Causing Irritation, by doing things ?correctly?

 Posted on March 21, 2025  |  brian

So, somehow, I feel like often causing irritation by turning around, looking for an Ikea Samla Box, of which I now have just under 200, and quickly do a PoC, prove a point or find a reference. While others are often irritated that I have everything here, I’m irritated that they don’t. Here a few thoughts…

I got to writing this post, after speaking to a good friend on getting one’s hands dirty. Discussing how some are world class exploiters but can’t put their finding into context and others being so theoretical, that whatever they put on paper will never see the light of day. Obviously, nobody can cover everything, and specialists often only cover a tiny scope and miss the surroundings. This is probably why people say genius and madness are so close to each other.

Security Engineering and technical consulting

For me, personally, things get super crazy when working as a Security engineer or doing technical security consulting. When I’m asked for an opinion, no matter if concerning criticality, impact or success rates, I want to be able to be able to give a reliable response. As such, I feel like having to give everything a practical try, understand it and then not only be able to say “hey, that’s super trivial”, but also prove and teach it. Or at least have a similar reference, that I can draw.
People who’ve known me for a while know, that I moved through mobile security, hardware / embedded, telco, cellular, automotive, automation, OT and railway Security, in addition to the basics i.e. host, application and network security. And possibly even know that I now work at a fiber operator. While, for me, these topics feel super close, related and overlapping, each one adds new perspectives, tools and equipment.

Starting a New Job

A notable amount of my first salaries usually runs into my lab setup at home. I.e. starting in fiber I now own a VSOL OLT, 8 different ONTs, multiple optical cables and splitters and well, a fiber lab. I’m just working on a MitM setup and a cheap way to access OMCI messages.
Even though my employer offered to reimburse my eBay and Kleinanzeigen trips, I have learned that I prefer to own these tools myself. On the one hand it doesn’t give me a bad conscious if I destroy something and on the other hand, it allows me to do what I do – irritate people!

Looking at my collection of Ikea boxes:

  • Ettus USRP B210, which Hendrik and I got as present from an Ettus engineer after our Base Station talk at Defcon
  • Multiple nanoBTS, which I have used for trainings and during testing
  • Home alarm systems, smart meters, GPS trackers and multiple other devices with cellular modems including POS terminals
  • A bunch of mobile phones from different periods
  • A few old iPhones with specific vulnerabilities
  • Two Allnet DSLAMs for my full DSL MitM setup
  • A Fortigate 40C, as a reference for the doctor’s practice I set up
  • A secunet TI connector, for the same reason
  • A KoCoBox TI connector
  • Multiple crane remotes
  • Hirschmann Railway Switches
  • Hirschmann and Phoenix Contact mGuards as industrial routers
  • A Cisco switch and wireless access points – it’s next to impossible to never cross paths with a Cisco!
  • Various NFC cards and readers
  • Various physical seals
  • LoRAWAN access point and various clients
  • Electronics stuff with soldering iron, scope, various power supplies, microscope etc.
  • A box full of different and general JTAG and other programming/debugging adapters
  • ECUs from cars
  • Various RF equipment

Or in short, close to 200 5l and 11l Samla boxes containing either a specific device, setup, topic or toolset. Some functioning, some as puzzles. Most of them having been bought used from eBay, because there is no need for the things to be new!

Learning

Learning new tricks, increasing my knowledge and extending my skills only rarely fits into my workday. This results in me running similar systems at work and in my home lab and network. I.e. I’m currently sliding deeper into Kubernetes, so I’m just setting up a small cluster with two nodes at home to run services like my xwiki and vikunja , which currently run on Docker on dedicated hosts. By setting up and hardening my own Kubernetes cluster, I, for myself learn by far more than by just reading documentation.

Extremes

For me a good Security engineer, just as a good consultant must have broad experience, including both practical and theoretical knowledge just as much as offensive and defensive. Being stuck in an extreme position or just staying in a specific corner, for me, is a very bad choice. The reason why I’m fighting for offensive and practical knowledge is probably because I’ve spent too much time with people being stuck in the opposite corner. And most of them causing me major headaches by recommending really bad approaches, that look good on paper but aren’t applicable or just don’t scale.

Well…

Maybe we should have more discussions on how people without a home lab, without playing, hacking, failing and succeeding can be proficient Security engineers and consultants. Honestly, for many things I would love saving the time and money! For some not, because it’s just awesome fun!

P.S.

Thanks to Fernando Gont for triggering this post ;-)