Latest entries
-
Threat Modelling should be part of your developing process
05 Aug 2020 - How do you build secure software? We won’t answer that question here, but a useful approach to building more secure software is constructing an explicit threat model and updating it on a regular basis. Instead of creating a giant threat diagram start by trying to apply one of the STRIDE frameworks threats to your system. Choosing a threat modelling card of the day may help familiarize yourself with the vocabulary.
(~ 5 minutes reading time) Read more... -
Wifi cracking and pwnagotchi - An AI boosted mobile bettercap tool
09 Dec 2019 - During the last few weeks I had a lot of fun with a nice little project called pwnagotchi. It’s an automation frontend for bettercap, can be run on a Pi Zero and enables automated wifi-handshake collection. An AI supports finding better scanning parameters. And it has an adorable face.
(~ 6 minutes reading time) Read more... -
2nd Factors, an overview about Fido, OATH and One-Time-Pads
05 Nov 2019 - I felt like upgrading my Yubikey to a USB-C version and use that opportunity to dive a little bit deeper into the different OTP specs and how I want to use my second factor. Still falling down the rabbit hole, but here is some kind of overview of fido2, u2f, oath-hotp, yubico-otp and others…
(~ 9 minutes reading time) Read more... -
Don't use security questions!
07 Oct 2019 - The railway company Deutsche Bahn just added security questions to their booking application, or at least bothers me to add some. It’s 2019 and we all should know by now, that this kind of measures weaken security. Let’s see why…
(~ 7 minutes reading time) Read more...