shortening, so you can save your keyboard! Also, added the ability to supply a password that you learned from a friend, or just try to manually brute force it yourself. But trust me, the brute program is way more efficient at it.
Netrunner game now has some basic commands. Once I get a password, I'm able to move around the level. Both brute forcing and using the password raises the network's alert level.
December 3, 2025 at 12:54 AM
Netrunner game now has some basic commands. Once I get a password, I'm able to move around the level. Both brute forcing and using the password raises the network's alert level.
I've been writing a text based #cyberpunk netrunner game. Where you, the runner, explore corporate networks looking to exfiltrate data without alerting and being terminated by ICE.
No, not that ICE, the cool cyberpunk ICE
#gamedev
No, not that ICE, the cool cyberpunk ICE
#gamedev
December 2, 2025 at 7:49 PM
I've been writing a text based #cyberpunk netrunner game. Where you, the runner, explore corporate networks looking to exfiltrate data without alerting and being terminated by ICE.
No, not that ICE, the cool cyberpunk ICE
#gamedev
No, not that ICE, the cool cyberpunk ICE
#gamedev
Practicing prompt injection against this game gandalf.lakera.ai/gandalf
I was able to knock it out in an hour. I'm still not sure if it was that the levels were simple, or that I got teh mad skillz. Either way, it was fun to have some practice. Perhaps I'll try their other games. #promptInjection
I was able to knock it out in an hour. I'm still not sure if it was that the levels were simple, or that I got teh mad skillz. Either way, it was fun to have some practice. Perhaps I'll try their other games. #promptInjection
November 24, 2025 at 9:30 PM
Practicing prompt injection against this game gandalf.lakera.ai/gandalf
I was able to knock it out in an hour. I'm still not sure if it was that the levels were simple, or that I got teh mad skillz. Either way, it was fun to have some practice. Perhaps I'll try their other games. #promptInjection
I was able to knock it out in an hour. I'm still not sure if it was that the levels were simple, or that I got teh mad skillz. Either way, it was fun to have some practice. Perhaps I'll try their other games. #promptInjection
This is why I never code in C++
June 11, 2025 at 9:01 PM
This is why I never code in C++
March 29, 2025 at 4:11 PM
Found a rare payphone in the wild #phonespotting
March 20, 2025 at 4:14 PM
Found a rare payphone in the wild #phonespotting
Had a #meshtastic flyover recently. Sadly I wasn't monitoring chat at the time.
March 9, 2025 at 3:06 AM
Had a #meshtastic flyover recently. Sadly I wasn't monitoring chat at the time.
Reposted by Eric Gragsone
Things I did not have on my 2025 bingo card.
And I love #ESP32
www.bleepingcomputer.com/news/securit...
And I love #ESP32
www.bleepingcomputer.com/news/securit...
Undocumented "backdoor" found in Bluetooth chip used by a billion devices
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.
www.bleepingcomputer.com
March 8, 2025 at 7:00 PM
Things I did not have on my 2025 bingo card.
And I love #ESP32
www.bleepingcomputer.com/news/securit...
And I love #ESP32
www.bleepingcomputer.com/news/securit...
Here are screenshots of the #hackrf mayhem bug I was referring to. The left pic is a non-buggy feed with a range of 21Mhz. On the right is a buggy feed with a range of 20Mhz. This is not an artifact of using the web remote but mirrors what I'm seeing on the actual device.
January 26, 2025 at 8:00 PM
Here are screenshots of the #hackrf mayhem bug I was referring to. The left pic is a non-buggy feed with a range of 21Mhz. On the right is a buggy feed with a range of 20Mhz. This is not an artifact of using the web remote but mirrors what I'm seeing on the actual device.
