Rob Wright
Rob Wright (aka eth0.rwx) got his start in security in 1997, back when exploits were traded on mailing lists and vulnerability databases were just being invented. He founded Security-Source, one of the first online vulnerability databases, and spent years in offensive security before stepping away in 2002. Returning in 2022, he now works in vulnerability management focused on automation, remediation, and closing real risk in production environments.
He brings an attacker’s perspective to defensive security, with a focus on how things actually break and how to fix them at scale.
Session
Victims see the real site; you see everything. C.A.R.P. gives each visitor an isolated Firefox container that loads the actual target URL (Gmail, banks, SSO), no fake login page, just the real site in a browser you control. Passwords, 2FA codes, and session cookies are all captured allowing sessions to be hijacked in real time. Combine C.A.R.P. with ARP and DNS spoofing on the local network, and victims who type real URLs or use bookmarks can be silently redirected into your controlled browser.