Tools

Drouter provides dynamic route injection for Docker containers through label-based configuration. The systemd service monitors Docker containers and automatically configures static routes in their network namespaces without requiring elevated privileges within the containers themselves. The system uses Docker labels to specify routing rules and applies them automatically when containers start or stop. This enables complex networking setups where containers need custom routing tables while maintaining security by avoiding privileged container execution for network configuration tasks.

When working with Docker containers on complex networks, you often need to add static routes so containers can reach networks that aren’t directly connected to their default gateway. This becomes especially important when using macvlan network drivers where containers get their own IP addresses on your physical network. I’ve just released drouter, a lightweight systemd service that solves this problem by automatically injecting routes into Docker containers based on simple labels. The Problem Consider this scenario: you’re using a macvlan network driver so your containers get real IP addresses on your network (say 192.168.1.0/24). Your router is at 192.168.1.1, but you have additional internal subnets like 10.0.0.0/8 that are reachable through a different gateway at 192.168.1.254. ...

This is the blog version of my DEFCON 26 talk Lost and Found Certificates: dealing with residual certificates for pre-owned domains, which I co-presented with Dylan Ayrey. You can learn more about BygoneSSL and see a demo at insecure.design. The Problem A Certificate can outlive the ownership of a domain. If the domain is then re-registered by someone else, this leaves with the first owner with a valid SSL certificate for the domain now owned by someone else. ...

Certgraph is a tool I’ve been developing to scan and graph the network of SSL certificate alternative names. It can be used to find other domains that belong to an organization that may be several orders removed and not always obvious. Background The idea for this project came about after examining the SSL certificate for XKCD.com. If you look closely at the screenshot below you will see that the SSL certificate used on XKCD.com is also valid for many of domains which have no relationship to XKCD or Randall Munroe. ...

For those of you not in the know, ambergris is defined as: a wax-like substance that originates as a secretion in the intestines of the sperm whale, found floating in tropical seas and used in perfume manufacture. However, that will not be what this post is about (sorry to disappoint). Instead, I’ll present what happens when building an image on Docker that contains a reverse shell in the Dockerfile. ...

A while ago I came into possession of a few HID iClass readers. After collecting dust in my project drawer for a few months I decided to find a fun use for them, which ended up in the project I call Badgy. Background The back of the HID readers have 10 colored wires coming out of them. Luckily the readers also had a nice sticker telling me which wire was what. ...

At an internship I had a while ago one project assigned to me was to regain access to a CCTV security system which we had been locked out of for some years. (The previous manager left without leaving the password.) The DVR system was a TRIPLEX DVRLink DVR468RW, whatever that is. It seemed cheap; a small embedded computer with video in/out, a hard-drive and CD-RW drive for recording storage. The administration interface was accessed either by a web server running on the device or a desktop client you installed on your computer. ...

A while ago I decided that I needed some more JavaScript/AJAX experience, and what better way to get it than to use it to solve an existing problem. Every now and then my apartment hosts karaoke nights, we have a lot of songs, enough to fill a 4-inch binder. Searching for songs was a pain. In order to find the song’s ID code to give to the DJ you must search through pages of songs and artists that were in no particular order. I decided to fix this problem with my skill set, so I created DJQueue. DJQueue is a collection of hacked together PHP, JavaScript, and SQL magic. ...

A while ago I wondered how well modern cellphones could handle a flood of text messages. So I created a simple python program to test just that. The program works by sending emails to a SMS Gateway which will forward the message to the phone in the form of a text message. I tested my program on two devices, my modern HTC Incredible running Android and my aging LG Chocolate dumb-phone. The results where surprising! After starting the program my HTC Incredible froze after receiving the first 20 messages. A battery pull was required to get it to respond. The second it finished booting it froze again! I was only able to make it respond by stopping my program and rebooting the phone. After it boot it froze again while catching up on all the messages that where sent. ...

Have you ever wanted to give a friend access to a wireless network you are on but don’t want to go find the key? WIFI Key Recovery will find the key on your device and allow you to share it via a message or QR Code. Additionally WIFI Key Recovery will allow you to backup/restore your current WIFI configuration to your SD card! If this app does not work on your rooted phone email me I will try to add support. ...

DNS.coffee is a web platform that collects and archives DNS zone file statistics to provide insights into DNS growth and changes over time. The service tracks domain distribution across zones, TLD root zone growth patterns, and overall internet domain expansion through comprehensive data visualization. The platform includes tools for domain record searches, nameserver lookups, IP information queries, and advanced search capabilities. DNS.coffee also provides an API for programmatic access to DNS data, making it a valuable resource for researchers and network administrators analyzing DNS infrastructure trends and domain name system evolution.

This is about a piece of software I wrote over a year ago to fit a need I had at the time. It probably will not receive any updates but I have released the source to anyone is free to do as they please with it. Background PHPRepo is a PHP CMS for managing Debian package repositories. A while ago I wanted to start my own repository for some of my own packages, so I looked for an easy way to do this. I found none. At the time the only way to run and manage a Debian package repository was through apt at the command line, and since at the time I was learning PHP I decided to write my own software to fill this void. Thus I created PHPRepo. PHPRepo has very minimal requirements and can work alongside an existing repository that is managed with apt. ...

The PC I wanted a HTPC that I could use to play anything, and that could do anything. And since it was going to be hooked up to a big TV, it might as well be powerful enough to play some modern games on the big screen. I chose to use a relatively new computer (Core 2 Duo 2Ghz, Nvidia GeForce GT 220) and run Windows 7. My previous HTPC ran Linux, but with a powerful enough computer, the ability to play games on the HTPC made me move to Windows. ...

Conky is a system monitor for Linux. It can tell you almost anything about your computer, such as CPU usage, memory usage, network information, and almost anything else. Here is what my Conky configuration looks like on my desktop. To install Conky on a RPM based distribution run yum install conky Or on a Debian based distribution run sudo apt-get install conky To get yours to look like that you need to put a file named .conkyrc in your home folder. Your home folder is usually /home/$USER. ...