> we didnt know much about firebase at the time so we simply tried to find a tool to see if it was vulnerable to something obvious and we found firepwn, which seemed nice for a GUI tool, so we simply entered the details of chattr's firebase
Genuinely curious (I’ve no infosec experience), wouldn’t there be a risk that a tool like this could phone home and log everything you find while doing research?
Yes, but that might also be caught by infosec users of said tool who have things similar to “littlesnitch” alerting them to the outbound API call attempt.
there used to be windows GUIs for forcing new connections to ask, but i haven't seen anything like it. I can't recall the name of the one i used to use, but it scored perfectly on shieldsUp - oh, Zone Alarm.
Littlesnitch iirc is macos only, but it sounds lovely for this sort of thing.
You can set this with Windows' default firewall. Setting to strict mode with
no whitelist causes a UAC alert every time a process attempts communication.
No, a honeypot is intentionally insecure infrastructure setup to see who and how it gets attacked. A backdoored pentesting tool is a backdoored pentesting tool.
> we didnt know much about firebase at the time so we simply tried to find a tool to see if it was vulnerable to something obvious and we found firepwn, which seemed nice for a GUI tool, so we simply entered the details of chattr's firebase
Genuinely curious (I’ve no infosec experience), wouldn’t there be a risk that a tool like this could phone home and log everything you find while doing research?