I've developed and published a few different bits of code that I feel are useful. Some are a bit dated now. The following are links to the tools you're most likely to be interested in. They take you into the static archive of the old site, at least for now.

  • nbnspoof - A standalone NetBIOS Name Service spoofer, that, in some circles, is a sleeper-hit absolute must-run on penetration tests. If you've ever seen the kinds of spurious NBNS requests Windows can make, especially on captive-portal networks, you'll understand why this is a lot of fun.
  • msramdmp - A proof-of-concept tool for cold-boot memory dumping. It was a fun day when we realized that all the folk wisdom and books on computers neglected to mention that the volatility of unpowered RAM is not a on/off proposition. This one's only really useful on systems with 4GB or less of physical RAM, and was born of a time when we knew we could pull the data, but the folk who told us so didn't trust us with a tool to do it.

As for my Blackhat USA 2011/Defcon 19 talk on post-exploitation forensics, the modules for it are available in Metasploit, so there's no need to get a copy here.

The old tools page is here, if you'd rather work from there.