In the past couple of years I have worked in IT security in a variety of ways. I've given talks at conferences like Black Hat, Def Con, the Chaos Communication Congress and many smaller conferences. I have given trainings on topics like fuzzing and TLS.
I have discovered security vulnerabilities like the ROBOT attack against TLS, the Optionsbleed memory disclosure bug in the Apache web server and many others.
Want to hire me?
I am available for freelance work. This could be:
- Giving trainings on topics like TLS, fuzzing, modern web security, cryptography, Linux security
- Giving a lecture at your company or conference
- Consultancy to help you to secure your applications or services
Interested? Get in touch!
Here are some examples of lectures I have given at conferences:
- The Rocky Road to TLS 1.3 and better Internet Encryption (35C3)
- The HTTP GET Attack (Bornhack 2017)
- The ROBOT Attack (Ruhrsec 2018)
- Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS (Black Hat USA 2016)
- Abusing Certificate Transparency Logs (Def Con 25)
- In Search of Evidence-Based IT-Security (33C3)
Example: TLS Training
I can give a one or two day training on TLS.
TLS is the most important cryptographic protocol in the Internet. Recent years have brought a push to TLS by default in the web.
This workshop will give an in-depth overview of the TLS protocol. We'll discuss what's necessary to get a modern TLS configuration, how to make sure your site rates "A+" in the popular SSL Labs test and what attacks shaped the TLS landscape in recent years.
- Certificates and how to get them for free, Let's Encrypt, Certificate Automation.
- TLS overview: Certificates, handshake, cipher modes
- TLS attacks: Padding Oracles, Bleichenbacher attacks / ROBOT, downgrade attacks (FREAK, Logjam, POODLE, DROWN), old crypto (RC4, Sweet32), compression attacks (CRIME, BREACH, TIME, HEIST), nonce duplication, crypto messups (RSA-CRT, duplicate r), RSA signature verification bug (BERserk)
- What's new in TLS 1.3 and how does it prevent many previous attacks?
- Weak keys (Debian OpenSSL bug, ROCA, mining Ps and Qs)
- SSL Stripping and HTTP Strict Transport Security (HSTS)
- Domain/host scopes, Same Origin Policy, Cookies, Public Suffix List
- Certificate Transparency, use of the crt.sh certificate search engine, using CT as a data source, certificate notification services
- OCSP, OCSP stapling, must staple and problems with bad implementations
- Certificate Authority Authorization (CAA)
- TLS-related Internet-wide scans
- TLS in non-web contexts - E-Mail, XMPP, IRC
- Things you probably don't need, but should've heard about: Extended Validation, HTTP Public Key Pinning (HPKP), DANE
- Practical tasks: Get a server up and running with an HTTPS web page that rates A+ on SSL Labs or improve the configuration of your existing web page
- Use of tools like the SSLLabs test, crt.sh, testssl.sh, TLS-Attacker, tls-fuzzer