One Day Pentest

Back in 2019 I gave a presentation at hardwear.io titled “Day One with a TTIG-868” . My talk was aimed at two aspects: An insight into device, I was curious as I had seen multiple commercial LoRaWAN gateways before and sharing the concept of single day security tests. Right now, I’m back at the point to want to stress the method as a potential quality assurance approach.

[Read More]

Challenges in Highly Regulated and Especially Certified Environments

Most things that can easily kill you and others, require certification to ensure that applicable measures to reduce risks have been applied and that they’re functional. While all this is pretty trivial in the analog world, open a door -> release a switch -> open switch triggers a relay -> machine stops, the digital world is a little more complex. Especially when a program running on an operating system periodically scans an I/O port to check whether it has changed its state. Even when using interrupts things don’t get much easier. Here a few things to consider when looking into similar topics.

[Read More]

EWE

A while back I started looking for a solution with which I could prove to be able to work safely from home while breaking devices. Sadly, I wasn’t able to find anything small and cheap enough to actually fit my desk. The best options I found where actual workbenches and tables in various sizes. Thus I decided to design my own Electronics Working Environment.

[Read More]

Vaccincation Card

Back when COVID had started and the first vaccinations had been applied, there was the fun challenge of proving one’s vaccination status. It ended up working based on a digital signature provided as QR Code on a piece of paper. Needing it every day, paper didn’t quite have the necessary durability, the digital versions only helped people with smart phones, so I created a plastic card alternative.

[Read More]

Failing at a OPNsense OpenVPN Site to Site Setup

Possibly highly intuitive to others, but a real b**** when not being fit. Here an insight into how to configure a Site to Site VPN with OpenVPN and two OPNsense routers and multiple subnets on both sides.

[Read More]

Petrol Prices API

In Germany petrol stations have to regularly share the price of their products with a government agency. In addition public APIs were created, which give close to realtime access to the prices. Here a little example on how to fetch and use the data.

[Read More]

Eine sichere Arztpraxis - Teil 2/2: Die Praxis

A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows the actual setup. But, er ist auf deutsch (it’s in German).

[Read More]

My nanoBTS is rattling

I recently received a nanoBTS 165G, which strangely enough made a rattling sound. While it’s a bad sign, as there might be a chance to short out and break the BTS, it’s a super easy fix. Here the insights!

[Read More]

PoE Temperature Sensor

One of my big Todo List projects is temperature monitoring for the house. Being a big fan of wired approaches, many available solutions don’t match my requirements or are far to expensive. Luckily Olimex published the perfect plattform a while back. I finally managed to get one. Here are some insights.

[Read More]

A few thoughts on distinguishing between IT and OT Security

A lot of time is invested into defining and describing OT Security or Operational Technology Security, especially in contrast to IT Security. It’s very often hard to draw a proper line between both and complicated to keep it strict. Here is a little insight into why the line helps, where it makes things worse and a few recommendations on dealing with the resulting challenges.

[Read More]