Security-Bits.de

In Germany petrol stations have to regularly share the price of their products with a government agency. In addition public APIs were created, which give close to realtime access to the prices. Here a little example on how to fetch and use the data.

A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows the actual setup. But, er ist auf deutsch (it’s in German).

I recently received a nanoBTS 165G, which strangely enough made a rattling sound. While it’s a bad sign, as there might be a chance to short out and break the BTS, it’s a super easy fix. Here the insights!

One of my big Todo List projects is temperature monitoring for the house. Being a big fan of wired approaches, many available solutions don’t match my requirements or are far to expensive. Luckily Olimex published the perfect plattform a while back. I finally managed to get one. Here are some insights.

A lot of time is invested into defining and describing OT Security or Operational Technology Security, especially in contrast to IT Security. It’s very often hard to draw a proper line between both and complicated to keep it strict. Here is a little insight into why the line helps, where it makes things worse and a few recommendations on dealing with the resulting challenges.

A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows a secure reference architecture with explanations. But, er ist auf deutsch (it’s in German).

Working on trainings to teach basics can be very frustrating due to the word basic. The big question is: What is basic and what are basics?

Yet another PoC from my to do list: Which data passes through the SIM card on a data modem? The specific question was, whether the APN credentials where passed to the SIM and could be intercepted with a SIMTrace. This post gives a quick overview on how to use a SIMTrace2 to create a PCAP trace.

After a long time discussing the concept of USB sticks with internal AV engines, I’ve decided to create a quick and dirty PoC. Thus, this post shows how to utilize a USB Armory MK II and ClamAV as a self-scanning USB stick. The Summary: It failed successfully!

I recently got to make a new, fun badge for H2HC , which turned out to be a custom GameBoy game. This post gives a quick and easy insight into the how! If you just want to play, go here .