I wrote my bachelor thesis about finding and exploiting USB security issues in USB host implementations. The first chapter imparts some basic knowledge about the USB technology. The second part is about USB security. This includes theoretical approaches as well as practical attack vectors. In the last chapter of the thesis you will find my work of trying to exploit some USB vulnerabilities and building a malicious USB device. Read more

This is a paper about RFID security. It was part of my university studies (sixth semester). The main focus is on the theory and feasibility of different attack vectors and their counter measures. Especially logical issues and physical attack vectors have been taken into account. Read more

This is a paper about the basics of digital forensics. It was part of my university studies (sixth semester). It is an introduction to the topic and aims to answer questions like “what is digital forensics?”, “what is it for?” and “how is it done?”. There also is a practical part about some basic tools and how to use them. Read more

The c’t-Bot is a simple robot of the German IT journal c’t published by Heise. As part of a university lecture we should program it to do simple tasks (e.g. follow a light source). Furthermore, we should implement something we want the robot to do. This is were some fellow students and I implemented a remote control system. The code on the bot is written in C and the code on the controlling computer is written in Python. Read more

As part of my studies, some fellow students and I held a lecture about GSM security. The purpose was to give other students a theoretical and practical background. We put together a script, a handout and some exercises. To make this as palatial as possible we used some Motorola C123 phones running OsmocomBB software. Read more

This is a paper about the basic security concepts of the smart phone operating systems Android and iOS. It was part of my university studies (fourth semester). Please note: The information in the paper are very outdated. Much has changed since then. You will find better and more recent information on the internet. This paper is just here for “completeness”. Read more

This is a paper about basic RFID security issues but with focus on the MIFARE Classic technology. It was part of my university studies (fourth semester). As part of this research, I had a closer look at the MIFARE Classic-based system of my university. Because of the multiple use cases (payment, access control, amount of free copies at the printers, etc.) there are plenty of attack vectors. Furthermore, I build an RFID zapper. This device can destroy RFID chips without leaving a trace (visible from the outside). Read more

This is a paper about basic and common security issues with wireless LANs. It was part of my university studies (first semester). After cracking the WiFi security, basic attack vectors like ARP spoofing and SSL/TLS man-in-the-middle have been taken into account as well. The last part is about my practical experience with wardriving. Read more