A tool that targets the Linux keyrings to try and expose them from within containers across namespaces.
Command and Kubectl Tools and Demos
Tools and demos from my Shmoocon 2020 talk on Kubernetes security.
Krew net-forward
A krew plugin for Kubernetes that handles deploying a socat proxy to arbitrary IPs on the network
syscall2seccomp
Tooling to audit containers and applications for appropriate syscalls and convert them to a seccomp profile.
Interlock Time Capsule
Using Shamir Secret Sharing to build a community time capsule
Private Tor Network
A private tor research network using docker images.
Rochester 2600 intelligence gathering
A complicated news collection system using NLP and cloud API's to collect articles, analyze them, and summarize them into a slide-show format.
Liberation Technology Toolkits
Tooling for analyzing the security of libtech technlogies such as meek and obfs4.
Phantomfinger
Tools to attack and defend from fingerprinting phantomJS and Selenium framework.
Spit
Quick proof-of-concept library to simulate actual human typing to mess with Andrew Morris' honeypots.
Tor Research Workshop
A 4 hour class going into details about tor, cryptography, networking, and anonymity attacks.
Jukebox Jacking
A project reverse engineering a XXXXXXXXXX jukebox remote control using hardware analysis and RF interception. Concluded with a legal threat to stop doing that.
SansBullShitCyberSans
A font ligature that replaces common infosec buzzwords with the word 'bullshit'.
manitree / AndroidAXMLParser
Static analysis tool and library to parse Android APK files, analyze their manifests, and highlight areas of concern at scale.
SSH Un-Tunnel
SshUnTunnel was a PoC exploiting a file permission vulnerability in the Android app, SSHTunnel.
Security B-Sides Rochester
A local hacking conference representing the local hacking and infosec community, volunteer supported and low cost of entry.