Security Cloak – Mask Against TCP/IP Fingerprinting for Windows


I’ve seen quite a lot of discussion lately on how to ‘defend against nmap’ or how to change the properties of your TCP/IP Stack so your Windows OS appears to be something else (As in you can guess the OS from the TTL value passed back in a TCP/IP packet).

One way you can do this is with Security Cloak.

Security Cloak is designed to protect against TCP/IP stack fingerprinting and computer identification/information leakage via timestamp and window options by modifying relevant registry keys. The settings used are based on the results of SYN packet analyization by p0f. While the OS reported by other OS detection scanners were not identical to those of p0f, testing against Nmap, xprobe2, queso and cheops showed that they were unable to identify the correct operating system/version after Security Cloak settings had been applied.

Note that in order to properly emulate some Operating Systems, the MTU must be changed. While most of these require the MTU to be 1500 (the default for most network connections),depending on your network connection, this could degrade/interfere with your connectivity, so be sure to check your current MTU before applying these changes. It is reccomended that you save all the original key values before using this program in the event that your computer responds negatively to the changes.

You can find the authors page here: http://www.craigheffner.com/security/

And a direct download here: Security Cloak

Posted in: Countermeasures, Networking Hacking, Windows Hacking

, ,


Latest Posts:


LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.


2 Responses to Security Cloak – Mask Against TCP/IP Fingerprinting for Windows

  1. JB March 20, 2006 at 5:53 am #

    Interesting idea. I have used the vulnerability scanning service offered by Qualys, and while the TCP/IP fingerprinting is not the most severe issue, I was curious if it could be masked somehow. I plan to test this out and see what my scans come up with. I’ll try to post the results.

  2. Darknet March 20, 2006 at 6:14 am #

    JB: Thanks, would be interested to know your results for sure!