// about me // my services     

// deutsche version

// news

15 October 2015 // news
Presentaions, keynotes & trainings in Singapore, Spain, Netherlands, Austria, ... and I'm booked out until beginning of next year :)

contact //
// downloads

// here you find all of my tools and information for download

// references

impressum //

// partner

// media links // downloads

// downloads

// my vita and PGP

cv-marc_heuse-de.pdf - my current cv in english
cv-marc_heuse-de.pdf - my current cv in german
mh_at_mh-sec_de.asc - my public pgp key

// security announcements

(normally I do not publish security announcements and leave this up to the vendors. but if a vendor doesnt want to fix an security problem or purposely put a backdoor in his product, I do this)
mh-RA_flooding_CVE-2010-multiple - local LAN denial-of-service affecting all windows, cisco ios/asa, netscreen and freebsd systems by flooding the network with ICMPv6 router advertisements
BSC-Qnap_Crypto_Backdoor-CVE-2009-3200 - the network storage (NAS) products from QNAP contain a crypto backdoor which allows access to the encrypted partitions
mh-ipv6_vulnerabilities.pdf - a larger extract of my 2 hours presentation on IPv6 insecurities

// tools directly from me

audit scripts - audit scripts collect all necessary configuration data for offline analysis. they are used by some of the big five auditing companies (windows, linux, solaris, hp-ux, aix)
easyfuzzer-3.6.tar.gz - a flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant)
shooter.c - an efficient dumb file fuzzer with many options (C, platform independant)
wakeup.pl - starts systems that are shutdown if the wake-up-on-lan feature is active. also systems which are turned off can be attacked, this is from 1998 ;-) (plattform independant, no further development)
sapcrack - cracks SAP passwords in the usr02 table, integrated in the password cracking tool from red database security gmbh
oracle sql code checker - analysis of oracle sql code on sql injection, cross-site-scripting etc. - this is the only commercial tool of mine and is sold via red database security gmbh (windows)

beside these tools, there are several other powerful program for network & webapp pentests and reverse engineering which I do not publish however - yet

// tools by me at THC

hydra-8.3.tar.gz - innovative, the first, best and most-used network password tester, for over 40 services, on rank 15 of the 100 best security tools, is mentioned and recommended in many security books (all operating systems)
thc-ipv6-3.2.tar.gz - innovative, the first and still only toolkit for security testing ipv6 networks (linux)
amap-5.4.tar.gz - innovative, the first exsting tool for service fingerprinting, although obsolete it is still rank 19 of the 100 best security tools (all operating systems, obsolete) - better is currently nmap
THC-Scan-2.01.zip - for many years the best wardialer in the world - maybe still today (all operating systems with dos/windows emulation, no further development)
secure_delete-3.1.tar.gz - one of the first tools for secure data deletion on hard disks and ram, with todays hard disk technology however putting too much effort in there (all operating systems, no further development)
rwwwshell-2.0.pl.gz - proof-of-concept too show how to reverse tunnel a connection from the internet through firewalls and proxies to an internal machine - from 1999 (platform independant, no further development)
keyfinder.c - identifies encrypted areas in a file (eg. AES keys) by calculating the entropy of area (all operating systems)
manipulate_data-1.3.tar.gz - read and write data directly to the harddisk level, which circumvents rootkits (linux, no further development)
flood-connect-1.5.tar.gz - tests the protection of services against massive connections (linux, BSD, cygwin, no further development)
parasite-1.2.tar.gz - this was once one of the first arp spoofer, which allows sniffing and man-in-the-middle on local networks (linux, obsolete)
grenzgaenger-alpha.tar.gz - proof-of-concept tool to tunnel TCP/UDP connections transparently via multiple jump points (linux, no further development)

// tools from my work at SuSE Linux / Novell

SuSEfirewall2 - the firewall script which comes with all OpenSuSE/SLES Linux installations
compartment-1.3.tar.gz - runs programs in a secure environment/compartment (chroot, capabilities, fd-security, etc.) (no further development)
seccheck-2.1.tar.gz - security check scripts which evaluate daily, weekly and monthly various security parameters (no further development)
SuSEauditdisk-0.6-pre.tar.gz - creates a boot disk(!) which contains integrity information. When booting, it checks the system for manipulations (obviously depricated)
harden_suse.pl - script to harden old SuSE Linux servers (obsolete) (recommended in the BSI study on Apache Security)