IT Security and Control
Troubleshooting hydraulics is like debugging software and networking protocols.
I am a physicist turned IT security engineer, or the other way around. I'll be in the nether land between communities and disciplines forever!
For about 15 years I did nothing but building Public Key Infrastructures and troubleshooting X.509 certificates. Today I am also developing software for simulations and data analysis, and I dabble in 'hacking'.
My passion for debugging, sniffing, hacking, and reverse engineering is - for me - the natural connection and the overlap between experimental physics and computer science.
My writeup of how I owned this box by issuing myself a logon hardware crypto token on behalf of the Administrator – abusing a misconfiguration of certificate templates! I joined a box to the domain, used Kali Linux and Windows in parallel, and ran a fake DNS server with locator records for Active Directory. A software certificate would not have been sufficient – I needed the /smartcard options of net use and runas.
A review of Peter Gutmann's terrific book Engineering Security, and some of my related encounters.
My write-up for owning the machine Helpline on hackthebox - my 'silly unintended path to root': You can read the EFS encrypted files - by injecting a recovery agent key and certificate ... and waiting for another user to *look at the flag file*.
Making or Breaking (2019-06-25)
Red versus Blue, Consulting versus Operating. Random thoughts on time spent in 'infosec' or IT or whatever the correct term is.
A few commands I found useful when trying to own locked-down machines!
Echo Unreadable Hex Characters in Windows: forfiles (2019-05-08)
How to write any file on a locked-down Windows box, and when all you can do is pasting readable characters into a simple shell?
Ethereal was a box classified as ‘insane’ at hackthebox, a platform for learning to pentest and “playing capture-the-flag”. You got command execution over DNS, and you had to use openssl telnet-style to get a reverse shell. To own system you need to sign an MSI with a CA cert/key file you found on the box.
Pseudo Twitter (2019-03-13)
Little Snippets and Links. Hand-Crafted.
Certificates and PKI. The Prequel. (2019-02-18)
Nostalgic post – how it began, in the late 1990s: Sending faxes to US-based CA companies to prove the legitimate status of a company whose name was one dot over the X.509 common name character limit. Bonus: Accidental Google hacking for discovering webservers running on >20 year old platforms.
How to log basically anything with CMI / UVR16x2. As the CMI has a Modbus interface it can log data from a Modbus server running on Raspberry Pi, and this Modbus server can forward data from other loggers as a 'protocol translator' and provide values derived from calculations, or it can serve up the result of any calculation as a Modbus register value.
Unintended 2nd Order SQL Injection (2018-12-15)
I have accepted a benign version of 2nd order SQL injection as a fact of life. But then interesting things happened when a parcel was (not) delivered.
A Color Box. Lost in Translation (2018-11-18)
The control system was turned upset down again and the Data Kraken was looking at its entangled tentacles, utterly confused.
Cyber Something (2018-10-14)
You know you have become a dinosaur when you keep using outdated terminology. Ev...
I am learning to pentest! (2018-08-27)
What I have being up to - in the past quarter: As a long-term defender I wanted to learn a bit about actually hacking something - and I got sucked into the best black-hole ever! Playing and learning - combined in the best possible way!
Sort of an Away Note – elkement gone hacking: I discovered the pentesting platform hackthebox and spend all my online time there! It’s all new, yet familiar as I feel I have always reverse engineered anything in some sense.
Cloudy Troubleshooting (2) (2018-06-25)
"Write-up of a hacking challenge ;-) When some network infrastructure loses packets, but seemingly only for one site / cloud app … so that it takes you a while to realize that it’s not an issue with this cloud app."
Infinite Loop: Theory and Practice Revisited. (2018-06-10)
Learning: Physics, computer science, and engineering. Formal education versus hands-on tinkering. I do have the former, but still think my actual education happens via the latter.
Where Are the Files? [Winsol - UVR16x2] (2018-05-28)
A little bit of reverse engineering to find out where log files (retrieved from the data logger CMI) may be stored. The question was more interesting than expected – I learned something about Windows security!
Cloudy Troubleshooting (2018-05-13)
Tales from the field – presented as a drama featuring Cloud, Client, Telco and elkement – going down the rabbit hole of debugging, network sniffing, and mind-numbing tests.
Physicist, walking down the stack (2018-05-02)
One more attempt at describing what I am up to: Physics and IT - revisited.
Playing with Modbus inputs on the Control and Monitoring Interface of the UVR16x2 controller (and corresponding settings at the Fronius Symo inverter) – step-by-step description.
Let Your Hyperlinks Live Forever! (2018-03-18)
Against linkrot! Joel Spolsky went to great lengths to prevent linkrot, but no excuses if you are not famous: I did it too.
Reverse Engineering Blackboxes (2018-02-02)
I often say that my work is basically, most of the time, actually: Reverse engineering, finding out how stuff works, deciphering blackboxes.
Reverse Engineering Fun (2017-12-05)
Recently I read a lot about reverse engineering – in relation to malware research. I for one simply wanted to get ancient and hardly documented engineering software to work. Write-up of an analysis I found very interesting!
Working Remotely (2017-12-02)
HTTP(s) (mis-)use connection magic enables me to work in a way I would have never envisaged 25 years ago - at the time when my most important 'files' were still contained in physical folders. I am able to work nearly remote-only, not only in IT projects.
Simulating Life-Forms (2): Cooling Energy (2017-11-28)
I found an incredibly detailed research report by the Australian government – about energy use in private homes, by appliance and purpose. It confirms my reluctance to 'predict' cooling energy as usage of air conditioning depends strongly on life-style choices.
The Orphaned Internet Domain Risk (2017-10-21)
If you abandon a domain, malvertizers may re-use it – using even your former content available on public archives … taking advantage of your former reputation.
The usual number crunching – performance, energies, temperatures, ice, passive cooling – plus a summary of the system’s configuration and ‘cultural’ context.
On Computer Science and IT (2017-10-07)
Exploring my relationship with computers, networks, software - and related academic or professional disciplines and activities. A list of opposites, random thoughts, and anecdotes
Computers, Science, and History Thereof (2017-09-29)
I am catching up on all things computing and software. Here are a lot of words about three sublime, yet free, online resources. My personal nostalgic time capsules.
Heat Transport: What I Wrote So Far. (2017-07-14)
A list of all my blog posts focussing on heat transport, plus short summaries: Heat transfer and energy storage in our heat pump system, in ground, in ice. Analytical solutions versus numerical simulations versus maverick’s heuristics.
Other People Have Lives - I Have Domains (2017-06-06)
New domain names and HTTPS everywhere.
Earth, Air, Water, and Ice. (2017-02-05)
Data analysis of the heating season 2014/15 (when we turned off the solar/air collector to simulate a harsher winter). From the net energy in the tank the contribution of ground can be calculated. Data also show that the collector is delivering the more energy the colder the tank is. There are two kinds of energy balances: 1) The net energy ‘in the tank’ (allowing for calculating the contribution of ground) and 2) the three heat exchangers that are connected in series in the brine circuit.
Scripts Beget Scripts (2017-01-31)
Incorehent thoughts about what I do as the so-called Theoretical Department also known as Data Kraken Tamer.
My Data Kraken - a Shapeshifter (2016-12-22)
Answer to the question: How do you analyze and consolidate your logging data? What is the biggest challenge? It’s the ongoing change of the ‘database schema’: New sensors, shuffled columns in log files, new calculated values…
Give the 'Thing' a Subnet of Its Own! (2016-11-20)
A brief report ‘from the workbench’: How recent Internet of Thing hacks reminded me of the often overlooked ‘routing feature’ in Windows… which was helpful in quickly giving control units’ data loggers access to the internet.
Internet of Things. Yet Another Gloomy Post. (2016-09-30)
Some thoughts about recent DDoS attacks – and why I think the discussion about manufacturers locking down their printers is somewhat related. About the tension between being an independent neutral netizen and being plugged in to an inescapable matrix, maybe beneficial but Borg-like nonetheless.
Hacking My Heat Pump - Part 2: Logging Energy Values (2016-08-24)
Connecting Raspberry Pi CAN bus logger to the Stiebel-Eltron heat pump and querying for temperature and energy values. Network traces and details of CAN frames, and automation of logging.
Extending logging infrastructure – automating reading off our heat pump’s internal energy meter by using Raspberry Pi as monitoring device. Before connecting to the heat pump hardware and software is set up and tested with a CAN bus I am familiar with.
'Are You Still Doing PKI?' (2016-07-06)
One of those status updates - again.
Have I Seen the End of E-Mail? (2016-06-10)
I have been impressed by a targeted ransomware attack on very small Austrian businesses.
Comparing detailed time curves – illustrating why it is hard to raise self-consumption and self-sufficiency above statistical averages for homes without heat pumps: PV output, input energy for the heat pump’s compressor, and the home’s total smart meter balance.
Everything as a Service (2016-05-19)
Trying to predict the not-to-distant future of heating for consumers – following the ‘as a service’ philosophy introduced to software products long ago: Heating will be turned into monthly subscriptions bundled with internet access and bank accounts, and home owners will host aesthetically pleasing black-boxes operated by 'platforms'.
Alien Energy (2016-04-15)
Our photovoltaic generator is up and running for nearly a year. In this post I analyze the most remarkable day – as per our data logging, when we got nearly the generator’s rated power in mid-winter. Re-visiting the impact of temperature on output power, and the 'focusing' / 'edge of clouds' effect.
Some statistics after four years of blogging on wordpress.com. No, not statistics on views and visitors but my own Excel analysis of the number of posts in categories over the years.
Half a Year of Solar Power and Smart Metering (2015-12-07)
Daily and monthly balances of electrical energy, showing the amount of energy used by the heat pump's compressor versus energy consumed by appliances and control.
Internet Domains: The Unspeakable (2015-12-05)
Insights - speaking from 15 years of experiences. Never use a word denoting a punctuation mark.
Verified by analyzing our monitoring data - combining logging from our heat pump's control unit (UVR1611) and the PV inverter's logging.
Shortest Post Ever (2015-11-07)
Update - my new personal site is live.
The first half is about technology and HTTP redirects, the second half can be ignored by geeks.
Web Migration Project - Progress Report (2015-09-29)
Ongoing update on my web development project.
My Flat-File Database (2015-09-18)
My new websites' database is equivalent to a bunch of text files. I am going to use standard SQL queries to retrieve content and meta-data from the file contents and the file name.
Interrupting Regularly Scheduled Programming ... (2015-08-17)
… I am going to re-do my websites from scratch.
We Interrupt Our Scheduled Programming ... (2015-08-11)
I wax a bit nostalgic as this might be the last entry in this ancient pseudo-twitter stream (fed from a TXT-file-based 'database' I edit manually, BTW). I am going to re-do all my personal sites from scratch, and an I am really enjoying it. .NET and object-orientation - here I come, says the script-kiddy.
Solar Power: Some Data for the First Month. (2015-06-17)
Figures and numbers from our PV generator's logging: Combining daily energy balances with data from our power meter, and tracking intermittent short and very high power spikes by parsing the inverter logger's website.
Last year I was in PKI nostalgia mode, see this blog posting. for example. Accidentally (?), in 2014 several major PKI updates and migrations (from Windows 2008 (R2) to Windows 2012 (R2)) have been due.
Watching TV Is Dangerous (2015-05-07)
"Data logger BL-NET is silenced by an IP-TV in the same LAN; solution: Put the logger in its private subnet."
I gave in to Google’s nagging. A little boot camp in responsive web design, to meet the bare minimum requirements.
Data Logging with UVR1611 - FAQ (2015-03-18)
What I would have wanted to read when I once made myself familiar with the freely programmable controller. This post is a response to some 'FAQ'.
Maybe I Am a True Expert Now. (2015-01-25)
As the saying goes, an expert is somebody who has committed every blunder in their discipline. Thus I have finally made it.
All My Theories Have Been Wrong. Fortunately! (2015-01-23)
I apologize to Google. Final and embarrassing update in this series.
Looking for Patterns (2015-01-09)
Some details about the hack of my non-Wordpress website. A self-sabotaging post written by a so-called IT security expert.
Waging a Battle against Sinister Algorithms (2014-12-20)
My website was hacked, but worse: Google seems to consider me a link scammer and my page impressions plummeted by a factor of 100.
Google and Heating Systems (2) (2014-11-15)
How things (in the Internet of Things) phone home and/or are accessed directly from the internet. Sometimes anonymously to my shock.
PKI FAQ (2014-10-06)
I have started a new (another!) way to organize the Technet security discussion threads I have contributed to - sorting them by topics and categories I found useful in my own troubleshooting.
When I Did Social Engineering without Recognizing It (2014-08-05)
Title says it all.
Digital Certificates and Heat Pumps ... (2014-08-04)
... an odd combination probably.
Postings in Technet Forums (2014-07-29)
My personal troubleshooting knowledge base.
5 Years Anniversary: When My Phone Got Hacked (2014-07-18)
This post has some technical information it is more of a personal rant. Now I can laugh about it. I am not a phone phreaker so any input is welcome!
On the arcane nature of pipework, path integrals, and public key infrastructure.
Not specifically about certificates - but about what is often required to troubleshoot validation of certificates: Sniffing.
radices = Roots! (On PKI) (2014-06-01)
Trying to say what I do with PKI (again) as I am still getting project requests. I am supporting existing long-term clients only though.
My Articles on IT Security, Monitoring, PKI. (2014-06-01)
My Articles - Links - IT, Monitoring, PKI, Security
Experimenting with a new format of technical posts - by dividing them into two distinct parts 1) Hopefully accessible 'pop-sci' / 'business' / 'philosophical' introduction, followed by 2) hardcore technical details the non-geek reader could skip.
Exactly what the title says. Some issues from my text file presented in more pop-sci way to your typical geek.
PKI: Links and Resources (2014-03-04)
Links to white papers and other useful resources.
PKI Issues: Concise Summary (2014-03-02)
Here I am documenting issues with X.509 certificates and Public Key Infrastructure I have encountered.
Cyber Security Satire? (2013-05-19)
Not exactly zoomed in on PKI - but the overall message is in line with the next two posts. This post also includes the only hilarious aspect of my master thesis on smart metering and security.
My Google Searches Might Heat Your Home (2013-02-18)
Imagine your search terms could be utilized for something down-to-earth, for something useful.
Trading in IT Security for Heat Pumps? Seriously? (2013-01-22)
Personal essay on career transitions - PKI and heat pumps.