Something with IT security and Rust
Hi, I am someone who likes to do security related things or learn something new. I'm currently trying my luck with rust and fuzzing. See what I'm working on below, it's nothing crazy but it's fun.
Keywords: Android & iOS App, Signal-Protocol
twonly, a privacy-friendly way to connect with friends through secure, spontaneous image sharing.
Keywords: Pentesting, Open-Source, Afl.rs
This winter semester I took part in the TU Darmstadt Hacker Contest, where we had an exercise in which we had to find security vulnerabilities in open source repositories. In this blog post I will share my findings. It's nothing crazy, but it was still fun to find them.
Keywords: AFL++, TP-LINK
In my term paper about the "Internet of Vulnerable Things" I wanted to find a memory-related vulnerability in a binary running on the TL-WR902AC but was not successful. This time I use fuzzing to find such a vulnerability.
Keywords: TLS, Cryptography, Rust, CTF
To learn Rust and cryptography at the same time I implemented the Transport Security Layer Protocol Version 3 (TLSv1.3) from scratch. The implementation includes all cryptographic operations like elliptic curves or AES. During the implementation, I looked at various attacks in detail. Some of them have become CTF challenges (see VulnTLS for more), such as Dual_EC, an NSA backdoor.
Keywords: Rust, WebSocket
WebRocket is a WebSocket server implementation programmed from scratch in Rust (including SHA-1 and Base64). This is my project with which I learned Rust.
Keywords: IoT, TP-Link
In one of my term papers I had to write about the topic "Internet of Vulnerable Things". So I bought a cheap router and took a closer look. As expected, the security was not really good and I was able to find a security vulnerability with a CVE score of 8.8 in no time.
Keywords: TypeScript, OAuth, Single-Sign On, NodeJS
I created this project to provide a privacy compliant and feature rich "sign in with" solution for my own websites. In the meantime my focus has changed to web application security. It is therefore explicitly allowed to hack my own instance under odmin.de - and if the hack impresses me there is also a small bug bounty :)