Steffen Wendzel's Network Covert Channel Tools

This repository contains some of my covert channel projects and also refers to some other repositories where I host my additional covert channel projects.

If you need an introduction, check out my free open online class on network covert channels.

In this repository:

• pct: Protocol Channel Tool (pct a PoC implementation to show that so-called protocol channels are feasible).
• phcct: Protocol Hopping Covert Channel Tool (phcct was the first (2007) implementation of a protocol hopping covert channel).
• vstt: Very Strange Tunneling Tool (this was my first network CC tool. I wrote vstt as a 2nd semester student. It can tunnel through ICMP, TCP, ...).
• pcaw: Protocol Channel-aware Active Warden (pcaw is a countermeasure to reduce the channel successful transfer bitrate/capacity of protocol channels (and protocol hopping covert channels), I wrote this in 2012 as contribution to my PhD thesis).

My other covert channel projects on GitHub

• NeFiAS: Network Forensic & Anomaly Detection System (tool for covert channel/network steganography detection).
• CCEAP: Covert Channel Educational Analysis Protocol (a tool for teaching network covert channel patterns).
• NELphase: Network Environment Learning Phase (a tool that implements a covert channel capable of performing an network environment learning (NEL) phase and that can be used to test active and passive wardens).

Tools of my students

• WiFi Reconnection-based Covert Channel: My PhD student Sebastian Zillien developed this PoC code to demonstrate a WiFi reconnection-based covert channel that exploits pattern PT15 (Artificial Reconnections) by forcing WiFi clients to reconnect. The channel can provide anonymity for covert sender and covert receiver.
• CoAP Reset-/Reconnection-based Covert Channels: Another tool by my PhD students.

Other Stego Tools

• Luca's list of stego tools on Github: https://github.com/lucacav/steg-tools