Rafi Gana

Cybersecurity Specialist

Home Blog Portfolio

Security that Coexists.

Coverage

Research

Validation

Insight

Worked with

Inovytec
1touch
Tigo Energy
Munters
Augmedics
Kodem Security
Sayfer
Sayfer

areas of expertise

Embedded & IoT

Network & RF

Linux & Android

Reverse Engineering

Exploits & Mitigations

The Power of DeAuth: WiFi Attack Introduction

17/04/2025

TL;DR

When almost every household has a WiFi network of its own, combined with old security protocols. Simple attacks such as deauthentication is an easy way to do a Denial-of-Service attack (DoS).

Binary Mitigations Part 1: Don't Bother The Little Birdie

22/08/2024

TL;DR

Stack Canary is a security mechanism designed to protect against stack-based buffer overflow attacks. This post will explain how stack canaries work, how they prevent exploits, and techniques that attackers might use to bypass them, offering insights into low-level security mitigations and their vulnerabilities.

Embedded Research: Bits & Pieces

03/10/2023

TL;DR

Hardware research involves understanding the inner workings of embedded systems and how to manipulate them. In this post, we’ll explore key hardware concepts, including memory structures, Von Neumann architecture, and the differences between NAND and NOR flash memory, all crucial for hardware hacking and security.

JS Engines Optimization: Faster Than Fast

26/09/2023

TL;DR

JavaScript engines like V8 execute code efficiently by using interpreters and compilers. This post will explain how V8, and other engines, optimize JavaScript execution with techniques like Just-In-Time (JIT) compilation, and how properties, methods, and objects are handled behind the scenes to ensure fast performance.

Android Apps Part 5: Going Dynamic

23/08/2023

TL;DR

Dynamic analysis allows real-time debugging and manipulation of Android apps. This post will walk you through setting up Android Studio for debugging, using Frida for runtime hooking, and a taste of the Xposed framework to modify system and app behaviors without altering the app’s APK.

Android Apps Part 4: Taking a Look Under The Hood

16/08/2023

TL;DR

Reverse engineering Android apps involves decompiling and analyzing APK files to understand their behavior. This post will cover techniques for extracting hidden secrets, such as using JADX to view Java code, analyzing app logic, and using tools like Ghidra to uncover protected data.

Android Apps Part 3: That's Not Java! Something Smali In Here...

09/08/2023

TL;DR

Smali is a low-level language that represents Dalvik bytecode, used for reverse engineering Android apps. In this post, we will explore how to disassemble APKs using tools like Baksmali and APKTool, understand the Smali syntax, and modify apps by manipulating the Smali code.

Android Apps Part 2: Crossing Bridges, Debugging Android

02/08/2023

TL;DR

ADB (Android Debug Bridge) is a powerful tool for controlling and debugging Android devices. This post will cover the basics of setting up ADB, how to connect to a device, and essential ADB commands for manipulating files, accessing logs, and debugging Android apps remotely.

Android Apps Part 1: Egg? Chicken? Zygote!

26/07/2023

TL;DR

Android development has evolved from complex system-level programming to a highly abstracted environment, allowing developers to focus on app logic. This post will dive into Android's app lifecycle, the compilation process, and the Zygote process, explaining how apps are launched and managed within the Android ecosystem.

More Posts

Coming soon...

Professional Experience

I’m excited to introduce myself as someone with strong experience in technical management, cybersecurity, and Eloctronics.
I’ve worked on a variety of projects that involve system design, team leadership, and hands-on work.
With close communication, I’m confident that my skills and problem-solving abilities in different domains will allow me to contribute meaningfully to your team.
Below you can find ways to reach out, looking forward to discussing how I can add value to your company.

Technologies

  • Programming: Python, C, C++, C#, Bash, Assembly (x86/x64, ARM), Web (JavaScript, HTML, CSS), Databases.
  • Networking & Protocols: Wireshark, Burp Suite, WiFi, Bluetooth, CAN Bus, USB.
  • Embedded & OS Security: Android, Linux Internals, Firmware Analysis, EMMC & Flash, FPGA & VHDL.
  • Detection Engineering: Honeypots, Thresholds, DLP, Incident Response.
  • Secure Dev & DevOps: Docker, CI/CD Security, PT, Threat Modeling.
  • Electronics & Test Equipment Multi-meters, Analyzers (Logic, Spectrum, Network), Oscilloscopes, RF.
  • CAD & 3D Printing: PCB Design, FDM, OpenSCAD, SolidWorks

Working Experience

IoT Research Technical Leader – Sayfer.io (2023 – Current)

A org-wide knowledge base for IoT and advanced exploit techniques in a diverse and multi-disciplinary company:

  • Conducting and managing in-depth penetration testing projects in various attack surfaces in all vectors to uncover, exploit and report security weaknesses in proprietary systems to all levels of stakeholders ,from C-level executives all the way to development teams.
  • Participating as a tech specialist in technical sales meetings to ensure long term partnership and trust.

Embedded Systems Security Researcher – CyberToka Ltd. (2020-2022)

I brought a unique expertise in electronic engineering into a strong automotive embedded research team:

  • Conducted RE and vulnerability research on vast attack surfaces including all different layers of the network stack on various systems, leading to multiple critical findings.
  • Provided structured guidance in security related subjects to cross-functional teams, ensuring self-sufficiency and long-term knowledge retention.

Software Engineer and OS Security Researcher – Prime Minister’s Office (2016-2019)

After given the oppertunity to dive into a new field, I managed to become a focal point in application security related projects:

  • Conducted and managed Android applications vulnerability research and full-stack development projects, including exploit development incorporated with detection engineering mechanisms, while coping with modern OS security mitigations.
  • Mentored cyber-security recruits, upskilling modern exploitation techniques and countermeasures.

Electronic Warfare R&D and Maintenance Team Leader – Air Force Base 108 (2013-2016)

I was promoted into a team leader for a team in charge of some of the Israeli air-force's crucial RF systems:

  • Led a team of hardware engineers, accountable for maintenance and development in the field of RF signal generators and high-power transmitters.
  • Encouraged professional growth by crafting tailor-made training programs.

Education

  • 2016-2020: B.Sc. Computer Science, The Academic College of Tel Aviv-Yafo
  • 2011-2013: Electronics Practical Engineer, “Amal 1 Holtz”, Tel-Aviv-Yafo

Languages: Hebrew (Native), English (Full professional proficiency)

Noteable personal project

Developing an integrated dockerized multi-server ecosystem using with both open-source and proprietary services to structure and organize daily workflow, potentially helping others with ADHD unlock their potential. Designed to foster focus, time management and productivity methodologies thorugh structure.