Projects

ATTRIBUT (Phase 2) (2023-2024)

funded by Agentur für Innovation in der Cybersicherheit (Cyberagentur); role: leading partner HSW and its sub-project; proposal co-author; ~214.500 EUR
project website

KIASH (2022-2025)

AI-driven Secure Aging for Pandemy-resilient Digital Infrastructures (German: KI-gestütztes sicheres Altern für eine pandemieresiliente digitale Infrastruktur, KISAT, 2020-2022)

funded by MWWK/RLP; role: main proposal author; principal investigator; 185,000 EUR

funded by MWWK/RLP; role: one of the proposal authors; co-principal investigator; ~717,000 EUR

funded by EU (EFRE)/RLP; role: principal investigator / main proposal author; ~211,000 EUR

Anti Cyber-crime Actions on the European Level (ACCAEL, 2020),

funded by BMBF; role: principal investigator / main proposal author; ~21,750 EUR

funded by German Ministry of Education and Research (BMBF); role: principal investigator / main proposal author; eight project partners; ~68,000 EUR

funded by German Ministry of Education and Research (BMBF); role: main proposal author / project manager; ~453,000 EUR

WendzelNNTPd - an NNTP daemon (2004-today)

Hardened Linux Security Distribution (project initiator/leader and developer; 2006-2008)
AstroCam stepengine control software (2001-2011)
Security hacks:
- KSPIDS - Linux Kernel User Profile IDS Patch (2008)
- openportd - ICMP port knocking service for OpenBSD (2006)
- FUPIDS - “Fuzzy” User Profile IDS for the OpenBSD Kernel (2003)
Covert channel/tunneling software:
- NeFiAS - a detector for network covert channels (2020-now)
- NEL tool - a research tool for network environment learning/active warden testing (2017-2018)
- CCEAP - a tool for teaching network covert channels (2016-now)
- PCT - protocol channel tool (PoC, 2008)
- PHCCT - protocol hopping covert channel tool (PoC, 2007)
- VSTT - ICMP, POP3 and plaintext tunnel via fifo/socket in/out (2006)
- PCAW (protocol channel-aware active warden): a countermeasure for protocol switching covert channels (2012)
- WoDiCoF (Worms Distributed Covert Channel Detection Framework): a covert channel detection framework (2017-2018)
Other tiny hacks:
- sfnetmapper - visualizes connections of sf.net users and their projects (2011)
- creategallery - fast creator for ugly HTML galleries (2009) – here are some of my own galleries.
- Fluxbat - displays laptop battery status in the fluxbox menu (2007)

Very old stuff (2000-2009), mostly not accessible anymore:

OBPkg: a Synaptic-like tool for OpenBSD
cwa: a web programming system for C (like PHP, but you can run C code instead)
cchttpd: a highly speed-optimized HTTP server, capable of loading C modules to perform server-side website generation and request handling
xyriaDNSd: a highly speed-optimized DNS server with load-balancing capabilities (old version from 2008 available on sourceforge)
sysmon: web-based system monitoring tool for Solaris 8
MSS: Multiple server scanner (a port scanner supporting various scan types; written ca. 2001 with friends)
cpfos: An extended Slackware-based packet system for Hardened Linux
fupids2: a user-space version of FUPIDS (see above)
various hacking tools, mostly to learn how to handle sockets under Linux and BSD, incl. a RIP routing update spoofer, some PoC backdoors using covert channels, and a a simple TCP connection hijacker.

I contributed the `pscan’ port (a C code vulnerability scanner) to OpenBSD .

I contributed several patches to the Open Source Software (OSS) community, including mostly bugfixes but also few feature improvements:

Operating Systems (packaging/build scripts, tools, …):
- Slackware Linux
- My OpenBSD patches
Tools: gftp, icmpinfo, Ping Tunnel
A number of manpage fixes (mostly Ubuntu/Debian)