Eine sichere Arztpraxis - Teil 2/2: Die Praxis

A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows the actual setup. But, er ist auf deutsch (it’s in German).

[Read More]

My nanoBTS is rattling

I recently received a nanoBTS 165G, which strangely enough made a rattling sound. While it’s a bad sign, as there might be a chance to short out and break the BTS, it’s a super easy fix. Here the insights!

[Read More]

PoE Temperature Sensor

One of my big Todo List projects is temperature monitoring for the house. Being a big fan of wired approaches, many available solutions don’t match my requirements or are far to expensive. Luckily Olimex published the perfect plattform a while back. I finally managed to get one. Here are some insights.

[Read More]

A few thoughts on distinguishing between IT and OT Security

A lot of time is invested into defining and describing OT Security or Operational Technology Security, especially in contrast to IT Security. It’s very often hard to draw a proper line between both and complicated to keep it strict. Here is a little insight into why the line helps, where it makes things worse and a few recommendations on dealing with the resulting challenges.

[Read More]

Eine sichere Arztpraxis - Teil 1/2: Architektur

A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows a secure reference architecture with explanations. But, er ist auf deutsch (it’s in German).

[Read More]

Basics

Working on trainings to teach basics can be very frustrating due to the word basic. The big question is: What is basic and what are basics?

[Read More]

Data Modems and SIM Card Communication

Yet another PoC from my to do list: Which data passes through the SIM card on a data modem? The specific question was, whether the APN credentials where passed to the SIM and could be intercepted with a SIMTrace. This post gives a quick overview on how to use a SIMTrace2 to create a PCAP trace.

[Read More]

Successfully failing at creating a USB stick with integrated AV

After a long time discussing the concept of USB sticks with internal AV engines, I’ve decided to create a quick and dirty PoC. Thus, this post shows how to utilize a USB Armory MK II and ClamAV as a self-scanning USB stick. The Summary: It failed successfully!

[Read More]

Gameboy? Gameboy!

I recently got to make a new, fun badge for H2HC , which turned out to be a custom GameBoy game. This post gives a quick and easy insight into the how! If you just want to play, go here .

[Read More]

Kuchen und Security

Sorry, only in German this time. Der verzweifelte Versuch Leuten zu erklären wieso “Wir kaufen da eine Security Schulung und dann ist fertig” eigentlich nicht so wirklich der Fall ist. Zusätzlich der Unterschied zwischen “Wir machen da mal eine Schulung” und “danach ist die Person Experte”.

[Read More]