Security-Bits.de

Sorry, only in German this time. Der verzweifelte Versuch Leuten zu erklären wieso “Wir kaufen da eine Security Schulung und dann ist fertig” eigentlich nicht so wirklich der Fall ist. Zusätzlich der Unterschied zwischen “Wir machen da mal eine Schulung” und “danach ist die Person Experte”.

Working with risks is a task various departments and roles have to perform throughout a large company or cooperations. Every single one of these as a different, valid, and important perspective on the same thing and thus has different requirements and wishes. This can easily result in overly complex situations and a lot of conflicts. Here a little insight into potential issues and risks when working with risks.

CyberChef is a quick and easy tool for playing with encodings, data and information. Using it regularly in presentations, trainings and examples I was recently asked for a super quick “HowTo”, so here it is.

I recently ran a hardware based CTF at H2HC in Brazil. As the CTF was to run for two days, it was setup in two phases, where each of them had tasks that could be solved independently and others that need hints from other challenges. Sadly, the challenges were seemingly far to hard for most of the attendees and the winning team only managed to extract 5 flags. Here is the complete writeup and guide for the CTF.

Running some Ubiquiti UniFi equipment, I’ve also got a USW-Flex-Mini 5 port switch in my setup. Turns out it’s easy to mess up one’s config for them, when taking shortcuts. Here a little insight into the issue, supported features and the solution for the Flex Mini.

I recently wanted to understand why a product, which was certified following multiple different standards was so easy to pwn. Thus, I got to read a few standards..yay… Here a few random thoughts.

Needing a victim for an OT related talk, I decided to hit eBay and quickly found a cheap offer for a few Hirschmann industrial router/firewall/VPN node “EAGLE One” . For about 25Euro each, they were perfectly in budget and although it was the old and seemingly EOL version, I ordered two and had a look.

So I recently got a Hantek 2D72 handheld scope, signal generator and multimeter. Here’s a short review

Since our first Packetwars at H2HC in 2015, it has somehow become a fun tradition. Although not having been involved in 2018, I was back this year and brought a few fun but seemingly too uggly challenges. Here is a short write up on the concepts, ideas and challenges.

A few months ago a friend asked me whether I’d be prepared to assist the Hacker Jeopardy staff to create a fun little prize for the 25th jubilee edition. After talking cool ideas, steampunk, nixie tubes and badges, we changed over to a small diorama of the HJ stage. All in all it resulted in the production of a limited edition of 15 Nixie tube clocks.