Another day, another not so boring phishing attempt. This time let’s dive into the analysis of a phishing attempt against a Portuguese volunteer association with a multi-hop infection chain designed to bypass most email phishing scanners.
I’m always amused by the smell of a fresh phishing email in the morning. And this time, a closer to home one, as I know the target company since I have a friend working there, namely, Uphold. So let’s dive right in.
On June 14, 2025, I organized a hardware hacking focused village as part of the ØxOPOSɆC Hack Day, and this is a post-mortem analysis of the village, focusing on some of the observations and common mishaps, and how to improve your journey in the hardware hacking world, especially from a beginner’s standpoint.
Some months ago I decided to finally acquire a weather station. Nothing fancy, just a cheap enough, no frills, weather station. As I wanted to have the least amount of trouble setting it up, I bought a WiFi-enabled unit, in a way I could stream the data, somehow, via Internet. However, things going smoothly is a rare sight, and there is always more to it. So let’s dive into how to stream data to the Internet with a not-so-WiFi-enabled station.
It all started with a QNAP NAS to backup my raw photography’s and have some way to store other media files. Then some smart home devices randomly appeared. And then some enhancements needed to be done to a proper way to stream audio and video to my LG dumb smart TV. Then an UPS to safekeep the system operation. And from simple things with simple goals, piece by piece, we end up with a complex soup of things that somehow work. This details what I call my current homelab, and gives the main ideas on how you can build one yourself… if you really want to.
Inspired by the blogpost My Red Team assessment hardware by David Sopas this post describes hardware tools that I have in my inventory, their purpose as well as the features/firmwares/tricks that motivated me to buy them. This is not intended to be an exhaustively detailed list, but I will try to give some rational and use-cases for each of the tools, as well as categorize them.
Well, I guess it is better late than never, so almost four months after the closing of the OPOSEC XMAS CTF Challenge Christmas 2022 this is my write-up on how I did manage to solve all the challenges and finish in the 4th place.
Some weeeks ago I’ve participated in the “Portuguese Cybersecurity Competition” organized by InvestAmarante and powered by hackrocks. Given that this was a begginer friendly (maybe too friendly…) Capture The Flag competition there were no major learning takeways, but it is always useful to pratice some old tricks and tools (and do some over-engineering… as always).