I am a Ph.D. student at Karlstad University. My research is in the domain of anonymity and anti-censorship systems. Before that, I was working anomaly detection in large-scale computer networks.
On this website you will find various (admittedly, not always useful) code snippets and documents which are all somehow related to computer science and security.
All of the code listed on this page is licensed under the GPLv3 unless stated otherwise.
| Name | Description | Size |
|---|---|---|
| acr.py | Renames a given audio collection by only looking at the audio tags and then moving the respective files. As long as the tags are consistent, a clean file system structure is established. The new file system structure is "%Artist/%Year - %Album/%Tracknumber - %Title". This can be changed, though. | 2504 B |
| filewatch.tar.bz2 | C program to monitor the file access of a specific program. Makes use of LD_PRELOAD. | 732 B |
| pkgrewr.c | C program to rewrite network package payload in realtime using the ip_queue mechanism of the Linux kernel. | 3738 B |
| bfi.c | A lightweight brainfuck interpreter. | 2753 B |
| genpwd.py | Primitive Python password generator which generates passwords of arbitrary (default=20) length and shows the password entropy inherent to the generated password. | 1122 B |
| arpalert.py | Python daemon which is able to detect ARP poisoning attempts. On detection an E-Mail can be sent to the network operator. | 6791 B |
| pytropy.py | Python script for entropy-based analysis of PE sections. Useful for determining whether a given PE file is packed or not. Screenshot before and after packing a binary. gnuplot and pefile are needed. | 2700 B |
| datropy.py | Python script for determining and plotting the information density (i.e. Shannon Entropy) of continuous chunks of a given file. This is realized by using a sliding window method. The tool can be useful to spot encrypted or compressed content of files. E.g.: ./datropy.py $(which bash) results in this plot. | 2765 B |
| hthackess.pl | Perl script to brute-force .htaccess-protected websites using wordlists. | 992 B |
| aptwrap.pl | Perl wrapper for aptitude which colors parts of the output. Screenshot of aptitude show zsh. | 1763 B |
| np.pl | now_playing script written in Perl for irssi in combination with Amarok. | 825 B |
| htmlfuzz.pl | Primitive HTML fuzzer written in Perl which is run as CGI script. Just some how-it-can-be-done code. | 4372 B |
| Name | Description | Size |
|---|---|---|
| Theses | ||
| Master's Thesis | My master's thesis, entitled ``Inductive Intrusion Detection in Flow-Based Network Data using One-Class Support Vector Machines'' (BibTeX). | 1642 KB |
| Technical Reports | ||
| Conficker Analysis | A detailed analysis in german which covers the functionality and activity of the worm named w32/{conficker,kido,downadup}. The analysis deals (among other things) with the distribution, the infection and the download of additional payload. | 462 KB |
| Presentations | ||
| Multiple Precision Integer Arithmetic | A presentation I held about efficient multiple precision integer arithmetic. Beside some basic theory, the paper contains information about the classical methods (add/sub/sqr/mul/div) and the datastructure/API I finally came up with. | 515 KB |
| Address Resolution Protocol | A presentation I held together with a colleague covering the Address Resolution Protocol. The presentation covers the basic functionality, various dialects (RARP, Inverse ARP,...) and ARP security. | 1115 KB |
For E-Mail, please use my PGP/GnuPG public key and encrypt all mail if possible. My fingerprint is: 2A9F 5FBF 714D 42A9 F82C 0FEB 268C D15D 2D08 1E16
