← Back to Home
Sec1.dk

Security Blog

Research, analysis, and findings on offensive security, mobile threats, and embedded systems.

Author Niel Nielsen
Posts 11
Windows & Endpoint Security
Forensics Android
Feb 2024
Forensic Analysis Report: Cellebrite Payload Artifacts
Deep-dive on the cellebrite-payload_feb2024.tar archive — post-exploitation persistence, SSL/TLS interception via SPKI bypass, and binary analysis of the installer ELF.
Windows Undetected
2023
Bypassing Defender for Endpoint Device Isolation via WSL
How WSL + SOCKS5 (and Tor) can tunnel traffic out of an isolated endpoint — silently, without triggering any Defender Advanced Hunting logs.
Partial Fix 3 Issues Open
4. jul. 2025
Microsoft Fixes Device Isolation — But Issues Remain
Microsoft silently patched the WSL/SOCKS5 bypass. Conditional access, web content filtering, and Tor-based evasion remain open. MSRC has not responded.
Presentation bSides CPH
11. nov. 2023
Bypassing Defender for Endpoint — bSides Copenhagen Talk (PDF)
Slide deck from the bSides Copenhagen 2023 presentation on MDE device isolation bypass techniques.
Phishing & Email Threats
Phishing Nordea · Sep 2015
28. jul. 2020
Analysis of a Phishing Email — Nordea Impersonation Campaign
Full technical breakdown of a live campaign: spoofed sender, base64-encoded client-side payload, live NETS card validation, and the attacker's own exposed RDP server.
OpenStick / Embedded Linux
OpenStick ARM · Linux
MSM8916 OpenStick Performance Optimization Guide & Results
Kernel tuning, entropy hardening, zRAM with zstd, and thermal monitoring — taking the Handsome UZ801 from Android-remnant to rock-solid Linux micro-server.
OpenStick Debian 13
Updating OpenStick: Debian Bookworm → Trixie
Step-by-step dist-upgrade guide from Debian 12 to 13 on the 4G LTE WiFi Modem, including ADB re-enablement via USB gadget service.
Mobile & Wireless Security
DK BYOD · 2015
16. mar. 2015
En af de største sikkerhedstrusler er i lommen
Smartphones som mobilt kontor: risici ved BYOD, jailbreak, ukontrollerede apps og manglende sikkerhedstræning i virksomheder.
DK Arkiv · ~2007
ca. 2007
Sikkerhedsmæssige risici ved trådløse enheder
Gennemgang af IrDA, R/F-radiokommunikation og Bluetooth — sikkerhedsrisici og anbefalinger til virksomheder.
SailfishOS
SailfishOS Metasploit
Metasploit for Sailfish OS
How I ported Metasploit to Sailfish OS — including a script automating the shrinking of the Rapid7 tarball with versioned auto-download.
SailfishOS Tor
Tor for Sailfish OS
Easy-to-use Tor hidden service setup and a QML app to control Tor status — built for Sailfish OS.
SailfishOS Sniffing
Wireshark UI for Sailfish OS
Simplified UI for wireshark (frontend for t-shark) — built for Sailfish OS.