• Petrol Prices API

    In Germany petrol stations have to regularly share the price of their products with a government agency. In addition public APIs were created, which give close to realtime access to the prices. Here a little example on how to fetch and use the data.

  • Eine sichere Arztpraxis - Teil 2/2: Die Praxis

    A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows the actual setup. But, er ist auf deutsch (it’s in German).

  • USB Malware

    A short while ago I needed some real life malware samples to do a PoC related to the infection mass storage devices like memory cards and USB drives. Sadly, while there was a lot of information on the malware, and a few available samples, I wasn’t able to find images of infected drives. Thus…

  • My nanoBTS is rattling

    I recently received a nanoBTS 165G, which strangely enough made a rattling sound. While it’s a bad sign, as there might be a chance to short out and break the BTS, it’s a super easy fix. Here the insights!

  • PoE Temperature Sensor

    One of my big Todo List projects is temperature monitoring for the house. Being a big fan of wired approaches, many available solutions don’t match my requirements or are far to expensive. Luckily Olimex published the perfect plattform a while back. I finally managed to get one. Here are some insights.

  • A few thoughts on distinguishing between IT and OT Security

    A lot of time is invested into defining and describing OT Security or Operational Technology Security, especially in contrast to IT Security. It’s very often hard to draw a proper line between both and complicated to keep it strict. Here is a little insight into why the line helps, where it makes things worse and a few recommendations on dealing with the resulting challenges.

  • Eine sichere Arztpraxis - Teil 1/2: Architektur

    A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows a secure reference architecture with explanations. But, er ist auf deutsch (it’s in German).

  • Basics

    Working on trainings to teach basics can be very frustrating due to the word basic. The big question is: What is basic and what are basics?

  • Data Modems and SIM Card Communication

    Yet another PoC from my to do list: Which data passes through the SIM card on a data modem? The specific question was, whether the APN credentials where passed to the SIM and could be intercepted with a SIMTrace. This post gives a quick overview on how to use a SIMTrace2 to create a PCAP trace.

  • Successfully failing at creating a USB stick with integrated AV

    After a long time discussing the concept of USB sticks with internal AV engines, I’ve decided to create a quick and dirty PoC. Thus, this post shows how to utilize a USB Armory MK II and ClamAV as a self-scanning USB stick. The Summary: It failed successfully!

  • Why and how Flipper Zero, not What

    I always enjoy talking to people with various practical experience in the Security field and how questions and discussions slightly shift. I.e. questions during the recent H2HC shifted from “What does the Flipper do?” over “What do you personally use it for”, to “What do you use it for professionally?”. The last questions seemed to be result of most conversations, thus a short opinion on the Flipper Zero.

  • Gameboy? Gameboy!

    I recently got to make a new, fun badge for H2HC, which turned out to be a custom GameBoy game. This post gives a quick and easy insight into the how! If you just want to play, go here.

  • The Correct Format for Documenting Risks?

    Working with risks is a task various departments and roles have to perform throughout a large company or cooperations. Every single one of these as a different, valid, and important perspective on the same thing and thus has different requirements and wishes. This can easily result in overly complex situations and a lot of conflicts. Here a little insight into potential issues and risks when working with risks.

  • Kuchen und Security

    Sorry, only in German this time. Der verzweifelte Versuch Leuten zu erklären wieso “Wir kaufen da eine Security Schulung und dann ist fertig” eigentlich nicht so wirklich der Fall ist. Zusätzlich der Unterschied zwischen “Wir machen da mal eine Schulung” und “danach ist die Person Experte”.

  • Cooking with CyberChef

    CyberChef is a quick and easy tool for playing with encodings, data and information. Using it regularly in presentations, trainings and examples I was recently asked for a super quick “HowTo”, so here it is.

  • The H2HC 2022 CTF

    I recently ran a hardware based CTF at H2HC in Brazil. As the CTF was to run for two days, it was setup in two phases, where each of them had tasks that could be solved independently and others that need hints from other challenges. Sadly, the challenges were seemingly far to hard for most of the attendees and the winning team only managed to extract 5 flags. Here is the complete writeup and guide for the CTF.

  • Ubiquiti USW Flex Mini and VLANs

    Running some Ubiquiti UniFi equipment, I’ve also got a USW-Flex-Mini 5 port switch in my setup. Turns out it’s easy to mess up one’s config for them, when taking shortcuts. Here a little insight into the issue, supported features and the solution for the Flex Mini.

  • Security and Certification

    I recently wanted to understand why a product, which was certified following multiple different standards was so easy to pwn. Thus, I got to read a few standards..yay… Here a few random thoughts.

  • Hirschmann Eagle One / mGuard TX/TX

    Needing a victim for an OT related talk, I decided to hit eBay and quickly found a cheap offer for a few Hirschmann industrial router/firewall/VPN node “EAGLE One”. For about 25Euro each, they were perfectly in budget and although it was the old and seemingly EOL version, I ordered two and had a look.

  • Hantek 2D72

    So I recently got a Hantek 2D72 handheld scope, signal generator and multimeter. Here’s a short review

  • H2HC19 - Packetwars - P0wn Th3 H0m3

    Since our first Packetwars at H2HC in 2015, it has somehow become a fun tradition. Although not having been involved in 2018, I was back this year and brought a few fun but seemingly too uggly challenges. Here is a short write up on the concepts, ideas and challenges.

  • DC27: Hacker Jeopardy - Nixie Clock

    A few months ago a friend asked me whether I’d be prepared to assist the Hacker Jeopardy staff to create a fun little prize for the 25th jubilee edition. After talking cool ideas, steampunk, nixie tubes and badges, we changed over to a small diorama of the HJ stage. All in all it resulted in the production of a limited edition of 15 Nixie tube clocks.

  • Adrenaline for Hackers

    It seems that Hackers have a significant interest in Adrenaline and Epi-Pens: How they work, what they look like and how to use them. So, due to “having access”, I decided to write a short post with a “demo”. Obviously, above being interesting, it’s good to know how to use them.

  • The Spirit of Lobby Con

    I’m just on my way home from visiting Blue Frost Security’s second edition of OffensiveCon. So, obviously, I need to start with a big thanks to Miguel, Lukas and all of the staff for a great conference! Now, sitting on the train with a few symptoms sleep deprivation, I thought I’d drop a few lines a small event I “ran” on the side: Lobby Con!

  • #UnlockedLaptop

    Still traveling quite a bit, I’m always fascinated to see people in various places “just quickly getting up” and leaving their laptop unlocked. Although they usually only leave their device unattended for a few minutes, well, all of us know that’s more than enough… Thus I’ve decided to create a few little notes to leave behind…

  • Electronic Parkscheibe

    After having received my new Saleae Logic Analyzer, I decided to combine my testrun with something I’ve had on my todo list for a few years now: The electronic “Parkscheibe” / parking disc. Thus I ordered one and had a closer look!

  • Picture-Puzzle-Postcard-Magic

    About a year ago I was looking for a creative way for bridging about a month of waiting, well bridging the wait for somebody else to be precise. After a little bit of tinkering and playing around I thought it might be a nice idea to send a postcard per day. Obviously, I wanted the cards to be custom (own design), printable (duplex) and somehow connected (telling a story). After a few more days of playing with ideas I decided to add a puzzle aspect, thus each postcard containing a few parts of the puzzle. The way things are with me, the overall design slightly exploded by adding a few more fun features. I’m actually just writing about, as I did quite like the overall idea and thought somebody else might find joy in it or just use it as inspiration, especially as the project turned out to being a complete waste of time.

  • IVRE

    So I recently needed/wanted to have a closer look at a few thousand hosts. After identifying and listing all addresses I started doing my homework by running NMAP. I then ended up with far to many results to work with by hand. Having already read about Ivre I decided to give it a quick spin. I then made the mistake to post a Tweet about having used it and promising a quick write-up. Well, here it is!

  • Exposed Sonos Webinterface

    After recently having stated in a Tweet that Sonos speakers expose a web interface, I just wanted to add some information here. I first found this interface about 4..5 years ago, when a good friend bought himself a Sonos system and I decided to just run a quick scan. Back then there wasn’t a lot of information on this interface online, which has changed over the past few years. Today, if you search for “sonos web interface” or “sonos hidden interface” you’ll finde various information, just as published here.

  • Logistics of a Hardware Implant

    During the recent SaciCon I gave a short insight into to the magic Chinese hardware implant covered by Bloomberg from a hardware hacker’ s perspective. In summary I described it as a hardware hacker’s wet dream, simply due to size, effort and the feature set described by Bloomberg. Obviously I didn’t want to discuss any conspiracies, so I just stuck to the technical aspects. As an addition, I decided to cover the practical logistics of a hardware implant in a short post here. Thus, here an introduction into backdooring an Arduino Uno.

  • Challenges When Setting up a PoC||GTFO Mirror

    Being stuck at home for a few days, I decided to distract myself a bit and extend this page with a PoC||GTFO Mirror. For senseless reasons I wanted one of these viewers where you can actually flip pages while reading, just as they use for ads / catalogs from shops. I quickly found a piece of software that would do the job, but had to perform a few changes on the resulting content…

  • The Friendly Keyboard Mouse

    Although being an old approach, injecting HID keystrokes is still a very effective way of attacking a host system. When doing so, a microcontroller is used to emulate a USB keyboard which will then simply type commands. From the perspective of the host system, there is no chance of distinguishing between a real and an emulated keyboard. This post gives an overview on how to create an injector which is placed in a normal USB mouse and how to program it for a little bit of fun.

  • Desoldering and Cleaning PCBs Before Adding Headers

    Very often when working with embedded and IoT devices one will have the luck to find the footprint of a simple pin header. Soldering on pins and connecting jumper wires is quickly done. Sometimes though the vias / holes in the PCB will be plugged by solder and need to be cleaned before continuing. This post gives a short overview on how to clean up a header prior adding the pins. It will also cover the classical case of “the solder just won’t melt”. For the interesting part, scroll down to “Challenges”.

  • Two Old Cisco WiFi Routers With Broken Resets and Too Good Memory

    I recently wanted to do a few changes on my home network and needed some simple and cheap devices supporting VLAN and preferably having a bit of WiFi and some VPN. After a short look on eBay I decided to go for a Cisco Small Business WiFi Routers. Random clicking and bidding resulted in buying one RV110W, one RV120W and a RV215W. As they didn’t quite perform as I wanted, I needed a few alternate approaches….

  • The Black Cart Experience, Part II: Location, Location, Location

    As previously mentioned, the EasyShopper is able to navigate customers towards the product they’re looking for. To be able to do so there is a store wide positioning system in place. This post covers the basics of the used solution.

  • The Black Cart Experience, Part I

    Having been grounded for a while now and mainly going out to do some shopping, the electronic shopping carts in our local grocery store offered a very welcome change. Although, only having access to the carts while being out shopping and being permanently “supported” by the staff doesn’t make the “physical part of looking at things” any easier, they’re new, interesting and fun devices to have a look at…

  • Cellular Lab Setup

    Although written end of 2016, I’ve finally managed to actually place some notes on my cellular lab setup here. Hope they’re helpul. - Cellular Lab Setup

  • Dissecting Locking RJ-45 Jacks

    During a recent search for new networking equipment I stumbled upon “locking” RJ-45 jacks. Due to a round of lost in translation the word “locking” as in fixating or fastening was translated to “abschließbar” - “lockable” as you’d do with a door. The description also stated enhanced security for areas with higher security requirements such as banks, airports and schools. Costing only 4€ and an extra 4€ for the “key” I just couldn’t resist to give the security benefits a test drive.

  • Receiving NOAA Satellite Images

    I’ve recently had a short look at receiving satellite images from the NOAA weather satellites. A short HowTo and some results can be found on the Receiving NOAA Satellite Images page.

  • The First One

    Just the very first post in the system.

subscribe via RSS