Hablar con un experto

Research

Research
projects

Selected projects and write-ups from martinvigo.com focused on offensive security, account takeover and practical attack-path analysis. This is the public body of work that underpins the consulting approach at Triskel Security.

Why this matters

Research as
proof of depth

These projects show how Martin Vigo approaches offensive security: find a real attack path, validate it technically, communicate it clearly and turn it into something defenders can act on.

Offensive perspective

Built from attacker tradecraft

The projects focus on practical abuse paths, recovery workflows, weak trust boundaries and real-world exploitation chains, not academic theory for its own sake.

Public proof

Visible evidence of technical depth

For clients, this page is a portfolio of thinking: what kinds of weaknesses Martin notices, how he analyzes them and how clearly he translates them into impact.

Commercial relevance

Research that informs engagements

Threat intelligence, Red Team scenarios, testing priorities and executive narratives all benefit when the consulting is grounded in original offensive work.

★ Most cited research

Compromising online accounts by cracking voicemail systems

A full attack chain demonstrating how default and unprotected voicemail PINs can be weaponised to bypass SMS-based two-factor authentication and take over accounts at scale — across banks, social platforms and e-commerce providers. Presented at DEF CON 26 and later 35C3, this research drove carrier and platform policy changes.

Read the research

DEF CON 26

Las Vegas main stage, 2018

35C3

Chaos Communication Congress, Leipzig

The Guardian

International press coverage

Multi-platform

Impact across 5+ major providers

Attack chain: email → phone lookup → voicemail PIN brute-force → 2FA bypass → account compromise

OSINT

Phonerator — An advanced valid phone number generator

A practical workflow for generating valid phone numbers in OSINT investigations, turning fragmented registry data into actionable intelligence.

View project →

Research project

2020

Account takeover

From email to phone number — a new OSINT approach

Password-reset and account-recovery workflows inadvertently expose phone numbers, enabling targeted compromise chains against high-value individuals.

View project →

Research project

2020

OSINT

Compromising online accounts by cracking voicemail systems

Default and unprotected voicemail PINs weaponised to bypass SMS-based 2FA and take over accounts at scale — research that drove policy changes at carriers and platforms.

View project →

DEF CON 26 · 35C3

2018

Mobile security

DIY spy program — abusing Apple's call relay protocol

Apple’s Handoff call-relay design silently forwards calls across linked devices. This research shows how that behaviour can be abused for passive surveillance.

View project →

iOS research

2016

Web / App security

GoogleMeetRoulette — uninvited access via guessable meeting IDs

Predictable meeting-ID spaces allow automated enumeration to join live corporate video calls undetected — a design flaw with significant confidentiality implications.

View project →

Write-up

2019

Account security

Design flaws in LastPass 2FA implementation

Architectural weaknesses in LastPass’s second-factor implementation allow an attacker with temporary access to silently disable 2FA and maintain persistent access.

View project →

DEF CON 26 · 35C3

2015

Sanidad

Las organizaciones de salud manejan información de salud protegida (PHI) bajo reglas estrictas como HIPAA, haciendo que las pruebas de penetración sean esenciales para asegurar registros electrónicos de salud, aplicaciones de telemedicina y dispositivos IoT médicos contra ransomware y brechas de datos. Estas pruebas simulan ataques del mundo real para garantizar la privacidad del paciente y la continuidad operativa.

Hablar con un experto

Gobierno

Las agencias gubernamentales gestionan infraestructura crítica y datos de ciudadanos, requiriendo pruebas de penetración para cumplir con estándares como FedRAMP y NIST mientras se defienden contra amenazas de estados-nación. Descubre debilidades en portales públicos y redes internas, apoyando el cumplimiento de seguridad nacional.

Hablar con un experto

E-Commerce

Las plataformas de e-commerce procesan vastos datos de pagos y sesiones de usuarios, usando pruebas de penetración para detectar fallos en aplicaciones web, carritos de compra e integraciones de cadena de suministro según el cumplimiento PCI. Este enfoque proactivo previene pérdidas financieras por fraude y mantiene la confianza del consumidor.

Hablar con un experto

E-Commerce

Las plataformas de e-commerce procesan vastos datos de pagos y sesiones de usuarios, usando pruebas de penetración para detectar fallos en aplicaciones web, carritos de compra e integraciones de cadena de suministro según el cumplimiento PCI. Este enfoque proactivo previene pérdidas financieras por fraude y mantiene la confianza del consumidor.

Hablar con un experto

Offensive depth

Projects focus on practical attacker workflows, not abstract theory, which reinforces the core positioning of the firm.

Public proof of expertise

These write-ups give buyers and partners visible evidence of the research depth behind the consulting work.

Strong internal links

Pair this page with About and Threat Intelligence to connect authority with commercial services.