pwnat – NAT To NAT Client Communication Tool

pwnat, pronounced “poe-nat”, is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to […]

Topic: Hacking Tools, Networking Hacking

Open Source Keykeriki Captures Wireless Keyboard Traffic

Another interesting attack, rather than going after the PC/Server this one goes after the data sent by wireless devices such as the wireless keyboards sold by Microsoft. The neat thing is by using a replay attack you could also send rogue inputs to the device. But then it serves Microsoft right for using XOR encryption […]

Topic: Hardware Hacking, Privacy

PenTBox – Penetration Testing Security Suite

PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems. Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works. It is free, licensed under GNU/GPLv3. PenTBox Contains Cryptography tools Base64 Encoder & Decoder Multi-Digest (MD5, SHA1, SHA256, SHA384, […]

Topic: Hacking Tools, Password Cracking

Browser Fingerprints – How Unique Is Your Browser – Panopticlick

Now this is another interesting attack vector using little bits of data not many people consider. I have heard about this kind of technique before and considered how it’d be done myself. Finally someone has put together a public version of a tool that can tell you how unique your browser footprint is. As for […]

Topic: Privacy, Web Hacking

Flint – Web-based Firewall Rule Scanner

Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can: CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic. ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules SANITY CHECK CHANGES to see if new rules create problems. Flint is absolutely free. […]

Topic: Countermeasures, Networking Hacking, Security Software

Website Auto-complete Leaks Data Even Over Encrypted Link

I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms […]

Topic: Cryptography, Exploits/Vulnerabilities, Privacy