Security-Bits.de

So I recently got a Hantek 2D72 handheld scope, signal generator and multimeter. Here’s a short review

Since our first Packetwars at H2HC in 2015, it has somehow become a fun tradition. Although not having been involved in 2018, I was back this year and brought a few fun but seemingly too uggly challenges. Here is a short write up on the concepts, ideas and challenges.

A few months ago a friend asked me whether I’d be prepared to assist the Hacker Jeopardy staff to create a fun little prize for the 25th jubilee edition. After talking cool ideas, steampunk, nixie tubes and badges, we changed over to a small diorama of the HJ stage. All in all it resulted in the production of a limited edition of 15 Nixie tube clocks.

It seems that Hackers have a significant interest in Adrenaline and Epi-Pens: How they work, what they look like and how to use them. So, due to “having access”, I decided to write a short post with a “demo”. Obviously, above being interesting, it’s good to know how to use them.

I’m just on my way home from visiting Blue Frost Security ’s second edition of OffensiveCon . So, obviously, I need to start with a big thanks to Miguel, Lukas and all of the staff for a great conference! Now, sitting on the train with a few symptoms sleep deprivation, I thought I’d drop a few lines a small event I “ran” on the side: Lobby Con!

After having received my new Saleae {:target=_“blank”} Logic Analyzer, I decided to combine my testrun with something I’ve had on my todo list for a few years now: The electronic “Parkscheibe” / parking disc. Thus I ordered one and had a closer look!

About a year ago I was looking for a creative way for bridging about a month of waiting, well bridging the wait for somebody else to be precise. After a little bit of tinkering and playing around I thought it might be a nice idea to send a postcard per day. Obviously, I wanted the cards to be custom (own design), printable (duplex) and somehow connected (telling a story). After a few more days of playing with ideas I decided to add a puzzle aspect, thus each postcard containing a few parts of the puzzle. The way things are with me, the overall design slightly exploded by adding a few more fun features. I’m actually just writing about, as I did quite like the overall idea and thought somebody else might find joy in it or just use it as inspiration, especially as the project turned out to being a complete waste of time.

So I recently needed/wanted to have a closer look at a few thousand hosts. After identifying and listing all addresses I started doing my homework by running NMAP. I then ended up with far to many results to work with by hand. Having already read about Ivre I decided to give it a quick spin. I then made the mistake to post a Tweet about having used it and promising a quick write-up. Well, here it is!

After recently having stated in a Tweet that Sonos speakers expose a web interface, I just wanted to add some information here. I first found this interface about 4..5 years ago, when a good friend bought himself a Sonos system and I decided to just run a quick scan. Back then there wasn’t a lot of information on this interface online, which has changed over the past few years. Today, if you search for “sonos web interface” or “sonos hidden interface” you’ll finde various information, just as published here.

During the recent SaciCon I gave a short insight into to the magic Chinese hardware implant covered by Bloomberg from a hardware hacker' s perspective. In summary I described it as a hardware hacker’s wet dream, simply due to size, effort and the feature set described by Bloomberg. Obviously I didn’t want to discuss any conspiracies, so I just stuck to the technical aspects. As an addition, I decided to cover the practical logistics of a hardware implant in a short post here. Thus, here an introduction into backdooring an Arduino Uno.