Security-Bits.de

Working on trainings to teach basics can be very frustrating due to the word basic. The big question is: What is basic and what are basics?

Yet another PoC from my to do list: Which data passes through the SIM card on a data modem? The specific question was, whether the APN credentials where passed to the SIM and could be intercepted with a SIMTrace. This post gives a quick overview on how to use a SIMTrace2 to create a PCAP trace.

After a long time discussing the concept of USB sticks with internal AV engines, I’ve decided to create a quick and dirty PoC. Thus, this post shows how to utilize a USB Armory MK II and ClamAV as a self-scanning USB stick. The Summary: It failed successfully!

I recently got to make a new, fun badge for H2HC , which turned out to be a custom GameBoy game. This post gives a quick and easy insight into the how! If you just want to play, go here .

Sorry, only in German this time. Der verzweifelte Versuch Leuten zu erklären wieso “Wir kaufen da eine Security Schulung und dann ist fertig” eigentlich nicht so wirklich der Fall ist. Zusätzlich der Unterschied zwischen “Wir machen da mal eine Schulung” und “danach ist die Person Experte”.

Working with risks is a task various departments and roles have to perform throughout a large company or cooperations. Every single one of these as a different, valid, and important perspective on the same thing and thus has different requirements and wishes. This can easily result in overly complex situations and a lot of conflicts. Here a little insight into potential issues and risks when working with risks.

CyberChef is a quick and easy tool for playing with encodings, data and information. Using it regularly in presentations, trainings and examples I was recently asked for a super quick “HowTo”, so here it is.

Running some Ubiquiti UniFi equipment, I’ve also got a USW-Flex-Mini 5 port switch in my setup. Turns out it’s easy to mess up one’s config for them, when taking shortcuts. Here a little insight into the issue, supported features and the solution for the Flex Mini.

I recently wanted to understand why a product, which was certified following multiple different standards was so easy to pwn. Thus, I got to read a few standards..yay… Here a few random thoughts.

Needing a victim for an OT related talk, I decided to hit eBay and quickly found a cheap offer for a few Hirschmann industrial router/firewall/VPN node “EAGLE One” . For about 25Euro each, they were perfectly in budget and although it was the old and seemingly EOL version, I ordered two and had a look.