Influencing Linux IP Source Address Selection

When creating a socket unless manually specified, the OS will automatically determine the source address to use. However the OS’s default choice may not always be desired. Source Address Selection allows for influencing the sources address chosen by the OS. What is Source Address Selection? When a host with multiple routable IP addresses sends a packet to another host, it needs to determine which of its local addresses to use as the source “from” address. ...

December 11, 2024 · 6 min

Creating a Mikrotik BGP.Tools Session

When running a network with its own ASN, you will likely end up spending some time working with BGP. Knowing how your peer networks connect can help with your own network planning. BGP.Tools is a service that maps out different networks and the routes between them by having networks opt to provide bgp.tools with a BGP session sharing their exportable routes. This guide will walk you through setting up a BGP.Tools session with a Mikrotik router running RouterOS 7. ...

February 11, 2024 · 2 min

Sena WiFi Adapter Security Assessment & Vulnerabilities

This post outlines a security assessment of the new Sena Wifi Adapter I performed last summer for fun. With the world on lock-down due to COVID-19, I spent a lot of time last summer escaping the city going on motorcycle rides through the mountains and forests surrounding the bay area. It’s the perfect social distance activity because if you get within 6ft of someone you are likely to crash. One of my favorite motorcycle accessories is my Sena headset. It allows me to listen to navigation or music from my phone over Bluetooth while riding, and talk to other riders in my group. ...

March 9, 2021 · 18 min

BygoneSSL - dealing with residual certificates for pre-owned domains

This is the blog version of my DEFCON 26 talk Lost and Found Certificates: dealing with residual certificates for pre-owned domains, which I co-presented with Dylan Ayrey. You can learn more about BygoneSSL and see a demo at insecure.design. The Problem A Certificate can outlive the ownership of a domain. If the domain is then re-registered by someone else, this leaves with the first owner with a valid SSL certificate for the domain now owned by someone else. ...

August 13, 2018 · 8 min

CertGraph

Certgraph is a tool I’ve been developing to scan and graph the network of SSL certificate alternative names. It can be used to find other domains that belong to an organization that may be several orders removed and not always obvious. Background The idea for this project came about after examining the SSL certificate for XKCD.com. If you look closely at the screenshot below you will see that the SSL certificate used on XKCD.com is also valid for many of domains which have no relationship to XKCD or Randall Munroe. ...

April 6, 2018 · 7 min

Ambergris

For those of you not in the know, ambergris is defined as: a wax-like substance that originates as a secretion in the intestines of the sperm whale, found floating in tropical seas and used in perfume manufacture. However, that will not be what this post is about (sorry to disappoint). Instead, I’ll present what happens when building an image on Docker that contains a reverse shell in the Dockerfile. ...

January 19, 2017 · 7 min

Sonic IPv6 Tunnel with DD-WRT

Sonic (my home ISP) offers an IPv6 tunnel for their customers who have a service plan that does not offer native IPv6 yet. Sonic’s IPv6 tunnel operates much the same way Hurricane Electric’s Tunnel Broker does, however since the endpoint is located inside the ISP you should get better performance. Sonic even offers example configurations for configuring the IPv6 tunnel endpoint on various operating systems, but none for DD-WRT, a common aftermarket router firmware. Another Sonic user did document how to configure Sonic’s IPv6 tunnel with older versions of DD-WRT on the Sonic forums HERE, however the link appears to be dead. Additionally newer versions of DD-WRT have a new IPv6 tab which should allow for a painless configuration using nothing more than the web interface. ...

August 17, 2015 · 5 min

WIFI Recovery for Android

Have you ever wanted to give a friend access to a wireless network you are on but don’t want to go find the key? WIFI Key Recovery will find the key on your device and allow you to share it via a message or QR Code. Additionally WIFI Key Recovery will allow you to backup/restore your current WIFI configuration to your SD card! If this app does not work on your rooted phone email me I will try to add support. ...

March 1, 2012 · 1 min

Building a PXE Server

PXE is a method for booting an operating system over a network, it stands for Pre-Executable environment. Here I will show you how to build a PXE server to boot and or install operating systems over your network. Installing the server OS I made this server inside VMWare, however the steps are the same if you are using a different virtual machine server or a physical machine. I used Debian 5.0 and used the net-install iso. Since we will only be needing a bare Debian install and just a few extra packages there is no need to download/install the entire OS. ...

April 19, 2010 · 4 min

Switch Network Interface in Linux

This guide will tell you how to rename or switch network controller names in Linux. Often when installing Linux the installer will automatically pick the names of the network controllers. And for some reason the order it names them is almost always not the order I want them in. I usually like the primary/on-board card eth0, and all additional cards eth1-n, however the installer often has its own ideas. So this is how to correct it! ...

April 8, 2010 · 2 min