Denis Laskov 🇮🇱

@it4sec

Cybersecurity & Technology, Hacker, Father. Today: Chief Hacker at EY IL. ex-Mercedes-Benz, ex-IBM, ex-IDF. On LinkedIn, Mastodon and Bluesky as well.

Israel and around.

Joined February 2012

307Following

9KFollowers

Pinned

Denis Laskov 🇮🇱@it4sec · Feb 19

ה' יקום דמם #Bibas #BibasFamily

10.0K

Denis Laskov 🇮🇱@it4sec · 17 h

Cloning and emulating HID SEOS cards: a step-by-step guide to hacking the second most popular smart card architecture. 🎫🐬၊၊||၊🔓 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/cloning-and-…

it4sec's tweet image. Cloning and emulating HID SEOS cards: a step-by-step guide to hacking the second most popular smart card architecture. 🎫🐬၊၊||၊🔓

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/cloning-and-…

1.0K

Denis Laskov 🇮🇱@it4sec · Jul 25

A great idea for hardware hacking training: spotting fake chip components in products (yes, they’re already here). 🪲👨‍🔧🏴‍☠💵 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/a-great-idea…

it4sec's tweet image. A great idea for hardware hacking training: spotting fake chip components in products (yes, they’re already here). 🪲👨‍🔧🏴‍☠💵

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/a-great-idea…

172

4.0K

Denis Laskov 🇮🇱@it4sec · Jul 24

Bluetooth and its privacy issues: Practical discovery of non-discoverable Bluetooth devices. 🔵🦷🔎😈 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/bluetooth-an…

it4sec's tweet image. Bluetooth and its privacy issues: Practical discovery of non-discoverable Bluetooth devices. 🔵🦷🔎😈

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/bluetooth-an…

1.0K

Denis Laskov 🇮🇱@it4sec · Jul 23

New attack vector for Android infotainment: Quick Share is coming to Android for cars, so here are the protocol details and RCE chain. 🚗 👻 📱🚨 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/new-attack-v…

it4sec's tweet image. New attack vector for Android infotainment: Quick Share is coming to Android for cars, so here are the protocol details and RCE chain. 🚗 👻 📱🚨

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/new-attack-v…

649

Denis Laskov 🇮🇱@it4sec · Jul 22

Rest in peace, Ozzy, and thank you.

647

Denis Laskov 🇮🇱@it4sec · Jul 22

Hacking a proprietary ATM security suite - and accidentally, casino equipment too: 6 vulnerabilities and how to find them. 🏧🎰 👨🏻‍💻 💸 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/hacking-a-pr…

it4sec's tweet image. Hacking a proprietary ATM security suite - and accidentally, casino equipment too: 6 vulnerabilities and how to find them. 🏧🎰 👨🏻‍💻 💸

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/hacking-a-pr…

811

Denis Laskov 🇮🇱@it4sec · Jul 21

Cybersecurity of Power Line Communications (PLC): the basics you need to know about the protocol, the hardware, and how to attack it. ⚡🔌🚽 ☠️ More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/cybersecurit…

it4sec's tweet image. Cybersecurity of Power Line Communications (PLC): the basics you need to know about the protocol, the hardware, and how to attack it. ⚡🔌🚽 ☠️

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/cybersecurit…

127

4.0K

Denis Laskov 🇮🇱@it4sec · Jul 20

Reverse engineering Ecovacs vacuum and lawn mowing robots and using Bluetooth RCE to turn them into moving webcams. 👩🏽‍🦯💥👁️🥷 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/reverse-engi…

it4sec's tweet image. Reverse engineering Ecovacs vacuum and lawn mowing robots and using Bluetooth RCE to turn them into moving webcams. 👩🏽‍🦯💥👁️🥷

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/reverse-engi…

249

9.0K

Denis Laskov 🇮🇱@it4sec · Jul 19

Hacking the Chipolo One Bluetooth tracker: remote code execution via melody update. 🐱🥇၊၊||၊👨🏻‍💻 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/hacking-the-…

it4sec's tweet image. Hacking the Chipolo One Bluetooth tracker: remote code execution via melody update. 🐱🥇၊၊||၊👨🏻‍💻

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/hacking-the-…

1.0K

Denis Laskov 🇮🇱@it4sec · Jul 18

Hacking an ECU from an undisclosed (maybe your?) car: Using glitching to extract MPC5566 firmware via CAN. 🥷🏻🫨🚗🔐 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/hacking-an-e…

it4sec's tweet image. Hacking an ECU from an undisclosed (maybe your?) car: Using glitching to extract MPC5566 firmware via CAN. 🥷🏻🫨🚗🔐

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/hacking-an-e…

196

7.0K

Denis Laskov 🇮🇱@it4sec · Jul 17

A Mexican drug cartel hired a hacker to break into phones and CCTV cameras; they were looking for FBI informants. 💉 👨🏻‍💻 🖲 ☠️ More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/a-mexican-dr…

it4sec's tweet image. A Mexican drug cartel hired a hacker to break into phones and CCTV cameras; they were looking for FBI informants. 💉 👨🏻‍💻 🖲 ☠️

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/a-mexican-dr…

943

Denis Laskov 🇮🇱@it4sec · Jul 16

Key fob cloning caught on camera: One thief breaks the driver's window, another connects to the OBD port, and the car is gone. 🚘🔨💻😈 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/key-fob-clon…

1.0K

Denis Laskov 🇮🇱@it4sec · Jul 15

DJI drone security analysis: reverse engineering communication, firmware extraction, and fuzzing for vulnerabilities. 𖥂🎮 ၊၊||၊ 💥 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/dji-drone-se…

it4sec's tweet image. DJI drone security analysis: reverse engineering communication, firmware extraction, and fuzzing for vulnerabilities. 𖥂🎮 ၊၊||၊ 💥

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/dji-drone-se…

146

772

531

38.0K

Denis Laskov 🇮🇱@it4sec · Jul 14

Critical chain of vulnerabilities in the Bluetooth stack enables 1-click RCE (remote code execution) on German cars. 🚘 🔵🦷💥 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/critical-cha…

it4sec's tweet image. Critical chain of vulnerabilities in the Bluetooth stack enables 1-click RCE (remote code execution) on German cars. 🚘 🔵🦷💥

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/critical-cha…

4.0K

Denis Laskov 🇮🇱@it4sec · Jul 13

How credit card skimmers work: reverse engineering skimmers to recover stolen data (and much more!) 💳🏧💸🥺 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/how-credit-c…

it4sec's tweet image. How credit card skimmers work: reverse engineering skimmers to recover stolen data (and much more!) 💳🏧💸🥺

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/how-credit-c…

131

8.0K

Denis Laskov 🇮🇱@it4sec · Jul 12

Security analysis of airplane datalink apps: "spoof-and-jam" attacks on plane communication systems (CPDLC and ADS-C). 📡 ၊၊||၊ 💀✈️ More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/security-ana…

it4sec's tweet image. Security analysis of airplane datalink apps: "spoof-and-jam" attacks on plane communication systems (CPDLC and ADS-C). 📡 ၊၊||၊ 💀✈️

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/security-ana…

176

929

669

34.0K

Denis Laskov 🇮🇱@it4sec · Jul 11

$4 for a cellular hacking device: cheap, reliable, and DIY equipment for SIM card vulnerability research. 👨🏻‍💻 💲📳 🐞 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/4-for-a-cell…

it4sec's tweet image. $4 for a cellular hacking device: cheap, reliable, and DIY equipment for SIM card vulnerability research. 👨🏻‍💻 💲📳 🐞

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/4-for-a-cell…

2.0K

Denis Laskov 🇮🇱@it4sec · Jul 10

Finding vulnerabilities in industrial equipment at scale: the first native ICS fuzzer with scan-cycle awareness. 🏭🫨🍮🌟 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/finding-vuln…

it4sec's tweet image. Finding vulnerabilities in industrial equipment at scale: the first native ICS fuzzer with scan-cycle awareness. 🏭🫨🍮🌟

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/finding-vuln…

1.0K

Denis Laskov 🇮🇱@it4sec · Jul 9

EU streetlights are controlled by low-frequency radio signals - here’s how to turn that into an art installation (or a blackout). ⚡၊၊||၊ 👨‍💻၊၊||၊ 💡 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/eu-streetlig…

it4sec's tweet image. EU streetlights are controlled by low-frequency radio signals - here’s how to turn that into an art installation (or a blackout). ⚡၊၊||၊ 👨‍💻၊၊||၊ 💡

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/eu-streetlig…

1.0K

Denis Laskov 🇮🇱@it4sec · Jul 8

$60,000 for a 2-bug chain to exploit the Autel MaxiCharger: RCE via Bluetooth plus authentication bypass. ⛽🔵🦷💥🔫 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/60000-for-a-…

it4sec's tweet image. $60,000 for a 2-bug chain to exploit the Autel MaxiCharger: RCE via Bluetooth plus authentication bypass. ⛽🔵🦷💥🔫

More details on:
LinkedIn: linkedin.com/posts/dlaskov_…
Substack: it4sec.substack.com/p/60000-for-a-…

102

5.0K