Learn
SSID Spoofing and Beacon Injection: How WiFi AP Spam Works
Beacon injection lets you broadcast dozens of fake SSIDs from a single ESP32 chip. Here's the technical mechanism, and why it can't steal traffic on its own.
SSID Spoofing and Beacon Injection: How WiFi AP Spam Works
Beacon injection lets you broadcast dozens of fake SSIDs from a single ESP32 chip. Here's the technical mechanism, and why it can't steal traffic on its own.
Evil Portal vs Captive Portal: What's the Difference?
Both serve web pages over a hosted AP, but they do very different things. Here's the technical and ethical distinction.
Evil Portal vs Captive Portal: What's the Difference?
Both serve web pages over a hosted AP, but they do very different things. Here's the technical and ethical distinction.
ESP32 Flash Memory and How Firmware Is Stored
How the ESP32 stores firmware, manages OTA slots, and enables rollback - a partition-level breakdown.
ESP32 Flash Memory and How Firmware Is Stored
How the ESP32 stores firmware, manages OTA slots, and enables rollback - a partition-level breakdown.
Beacon Frames and Probe Requests: How WiFi Discovery Works
Beacon frames and probe requests are the mechanism behind every WiFi connection. Here's what's actually inside them - and why AP Spam works.
Beacon Frames and Probe Requests: How WiFi Discovery Works
Beacon frames and probe requests are the mechanism behind every WiFi connection. Here's what's actually inside them - and why AP Spam works.
How the BLEShark Nano's ESP32 Handles WiFi and BLE Simultaneously
The ESP32-C3 has one radio. Here's how it manages WiFi and BLE at the same time - and where the limits are.
How the BLEShark Nano's ESP32 Handles WiFi and BLE Simultaneously
The ESP32-C3 has one radio. Here's how it manages WiFi and BLE at the same time - and where the limits are.
The OSI Model Explained With Real Security Attack Examples
The OSI model isn't just a textbook diagram. Every layer has real attacks against it. Here's all 7 layers with practical security examples - including where BLEShark Nano operates.
The OSI Model Explained With Real Security Attack Examples
The OSI model isn't just a textbook diagram. Every layer has real attacks against it. Here's all 7 layers with practical security examples - including where BLEShark Nano operates.
HID Injection: Why Your Computer Trusts Any Keyboard You Plug In
Your OS treats any device that says 'I'm a keyboard' as fully trusted input. No authentication, no sandbox, no questions asked. That's the root of every HID injection attack.
HID Injection: Why Your Computer Trusts Any Keyboard You Plug In
Your OS treats any device that says 'I'm a keyboard' as fully trusted input. No authentication, no sandbox, no questions asked. That's the root of every HID injection attack.
How Infrared Remote Controls Work: Modulation, Carrier Frequency, and Timing
Your TV remote uses invisible light pulses at 38kHz to send commands. Here's how IR modulation works, why carrier frequencies exist, and what the major protocols look like.
How Infrared Remote Controls Work: Modulation, Carrier Frequency, and Timing
Your TV remote uses invisible light pulses at 38kHz to send commands. Here's how IR modulation works, why carrier frequencies exist, and what the major protocols look like.
Bluetooth HID Protocol: How Keyboards Work Over Bluetooth (And Why That's a Problem)
The Bluetooth HID protocol lets any device act as a keyboard with zero authentication. Understanding how it works explains why Bad-BT attacks are so effective.
Bluetooth HID Protocol: How Keyboards Work Over Bluetooth (And Why That's a Problem)
The Bluetooth HID protocol lets any device act as a keyboard with zero authentication. Understanding how it works explains why Bad-BT attacks are so effective.
BLE Advertising Packets: How BLESpam Works at the Packet Level
Every BLE device announces itself by broadcasting advertising packets. Understanding their structure explains how BLESpam works - and why your phone falls for it.
BLE Advertising Packets: How BLESpam Works at the Packet Level
Every BLE device announces itself by broadcasting advertising packets. Understanding their structure explains how BLESpam works - and why your phone falls for it.
The WPA2 4-Way Handshake: A Step-by-Step Breakdown
The WPA2 4-way handshake is how WiFi devices prove they know the password without revealing it. Here's exactly what happens in each of the four messages.
The WPA2 4-Way Handshake: A Step-by-Step Breakdown
The WPA2 4-way handshake is how WiFi devices prove they know the password without revealing it. Here's exactly what happens in each of the four messages.
EAPOL Packets Explained: What They Are and How They're Structured
EAPOL packets carry the WPA2 handshake. Understanding their byte-level structure is essential for anyone doing wireless security research.
EAPOL Packets Explained: What They Are and How They're Structured
EAPOL packets carry the WPA2 handshake. Understanding their byte-level structure is essential for anyone doing wireless security research.
How 802.11 Management Frames Work (And Why They're a Security Problem)
802.11 management frames control how WiFi devices connect and disconnect. They're also completely unauthenticated - and that's the root of most wireless attacks.
How 802.11 Management Frames Work (And Why They're a Security Problem)
802.11 management frames control how WiFi devices connect and disconnect. They're also completely unauthenticated - and that's the root of most wireless attacks.
Bad Bluetooth (Bad-BT): What It Is and How to Test Your Defenses
Bad-BT uses Bluetooth HID injection to silently take over a device - no USB needed. Learn how it works, how to test your defenses, and how the on-device DuckyScript editor...
Bad Bluetooth (Bad-BT): What It Is and How to Test Your Defenses
Bad-BT uses Bluetooth HID injection to silently take over a device - no USB needed. Learn how it works, how to test your defenses, and how the on-device DuckyScript editor...
ESP32 for Security Research: Why Hackers Love This $3 Chip
The ESP32 is the go-to chip for wireless security research. Learn why hackers love it, what firmware powers it, and how BLEShark Nano's Shiver mesh takes it further.
ESP32 for Security Research: Why Hackers Love This $3 Chip
The ESP32 is the go-to chip for wireless security research. Learn why hackers love it, what firmware powers it, and how BLEShark Nano's Shiver mesh takes it further.
Captive Portals for Pentesting: What They Are and How to Use Them Responsibly
Learn how captive portal attacks work, why organizations must test for them, and how BLEShark Nano's Shiver mesh enables multi-node A/B testing.
Captive Portals for Pentesting: What They Are and How to Use Them Responsibly
Learn how captive portal attacks work, why organizations must test for them, and how BLEShark Nano's Shiver mesh enables multi-node A/B testing.
10 Things You Can Do With BLEShark Nano (That You Probably Didn't Know)
BLEShark Nano is more than a hacking tool. Discover 10 features - from BLE spam to WPA2 handshake capture - that make it the ultimate pocket gadget.
10 Things You Can Do With BLEShark Nano (That You Probably Didn't Know)
BLEShark Nano is more than a hacking tool. Discover 10 features - from BLE spam to WPA2 handshake capture - that make it the ultimate pocket gadget.
WiFi Deauth Attacks Explained: How They Work and How to Test for Them
Learn how WiFi deauthentication attacks work, why they matter for wireless security testing, and how to defend your network against them.
WiFi Deauth Attacks Explained: How They Work and How to Test for Them
Learn how WiFi deauthentication attacks work, why they matter for wireless security testing, and how to defend your network against them.
What Is Bluetooth® Low Energy (BLE)? A Complete Beginner's Guide
Learn what Bluetooth® Low Energy (BLE) is, how it works, where it's used, and why BLE security matters for researchers and everyday users.
What Is Bluetooth® Low Energy (BLE)? A Complete Beginner's Guide
Learn what Bluetooth® Low Energy (BLE) is, how it works, where it's used, and why BLE security matters for researchers and everyday users.