hbad - Heartbleed client side test tool

Hbad functionality

The functionality of hbad can be demonstrated with the below illustration:

If a request is sent to the hbad server by any client (e.g. IRC, Fetchmail, browser), the server initiates the SSL handshake and checks the SSL header for the Heartbeat addon. If it is available, it indicates the client uses OpenSSL. Thereupon the hbad server sends a Heartbeat request back to the client. If the client runs a vulnerable OpenSSL version, it sends back the Heartbeat response, which contains the sensitive data.

nsdtool hbad-release.tar.gz


Nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline. It is not being bound to the delivered tools by Netgear.

nsdtool nsdtool

CRT-Removelocks.apk / CRT-Removelocks Source code

We have developed an app to illustrate a security gap in Android 4.x (4.0, 4.1, 4.2, 4.3). This vulnerability enables any rogue app at any time to remove all existing device locks activated by a user. You can choose between two options: remove all locks right away or remove them at a defined time.


CRT-Removelocks Source code


Tel.: +49(0)30/52004-5222
Besuchen Sie unser Xing-Profil
Folgen Sie uns auf Twitter
Email: Diese E-Mail-Adresse ist vor Spambots gesch├╝tzt! Zur Anzeige muss JavaScript eingeschaltet sein!