Something with IT security
Hi, I'm Tobi. I currently try my luck with Rust, Flutter and fuzzing. See what I'm working on below, it's nothing crazy but it's fun.
I wrote a seminar paper on binary rewriting, which allows the modification of compiled binary files without source code, enabling use cases such as fuzzing or hardening proprietary binary files.
This blog post introduces my new generic approach to easily create a fast and easy-to use protocol fuzzer for custom targets.
twonly is a European open-source alternative to Snapchat, written in Flutter. It uses the Signal protocol to encrypt all messages end-to-end.
This winter semester I took part in the TU Darmstadt Hacker Contest, where we had an exercise in which we had to find security vulnerabilities in open source repositories.
In my term paper about the "Internet of Vulnerable Things" I wanted to find a memory-related vulnerability in a binary running on the TL-WR902AC but was not successful. This time I use fuzzing.
To learn Rust and cryptography at the same time I implemented the TLSv1.3 from scratch. The implementation includes all cryptographic operations like elliptic curves or AES.
In one of my term papers I had to write about the topic "Internet of Vulnerable Things". So I bought a cheap router and took a closer look. As expected, the security was not really good and I was able to find a security vulnerability with a CVE score of 8.8 in no time.