I am a software developer at genua, a German IT security company. Currently I am working on the certification and accreditation of microkernel-based security products.
Apart from IT security, I am particularly interested in Python programming, data science, mindfulness meditation and a cappella music.
On this site you will find some of my personal projects.
A quick analysis of the OpenSSL source code repository
The Heartbleed bug got me interested in the OpenSSL project, its history and its community. So I wondered what could be learned about the number of contributors, just from analysing the source code repository. Turns out Pandas, IPython and git can reveal some interesting stuff.
This IPython notebook shows how to analyse network traffic using using Pandas, tshark and Matplotlib. Pandas allows for very flexible analysis, treating your PCAP files as a timeseries of packet data. So if the statistics provided by Wireshark are not enough, you might want to try this.
I have created the official logo for mpld3, an open source Python library that allows interactive data visualisations based on D3.js and Matplotlib.
In May 2013 I gave a talk (in German) showing how to analyse data using two very powerful Python tools: IPython Notebook and Pandas. Links to the YouTube videos and supplemental information (slides, notebook files, ...) can be found here.
I have always found the command line syntax for SSH port forwarding awkward and confusing. A diagram finally helped explain that syntax to me. You can find it here.
This is a simple technique to relax your mind and train your attention. I sometimes use it when I wake up in the night and cannot fall asleep easily (which fortunately happens only on rare occasions). Visit the Calm your mind web site and let me know how it works for you.
If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This GitHub project lists some of them.
Scapy is really awesome packet capture and construction tool by Philippe Biondi, written in Python. From 2007 to 2010 I severely improved the initial Windows port, wrote the Windows installation guide and integrated the existing docs into a Sphinx-based Scapy manual (PDF). Here you'll find a Windows installer for libdnet and Python 2.7 (dnet-1.12.win.32-py2.7.exe) and slides for a talk (PDF) that I gave at the PyCologne Python user group.
I have analysed the fingerprint visualization algorithm that was introduced in OpenSSH 5.1 and wrote a short paper about it (together with Tobias Limmer and Alexander von Gernler, who had the idea for the algorithm and did the original OpenSSH implementation): The drunken bishop: An analysis of the OpenSSH fingerprint visualization algorithm (PDF).
Having created several bootable Windows CD-ROMs with Bart's PE Builder, I thought how nice it would be if I could use some of the plugins on running systems (i.e. without having to reboot). So in spring 2004 I started searching the Internet for useful utilities that can be run directly from CD-ROM. The resulting list is quite large, but not updated anymore.
Tempest for Eliza is a progam that makes your computer monitor send out special radio signals so that you can then hear computer generated music in your radio. The original software runs under Linux and the X-Window System. For demonstration purposes I have developped a bootable CD-ROM called Tempest Showroom that includes everything in order to run Tempest for Eliza on every PC.
In May 2004 I found several security holes in eSeSIX's Thintune computers. I wrote an advisory and published it on the Bugtraq mailing list. The Common Vulnerabilities and Exposures project has given the identifiers CVE-2004-2048, CVE-2004-2049, CVE-2004-2050, CVE-2004-51 and CVE-2004-2052 to these vulnerabilities.
Since the early 1990ies I have been composing music.