A Go library and SOCKS5 proxy server that enables egress traffic from multiple IP addresses within a subnet. Stargate randomly distributes network connections across different IP addresses to avoid rate-limiting and provide load balancing across available IP ranges. The tool works best with subnets directly routed to the host and is particularly powerful for IPv6 subnet utilization. It supports both TCP CONNECT and UDP ASSOCIATE protocols and provides both a standalone proxy tool and a Go library for programmatic random IP networking. Requires specific network routing configuration and primarily supports Linux and FreeBSD platforms due to freebind networking capabilities.

Binary Analog Watch Face is an Android Wear watch face that combines analog time display with binary representation. The watch face uses binary digits to form the hour and minute hands, creating a unique visualization where time is displayed both analogically and in binary format. The watch face features Material Design aesthetics with customizable color themes and optional center complications. The implementation renders traditional analog clock hands using sequences of binary digits, inspired by Anthony Liekens’s Analog Binary Wall Clock concept.

This is the blog version of my DEFCON 26 talk Lost and Found Certificates: dealing with residual certificates for pre-owned domains, which I co-presented with Dylan Ayrey. You can learn more about BygoneSSL and see a demo at insecure.design. The Problem A Certificate can outlive the ownership of a domain. If the domain is then re-registered by someone else, this leaves with the first owner with a valid SSL certificate for the domain now owned by someone else. ...

CZDS is a Go library and CLI tool for interacting with ICANN’s Centralized Zone Data Service API. It handles authentication, zone file downloads, request submissions, and status monitoring for accessing top-level domain zone data. The implementation supports parallel downloads, request management, and provides both library interfaces for Go applications and standalone command-line functionality. The tool automates the process of requesting and retrieving DNS zone files from ICANN’s centralized service.

Certgraph is a tool I’ve been developing to scan and graph the network of SSL certificate alternative names. It can be used to find other domains that belong to an organization that may be several orders removed and not always obvious. Background The idea for this project came about after examining the SSL certificate for XKCD.com. If you look closely at the screenshot below you will see that the SSL certificate used on XKCD.com is also valid for many of domains which have no relationship to XKCD or Randall Munroe. ...

On most unrooted, stock, Android phones, enabling tethering will run a “Provisioning Check” with your wireless provider to ensure that your data plan allows tethering. This post documents Tethr, a way to bypass the provisioning check on Android devices prior to version 7.1.2. After discovering this method I reported it to the Android bug bounty fixing the issue and receiving CVE-2017-0554. Background The ability to tether is controlled by your device’s build.prop file, usually located at /system/build.prop. The default is to require the provisioning check before enabling tethering, but it can by bypassed by adding the following line: ...

Tethr is an Android application that demonstrates CVE-2017-0554, a vulnerability that allows bypassing carrier tethering provisioning checks on unrooted devices. The proof-of-concept app exploits system property manipulation to enable mobile hotspot functionality without carrier approval. The vulnerability affects Android versions prior to 7.1.2 by allowing modification of tethering-related system properties through reflection and system service manipulation. This research was conducted to highlight security weaknesses in Android’s tethering permission model.

For those of you not in the know, ambergris is defined as: a wax-like substance that originates as a secretion in the intestines of the sperm whale, found floating in tropical seas and used in perfume manufacture. However, that will not be what this post is about (sorry to disappoint). Instead, I’ll present what happens when building an image on Docker that contains a reverse shell in the Dockerfile. ...

A while ago I came into possession of a few HID iClass readers. After collecting dust in my project drawer for a few months I decided to find a fun use for them, which ended up in the project I call Badgy. Background The back of the HID readers have 10 colored wires coming out of them. Luckily the readers also had a nice sticker telling me which wire was what. ...

CertGraph crawls SSL certificates to map domain relationships through certificate alternate names. The tool builds a directed graph where domains are nodes and certificate alternative names create edges between related domains. The program performs hostname enumeration by following certificate relationships, revealing domain connections that may not be apparent through traditional DNS enumeration. It outputs data in various formats including graphical representations for network topology analysis.