Software Bookmark Icon



A tool for parsing MS-CHAPv2 handshakes, which can then be submitted to CloudCracker for cracking.


A drop-in replacement for the standard Android text messaging application, allowing you to send and receive text messages as normal. All text messages sent or received with TextSecure are stored in an encrypted database on your phone, and text messages are encrypted during transmission when communicating with someone else also using TextSecure.


An Android application that enables encrypted voice communication between RedPhone users. RedPhone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to setup an encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and using push notifications to maximally preserve your device's battery life while still remaining responsive.


An agile, distributed, and secure strategy for replacing Certificate Authorities.


sslstrip is a tool that demonstrates the HTTPS stripping attacks which I presented at Black Hat DC 2009.


A tool that will do a man-in-the-middle attack on SSL connections.


knockknock is a simple, secure, and stealthy port knocking implementation that does not use libpcap or bind to a socket interface.


tortunnel is a partial Onion Proxy implementation designed for building single-hop circuits through Tor exit nodes.


GoogleSharing is a special kind of anonymizing proxy service, designed for a very specific threat. It ultimately aims to provide a level of anonymity that will prevent Google from tracking your searches, movements, and what websites you visit.


An Android application and corresponding PAM module that provide SecureID style two-factor authentication without the use of specialized hardware or the hassle of setting up special authentication services.


A tool for converting NellyMoser encoded FLV files to WAV.


A small Linux app that, when run, makes your machine appear to be anywhere you specify on the internet.


A lightweight JVMPI library that will profile thread contention points in Java code. I think I wrote this because most of the existing "enterprise" profilers did not allow you to profile for thread contention points, and those that did were too heavy-weight to accurately execute high performance server apps. I'm not sure whether this is still relevant or not.


A small X11 application that renders the Mandelbrot Set and lets you zoom around in it. I originally wrote this when I was 17, after seeing Arthur C. Clark on PBS.