Rafi Gana

Cybersecurity Specialist

Home Blog Portfolio

Security that Coexists.

Coverage

Research

Validation

Insight

Worked with

areas of expertise

Embedded & IoT

Network & RF

Linux & Android

Reverse Engineering

Exploits & Mitigations

The Power of DeAuth: WiFi Attack Introduction

17/04/2025

TL;DR

When almost every household has a WiFi network of its own, combined with old security protocols. Simple attacks such as deauthentication is an easy way to do a Denial-of-Service attack (DoS).

Binary Mitigations Part 1: Don't Bother The Little Birdie

22/08/2024

TL;DR

Stack Canary is a security mechanism designed to protect against stack-based buffer overflow attacks. This post will explain how stack canaries work, how they prevent exploits, and techniques that attackers might use to bypass them, offering insights into low-level security mitigations and their vulnerabilities.

Embedded Research: Bits & Pieces

03/10/2023

TL;DR

Hardware research involves understanding the inner workings of embedded systems and how to manipulate them. In this post, we’ll explore key hardware concepts, including memory structures, Von Neumann architecture, and the differences between NAND and NOR flash memory, all crucial for hardware hacking and security.

JS Engines Optimization: Faster Than Fast

26/09/2023

TL;DR

JavaScript engines like V8 execute code efficiently by using interpreters and compilers. This post will explain how V8, and other engines, optimize JavaScript execution with techniques like Just-In-Time (JIT) compilation, and how properties, methods, and objects are handled behind the scenes to ensure fast performance.

Android Apps Part 5: Going Dynamic

23/08/2023

TL;DR

Dynamic analysis allows real-time debugging and manipulation of Android apps. This post will walk you through setting up Android Studio for debugging, using Frida for runtime hooking, and a taste of the Xposed framework to modify system and app behaviors without altering the app’s APK.

Android Apps Part 4: Taking a Look Under The Hood

16/08/2023

TL;DR

Reverse engineering Android apps involves decompiling and analyzing APK files to understand their behavior. This post will cover techniques for extracting hidden secrets, such as using JADX to view Java code, analyzing app logic, and using tools like Ghidra to uncover protected data.

Android Apps Part 3: That's Not Java! Something Smali In Here...

09/08/2023

TL;DR

Smali is a low-level language that represents Dalvik bytecode, used for reverse engineering Android apps. In this post, we will explore how to disassemble APKs using tools like Baksmali and APKTool, understand the Smali syntax, and modify apps by manipulating the Smali code.

Android Apps Part 2: Crossing Bridges, Debugging Android

02/08/2023

TL;DR

ADB (Android Debug Bridge) is a powerful tool for controlling and debugging Android devices. This post will cover the basics of setting up ADB, how to connect to a device, and essential ADB commands for manipulating files, accessing logs, and debugging Android apps remotely.

Android Apps Part 1: Egg? Chicken? Zygote!

26/07/2023

TL;DR

Android development has evolved from complex system-level programming to a highly abstracted environment, allowing developers to focus on app logic. This post will dive into Android's app lifecycle, the compilation process, and the Zygote process, explaining how apps are launched and managed within the Android ecosystem.

More Posts

Coming soon...

Professional Experience

I’m excited to introduce myself as someone with strong experience in technical management, cybersecurity, and Eloctronics.
I’ve worked on a variety of projects that involve system design, team leadership, and hands-on work.
With close communication, I’m confident that my skills and problem-solving abilities in different domains will allow me to contribute meaningfully to your team.
Below you can find ways to reach out, looking forward to discussing how I can add value to your company.

Technologies

  • Programming: Python, C, C++, C#, Bash, Assembly (x86/x64, ARM), Web (JavaScript, HTML, CSS), Databases.
  • Networking & Protocols: Wireshark, Burp Suite, Wi-Fi, Bluetooth, CAN Bus, USB.
  • Embedded & OS Security: Android, Linux Internals, Firmware Analysis, EMMC & Flash, FPGA & VHDL.
  • Detection Engineering: Honeypots, Thresholds, DLP, Incident Response.
  • Secure Dev & DevOps: Docker, CI/CD Security, PT, Threat Modeling.
  • Electronics & Test Equipment: Multimeters, Analyzers (Logic, Spectrum, Network), Oscilloscopes, RF.
  • CAD & 3D Printing: PCB Design, FDM, OpenSCAD, SolidWorks

Working Experience

IoT Research Technical Leader — Sayfer.io (2023 – Current)

I am the IoT and advanced exploitation techniques knowledge source for a diverse and multidisciplinary company.

  • Conducting and managing in-depth penetration testing projects in various attack surfaces in all vectors to uncover, exploit, and report security weaknesses in proprietary systems to all levels of stakeholders, from C-level executives all the way to development teams.
  • Participating as a tech specialist in technical sales meetings to ensure long-term partnership and trust.

Embedded Systems Security Researcher — CyberToka Ltd. (2020-2022)

I brought unique expertise in electronic engineering to a strong automotive embedded research team.

  • Conducted RE and vulnerability research on vast attack surfaces, including all different layers of the network stack on various systems, leading to multiple critical findings.
  • Provided structured guidance in security-related subjects to cross-functional teams, ensuring self-sufficiency and long-term knowledge retention.

Software Engineer and OS Security Researcher — Prime Minister’s Office (2016-2019)

By being given the opportunity to learn a new field, I got to become a focal point in application security-related projects.

  • Conducted and managed Android applications vulnerability research and full-stack development projects, including exploit development incorporated with detection engineering mechanisms, while coping with modern OS security mitigations.
  • Mentored cybersecurity recruits, upskilling modern exploitation techniques and countermeasures.

Electronic Warfare R&D and Maintenance Team Leader — Air Force Base 108 (2013-2016)

I was promoted to team leader for a team in charge of some of the Israeli Air Force's crucial RF systems.

  • Led a team of hardware engineers, accountable for maintenance and development in the field of RF signal generators and high-power transmitters.
  • Encouraged professional growth by crafting tailor-made training programs and escorting trainees until completion.

Education

  • 2016-2020: B.Sc. Computer Science, The Academic College of Tel Aviv-Yafo, Tel Aviv-Yafo, Israel
  • 2011-2013: Electronics Practical Engineer, “Amal 1 Holtz”, Tel Aviv-Yafo, Israel

Languages: Hebrew (native), English (full professional proficiency)

Noteable personal project

Developing an integrated dockerized multi-server ecosystem using with both open-source and proprietary services to structure and organize daily workflow, potentially helping others with ADHD unlock their potential. Designed to foster focus, time management and productivity methodologies thorugh structure.