Alessandro Sangiorgi — GPU Performance Engineerhttps://contact.alessandrosangiorgi.net/Recent content on Alessandro Sangiorgi — GPU Performance EngineerHugoenWed, 08 Apr 2026 00:00:00 +0000Retrieving the ARP Table on Android SDK 30+ via Netlinkhttps://contact.alessandrosangiorgi.net/posts/ip-neigh-android-sdk30-netlink-workaround/Wed, 08 Apr 2026 00:00:00 +0000https://contact.alessandrosangiorgi.net/posts/ip-neigh-android-sdk30-netlink-workaround/<p>Starting with Android 11 (API level 30), Google removed the ability for apps to run <code>ip neigh</code> or bind netlink sockets. This broke every app that relied on reading the ARP table — network scanners, device discovery tools, local network diagnostics. The change was intentional: Google argued that exposing the neighbor table leaks information about other devices on the local network, which is a privacy concern.</p> <p>The problem is that there was no replacement API. Apps that needed neighbor discovery — for example, to find smart home devices, printers, or other hosts on the LAN — were simply out of luck. So I wrote a native library that retrieves the ARP table via RTNetlink without binding the socket, shipped it as an Android library, and <a href="https://github.com/fulvius31/ip-neigh-sdk30">open-sourced it</a>.</p>Blocking WiFi De-Auth Attacks in the Kernel with eBPF and XDPhttps://contact.alessandrosangiorgi.net/posts/ebpf-xdp-wifi-deauth-defense/Tue, 07 Apr 2026 00:00:00 +0000https://contact.alessandrosangiorgi.net/posts/ebpf-xdp-wifi-deauth-defense/<p>802.11 de-authentication attacks are one of the oldest and cheapest WiFi denial-of-service techniques. An attacker sends forged de-auth management frames to disconnect clients from an access point — <code>aireplay-ng</code> sends 128 per attack command (64 directed at the AP, 64 at the client). Despite being a known problem for over two decades, the main defense is still 802.11w (Protected Management Frames), which requires both AP and client support and still degrades under high-rate floods.</p>Intercepting Android's ManagedProvisioning: A PendingIntent Vulnerability in AOSPhttps://contact.alessandrosangiorgi.net/posts/managedprovisioning-pendingintent-vulnerability/Mon, 06 Apr 2026 00:00:00 +0000https://contact.alessandrosangiorgi.net/posts/managedprovisioning-pendingintent-vulnerability/<p>I found and reported a vulnerability in Android&rsquo;s <code>ManagedProvisioning</code> component — the system app responsible for setting up enterprise-managed (work) profiles. The bug allows any unprivileged third-party app to intercept a privileged provisioning callback, leaking install timing, session metadata, and in some cases package details — all without any special permissions.</p> <p>Google acknowledged the report, logged it for potential remediation, and classified it as low severity. Here&rsquo;s the full breakdown.</p>