IT Security student and wannabe Rustacean.
My passion is security, so everything I do is somehow related to security. I study "Corporate and Information Security" at the University of Applied Sciences Offenburg. Below is some of the work I have done in the past or am currently working on.
Keywords: AFL++, TP-LINK
In my term paper about the "Internet of Vulnerable Things" I wanted to find a memory-related vulnerability in a binary running on the TL-WR902AC but was not successful. This time I use fuzzing to find such a vulnerability.
Keywords: TLS, Cryptography, Rust, CTF
To learn Rust and cryptography at the same time I implemented the Transport Security Layer Protocol Version 3 (TLSv1.3) from scratch. The implementation includes all cryptographic operations like elliptic curves or AES. During the implementation, I looked at various attacks in detail. Some of them have become CTF challenges (see VulnTLS for more), such as Dual_EC, an NSA backdoor.
Keywords: Rust, WebSocket
WebRocket is a WebSocket server implementation programmed from scratch in Rust (including SHA-1 and Base64). This is my project with which I learned Rust.
Keywords: IoT, TP-Link
In one of my term papers I had to write about the topic "Internet of Vulnerable Things". So I bought a cheap router and took a closer look. As expected, the security was not really good and I was able to find a security vulnerability with a CVE score of 8.8 in no time.
Keywords: TypeScript, OAuth, Single-Sign On, NodeJS
I created this project to provide a privacy compliant and feature rich "sign in with" solution for my own websites. In the meantime my focus has changed to web application security. It is therefore explicitly allowed to hack my own instance under odmin.de - and if the hack impresses me there is also a small bug bounty :)