Research
This page lists a set of experiments carried out under this project.
32764/TCP Backdoor Analysis
Recently, it was discovered a backdoor that affects several routers. This backdoor, grants remote root shell access without authentication, an exploiting it is as easy as establishing a TCP connection against this port. A 20 lines plugin was written to identify the affected routers to get statistics about the amount of affected devices. The rest of the experiment can be read at http://guifreruiz.blogspot.com/2014/01/32764-TCP-Backdoor-Scanning-NINJA-PingU.html.
Embedded Devices Identification
Recently, Bruce Schneier and other experts have written about the security risks of embedded systems. To perform a simple experiment, I wrote a plugin for NINJA PingU to identify those. Millions of internet devices were scanned and several critical devices such as digital control services found with default passwords. The rest of the experiment can be read at http://guifreruiz.blogspot.com/2014/01/owasp-ninja-pingu-network-scanner.html.