Eine sichere Arztpraxis - Teil 1/2: Architektur

A while back Germany decided it would be a good idea to regulate the IT infrastructure in doctor’s practices. While obviously a smart move, it resulted in strange interpretations and even stranger architectures being implemented. This post shows a secure reference architecture with explanations. But, er ist auf deutsch (it’s in German).

[Read More]

Basics

Working on trainings to teach basics can be very frustrating due to the word basic. The big question is: What is basic and what are basics?

[Read More]

Data Modems and SIM Card Communication

Yet another PoC from my to do list: Which data passes through the SIM card on a data modem? The specific question was, whether the APN credentials where passed to the SIM and could be intercepted with a SIMTrace. This post gives a quick overview on how to use a SIMTrace2 to create a PCAP trace.

[Read More]

Successfully failing at creating a USB stick with integrated AV

After a long time discussing the concept of USB sticks with internal AV engines, I’ve decided to create a quick and dirty PoC. Thus, this post shows how to utilize a USB Armory MK II and ClamAV as a self-scanning USB stick. The Summary: It failed successfully!

[Read More]

Gameboy? Gameboy!

I recently got to make a new, fun badge for H2HC , which turned out to be a custom GameBoy game. This post gives a quick and easy insight into the how! If you just want to play, go here .

[Read More]

Kuchen und Security

Sorry, only in German this time. Der verzweifelte Versuch Leuten zu erklären wieso “Wir kaufen da eine Security Schulung und dann ist fertig” eigentlich nicht so wirklich der Fall ist. Zusätzlich der Unterschied zwischen “Wir machen da mal eine Schulung” und “danach ist die Person Experte”.

[Read More]

The Correct Format for Documenting Risks?

Working with risks is a task various departments and roles have to perform throughout a large company or cooperations. Every single one of these as a different, valid, and important perspective on the same thing and thus has different requirements and wishes. This can easily result in overly complex situations and a lot of conflicts. Here a little insight into potential issues and risks when working with risks.

[Read More]

Cooking with CyberChef

CyberChef is a quick and easy tool for playing with encodings, data and information. Using it regularly in presentations, trainings and examples I was recently asked for a super quick “HowTo”, so here it is.

[Read More]

Ubiquiti USW Flex Mini and VLANs

Running some Ubiquiti UniFi equipment, I’ve also got a USW-Flex-Mini 5 port switch in my setup. Turns out it’s easy to mess up one’s config for them, when taking shortcuts. Here a little insight into the issue, supported features and the solution for the Flex Mini.

[Read More]

Security and Certification

I recently wanted to understand why a product, which was certified following multiple different standards was so easy to pwn. Thus, I got to read a few standards..yay… Here a few random thoughts.

[Read More]