Craig S. Blackie

New Blog Post: Shipping your Private Key - CVE-2023-43870, Paxton do a Lenovo cryptic.red/post/shipping-…

Woke up to a pull request by @MistialD adding MIFARE DESFire simulation to the proxmark3. Not what I expected in the middle of the summer some weeks before hacker summer camp. I expected a slow time until during Vegas with people dropping their research

I've identified a vulnerability in the firmware of Paxton Paxton10 (prior to 4.6 SR6) that exposes hard-coded Twilio API credentials within the rootfs.tar.gz file. 🛠️ Full CVE Details: cve.mitre.org/cgi-bin/cvenam…

Sometimes the stars align and you can push out something really fast. Proxmark3 client now supports sharing json dumpfiles. Working together with KevTheHermit and his proxdump.com , it also support MQTT #bleedingedge Show your love!!!!

This feels like @TheKenMunroShow purchase. avpay.aero/company/jet-ar…

Microsoft Copilot for SharePoint just made recon a whole lot easier. 🚨   One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...   It opened the door to credentials,…

It’s been a long journey—far from easy. But alongside some of the world’s finest researchers, I’ve been lucky to learn, break, and build. Huge thanks to @Bugcrowd for making it possible to see my bugmoji on the NASDAQ billboard in Times Square. The message says it best:…

Updated firmware on ESP32 for click to clone as opposed to replay and wrote some software that runs on the LattePanda to accept serial data, encode hitag and write data via proxmark. #Software #Firmware #Hardware #CardCloning #SecurirtyResearch #RFIDHacking #Proxmark #LattePanda

I’m putting together a hands-on hacking session for college students in the South East of the UK. If you’re a student, teacher, or know of any colleges that might be interested, please let me know or share this with them! 🙏

🧐

Upgraded the Arm chip and USB port on my ageing PM3easy.

#Proxmark3 RDv4.01 all setup and working with @herrmann1001 Iceman firmware. Working in conjunction with my Paxtogeddon Reader for card/fob reading and logging, we use this device to clone the exported data. Works like an absolute charm. 😍 #CardCloning #RFIDHacking

Managed to get BitPixie exploit working in VM and hardware with @R3n5k1 . Cool hack, specially with an fTPM.

So I smell weaponized readers? GO RED TEAM!

Read, decode, log, replay and enable cloning of Paxton Net2, Switch2, and Knockout fobs/cards. youtube.com/watch?v=AjH9_6…

In the upcoming video I take a look at Daniels FW for the Paxton door sim. Blistering fast C impl, nice features, Will it be suitable for weaponized readers?

Just uploaded a video about the Paxton Door Simulator! 🛠️ Walked through how to set it up with a Paxton wall reader and its practical uses in testing access control systems. 🔑 Watch here: youtu.be/eWBViW3M9y8 And do me favor and subscribe! #AccessControl #RFID #paxton

Excited to share that our talk ‘Dismantling the SEOS Protocol’ will be part of Black Hat Asia 2025 briefings @BlackHatEvents Where we will present the reversing and implementing the SEOS protocol into the Proxmark3 tool. It's a great story! @evildaemond and I are looking…

Digging into how the latest Windows Kubernetes vuln works was a fun way to spend a couple of hours. We've just published some of my notes here: blog.amberwolf.com/blog/2025/janu…

PCILeech PCIe DMA attacks and MemProcFS memory forensics now runs on macOS analyzing Windows memory! MemProcFS 5.14 and PCILeech 4.19 just released! github.com/ufrisk/MemProc… github.com/ufrisk/pcileech

Awesome meeting you at Bsides London and thank you so much for your modified door sim. I was showcasing it for a non-hacker yesterday :) Love it! and I will make video about it and I hope you will be in it talking about the modifications