News RSS

Your favorite switch just got even better The Skunk gets a new version for 2022! Still providing the same features you know and love, the software remains the same but the hardware has had some visible changes. Probably the most obvious is the move from the classic green soldermask to a fresh purple. Some changes are not just cosmetic though: the physical footprint has been reduced quite a bit. From 84x75 mm down to 75x61 mm, the Skunk just got a 27% size reduction. It now takes even less space in your hacker backpack or toolbox. This becomes pretty obvious when...

Weapons-grade MitM Syphoon is a MitM (Man-in-the-Middle) tool - it abuses the network to redirect communications from other hosts through itself. This allows sniffing as well as manipulation of communications between hosts on the network. Beat the network into submission When thinking about MitM, the first thing that comes to mind is often sniffing passwords out of clear-text exchanges. This is a gross oversimplification of what Syphoon is capable of. MitM is only the beginning - Syphoon offers a wide range of tools to extract information, manipulate exchanges, strip SSL, redirect network flows and more. Written exclusively in C and optimized...

The setting As a pentester, I've been mostly dissatisfied with the major web fuzzing / discovery tools. With recurring issues ranging from "too tedious to setup (or use)", to simply "way too slow", about two years ago I started thinking I should maybe do something about it. The idea I decided to create a new tool, initially mostly for finding web directories, but with the ultimate intent of having a general web fuzzer. The requirements were clear: * must be easy to run (single binary) * simple to use with clear help * flexible enough to address most scenarios * quick...

A delicate situation Sometimes you need to hook something behind a device in a corporate network. Unfortunately, sometimes that device turns out to be an IP phone or video camera only powered through PoE. Unless there's a spare power supply lying around that just happens to match the device, this can mean the difference between a successful intrusion or an embarrassing moment. An easy solution The solution to this is the Sparkplug - a tiny PoE injector capable of powering devices up to 15W. On one side, hook up the included wall adapter and the PoE device. On the other...

Yes, they still exist... Every once in a while I come across some device that actually talks real RS-232. This is a pain because it means I have to pull out an old USB to RS-232 cable. Most electronics today expose UARTs (serial ports) at TTL levels of 3.3V or 5.0V. This is why the Nautilus USB UART features a switch allowing you to select between these two most common voltages. Simple and versatile I wanted something more versatile than a single-unit USB to RS-232 cable, so I went ahead and designed just the RS-232 to TTL part.  The male pins accept...