Displaying 1 to 6 from 6 results

wolfssl - (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud

  •    C

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.

dns-rebind-toolkit - A front-end JavaScript toolkit for creating DNS rebinding attacks.

  •    Javascript

DISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity. The author is not responsible for its use. Don't be a dick. DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN). It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, "smart" thermostats, and other IoT devices. With this toolkit, a remote attacker can bypass a router's firewall and directly interact with devices on the victim's home network, exfiltrating private information and in some cases, even controlling the vulnerable devices themselves.

HolisticInfoSec-For-WebDevelopers-Fascicle2 - :books: IoT :lock: Mobile :books:


The contents of Fascicle 2 that's a work in progress is listed below, and can be found at the books landing page. If there is something you would like to see included in this fascicle, please submit an issue for consideration.

wolfssh - wolfSSH is a small, fast, portable SSH server.

  •    C

wolfSSH is dependent on wolfCrypt. The simplest configuration of wolfSSL required for wolfSSH is the default build. To use the key generation function in wolfSSH, wolfSSL will need to be configured with keygen: --enable-keygen.

dref - DNS Rebinding Exploitation Framework

  •    Javascript

Head over to the Wiki to get started or check out dref attacking headless browsers for a practical use case.