Research
Selected projects and write-ups from martinvigo.com focused on offensive security, account takeover and practical attack-path analysis. This is the public body of work that underpins the consulting approach at Triskel Security.
The projects focus on practical abuse paths, recovery workflows, weak trust boundaries and real-world exploitation chains, not academic theory for its own sake.
For clients, this page is a portfolio of thinking: what kinds of weaknesses Martin notices, how he analyzes them and how clearly he translates them into impact.
Threat intelligence, Red Team scenarios, testing priorities and executive narratives all benefit when the consulting is grounded in original offensive work.
A full attack chain demonstrating how default and unprotected voicemail PINs can be weaponised to bypass SMS-based two-factor authentication and take over accounts at scale — across banks, social platforms and e-commerce providers. Presented at DEF CON 26 and later 35C3, this research drove carrier and platform policy changes.
Las Vegas main stage, 2018
Chaos Communication Congress, Leipzig
International press coverage
Impact across 5+ major providers
Attack chain: email → phone lookup → voicemail PIN brute-force → 2FA bypass → account compromise
A practical workflow for generating valid phone numbers in OSINT investigations, turning fragmented registry data into actionable intelligence.
Research project
2020
Password-reset and account-recovery workflows inadvertently expose phone numbers, enabling targeted compromise chains against high-value individuals.
Research project
2020
Default and unprotected voicemail PINs weaponised to bypass SMS-based 2FA and take over accounts at scale — research that drove policy changes at carriers and platforms.
DEF CON 26 · 35C3
2018
Apple’s Handoff call-relay design silently forwards calls across linked devices. This research shows how that behaviour can be abused for passive surveillance.
iOS research
2016
Predictable meeting-ID spaces allow automated enumeration to join live corporate video calls undetected — a design flaw with significant confidentiality implications.
Write-up
2019
Architectural weaknesses in LastPass’s second-factor implementation allow an attacker with temporary access to silently disable 2FA and maintain persistent access.
DEF CON 26 · 35C3
2015
Healthcare organizations handle protected health information (PHI) under strict rules like HIPAA, making pentesting essential to secure electronic health records, telemedicine apps, and medical IoT devices from ransomware and data breaches. These tests simulate real-world attacks to ensure patient privacy and operational continuity.
Government agencies manage critical infrastructure and citizen data, requiring pentesting to meet standards like FedRAMP and NIST while defending against nation-state threats. It uncovers weaknesses in public-facing portals and internal networks, supporting national security compliance.
E-commerce platforms process vast payment data and user sessions, using pentesting to detect flaws in web apps, shopping carts, and supply chain integrations per PCI compliance. This proactive approach prevents financial losses from fraud and maintains consumer trust.
E-commerce platforms process vast payment data and user sessions, using pentesting to detect flaws in web apps, shopping carts, and supply chain integrations per PCI compliance. This proactive approach prevents financial losses from fraud and maintains consumer trust.
