My Flock Safety independent security research has reached the point where it felt necessary to compile it all into a formal white paper and statement. Moving forward, all vulnerabilities will be added first to this white paper during the responsible disclosure embargo.
I have some very backlogged projects I’ve decided to just release to get them out of my backlog. This one is related to the Digital Ally ThermoVu DTM-600, which is a Uniview/OEM OET-213H-NB-style facial recognition and thermal access-control device. This release is the majority of my notes, tools, findings, and research artifacts from looking at … Continue reading Digital Ally ThermoVu DTM-600 / Uniview LAPI Security Research Release→
I have some very backlogged projects I've decided to just release to get them out of my backlog. The first one is related to aftermarket Apple CarPlay and Android Auto dongles. This release is the majority of my notes, tools, findings, and research artifacts from looking at the Mayton/AutoPro-style dongle ecosystem. It includes documentation, test … Continue reading AutoPro and 3rd Party Carplay/Android Auto Dongle Security Research→
Agent Ready Armor (ARA) — a runtime substrate for AI agents. Containment for what agents do, provenance for what they produce. Built for the demands of offensive security, applicable to any agentic deployment. Second in the Ready Armor Suite, after BRA. Control in Depth.
Arctic Base is a single place per project where your AI coding agent can drop approval forms, share files both ways, render markdown for review, drive a persistent task list, and wait for you to respond — without bloating your chat context or forcing you to copy-paste.
The default in most "AI security" tools today is that the model runs the engagement. Battle Ready Armor takes the opposite position: the operator drives, the AI is advisory, and the framework holds the line mechanically —through approval tokens, scope checks, and on-disk anonymization that survive any model swap. Slim is the free tier, out today.
Random little tool I decided to release. A fun little docker deployable, offline archiver and viewer for links/data. Desktop and mobile friendly. Import/export db or csv. Multi db support. Mgmt built in. Native iOS app in review as well https://github.com/GainSec/SectorMap END TRANSMISSION
AutoProber is the hardware hacker's flying probe automation stack for giving your agent everything it needs to go from "there's a new target on the plate" to probing individual pins.
How I took a security researchers initial discovery and found another 63 instances of Flock Safety Camera Feeds and Debug Web Service exposed unauthenticated to the internet. Also learn how it ended up being exposed to the internet and how to ensure it doesn't happen to you.
An all-in-one Shodan & ZoomEye supported tool to search, browse, preview and dump data leakage across 20+ services. Pulls real exposure straight from the sources instead of guessing. Drop it into your workflow and watch it surface leaks you won't find anywhere else.