Creating a Hacking Game - Part 1: Introduction

Posted on Sat 08 August 2015 in posts • Tagged with ctf, grackerLeave a comment

This is a multi-part blog post about creating my own hacking game to teach other people the excitement of exploiting vulnerabilities. To try it out, just connect to ssh [email protected] with password level0. You only need a little bit of Linux command line knowledge. And get used to ...

Continue reading

Cyber Security Challenge Germany 2014

Posted on Sat 14 February 2015 in posts • Tagged with ctf, cscgLeave a comment

This is about my experience of the Cyber Security Challenge Germany 2014.

The Cyber Security Challange Germany is a Capture The Flag style competition for students which I participated in. It is mainly organised by the Internet Sicherheit Institut (ger.: Internet Security Institution) and Compass Security with support from many ...

Continue reading

Criticism - Revisiting XSS Sanitization

Posted on Sat 18 October 2014 in posts • Tagged with xss, security, bheu, criticismLeave a comment

This is a criticism about Ashar Javed's BlackHat EU Talk: Revisiting XSS Sanitization.

I believe as in any field of science we need to have a discussion about published research. Especially when we think there is something wrong with the "experiments" and the resulting conclusion. Maybe I'm completly ...

Continue reading


Posted on Tue 14 October 2014 in posts • Tagged with script, python, captcha, securityLeave a comment

First of all, this research is legit because I have a logo and a name for it. This seems to be a trend right now (heartbleed, shellshock, sandworm) . Afaik the rule is that you must invest the same time into creating the logo as you did in your research.

Creating ...

Continue reading

Code Archeology (Updated)

Posted on Thu 18 September 2014 in posts • Tagged with script, python, code auditLeave a comment

One day I thought about different techniques to do source code analysis. Especially since we often have access to repositories and thus the evolution of code.

Wouldn't it be cool to see the age of certain lines of code relatively to others? So I decided to create a PoC ...

Continue reading