viernes, 9 de agosto de 2013

OSfooler at Blackhat Arsenal USA 2013


Black Hat Arsenal gives a unique opportunity to have a close look at tools, so I presented a new tool, called OSfoolerUsing commercial tools to secure your network is recommended, but it is necessary to be one step further to keep the system secure. With this tool you can give that step in order defend your servers against the first phase of all attacks Fingerprinting.

This is done by intercepting all traffic that your box is sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system.

This tool is a practical approach for detecting and defeating:
  • Active remote OS fingerprinting: like Nmap or Xprobe
  • Passive remote OS fingeprinting: like p0f or pfsense
  • Commercial engines like Sourcefire's FireSiGHT OS fingerprinting

Some features are:
  • No need for kernel modification or patches
  • Highly portable
  • Will emulate any OS
  • Capable of handling nmap and p0f fingerprint database (beta phase)
  • Transparent for the user
  • Undetectable for the attacker
  • Available for your Linux laptop, server and mobile device

Sorry guys, remote OS fingerprinting is over...

Tool will be available at Google Code. Stay tuned! :)