I'm a Security Engineer working in the depths of the cloud. This is a personal website that contains most of the work I published and projects I have worked on over the past years. If not stated otherwise, these are spare-time projects I've created for educational purposes or just for fun.

Contact me either via one of the social channels above or via email (optionally PGP encrypted):

• Email :: takeshix [at] adversec [doct] com
• PGP Fingerprint :: 9FBF 054D 0AE0 DCAE 4852 69DC 4B27 D9E6 6F8A F965

Projects

Projects I'm working on from time to time:

• dprktech.adversec.com :: An effort to gather information, data, and software from DPRK-related research. Feel free to contact me for any questions or inquiries regarding North Korean software or hardware. NOTE: I'm not affiliated with dprktech.info anymore, please do not use it!
  • AndroidToolbox :: A basic Android application to play around on North Korean devices.
  • woolim-tools :: Collection of tools and information for the Woolim tablet PC.
  • redstar-tools :: Collection of tools and information for Red Star OS.
  • dprkdict :: A web-based viewer for North Korean dictionary files provided by the E-C-K app.
  • DPRK data mirror :: A mirror for data of various DPRK software projects.
    • Red Star OS :: Installation files for the North Korean Red Star OS.
    • Woolim Android Apps :: A selection of Android apps extracted from the North Korean Woolim tablet PC.

Tools

Tools that I have created and still maintain. They are either updated sporadically or might still be useful as they are (without further modifications):

• go-empdecrypt :: Decrypter for EIS passwords in Matrix24 configuration files.
• go-deen :: Generic data decoding and encoding application (Golang port of deen).
• static-toolbox :: Collection of statically linked tools, compiled and packaged with GitHub Actions.
• deen :: Generic data encoding/decoding application built with PyQt5.
• tools :: A collection of useful tools and code snippets to make various tasks easier.
• csgo-overwatcher :: A tool that allows to investigate the actual suspects of CS:GO Overwatch cases.
• python-ssllabs :: Python interface and command line client for the SSL Labs APIs.
• Nmap Scripts :: A collection of Nmap NSE scripts.
  • knx-gateway-discover.nse :: Discovers KNX gateways by sending a KNX Search Request to the multicast address 224.0.23.12 including a UDP payload with destination port 3671.
  • knx-gateway-info.nse :: Identifies a KNX gateway on UDP port 3671 by sending a KNX Description Request.
  • sstp-discover.nse :: Check if the Secure Socket Tunneling Protocol is supported.
  • ip-https-discover.nse :: Checks if the IP over HTTPS (IP-HTTPS) Tunneling Protocol is supported.
  • mop-discover.nse :: Detect the Cisco Maintenance Operation Protocol (MOP) by sending layer 2 DEC DNA Remote Console hello/test messages.

Presentations

• Digital Options to Liberalize North Korea
  • The Sages Group and Digital Freedom Symposium, Seoul, KOR (2023)
• The Domestic Consumer ICT Space in North Korea
  • KIU Summit, Remote (2021)
• Exploring North Korean Technology - The Past, the Present and no Future for Free Media
  • HXM, Paris, FRA (2019)
• DPRK Tablet PCs - Recent Developments Part 2
  • Project Resilience Implementers' Meeting, Yokohama, JPN (2019)
• Information Expansion in North Korea
  • RightsCon, Tunis, TUN (2019)
• The Signature System and How to Bypass it
  • Project Resilience Implementers' Meeting, Kyōto, JPN (2018)
• Exploring North Korea's Surveillance Technology
  • TROOPERS17, Heidelberg, GER (2017) :: Slides
  • 6th No-Spy Conference, Stuttgart, GER (2017) :: Slides
• Woolim - Lifting the Fog on DPRK's Latest Tablet PC
  • 33C3, Hamburg, GER (2016) :: Slides
• Lifting the Fog on Red Star OS
  • 32C3, Hamburg, GER (2015) :: Slides :: Code

Publications

Publications I have written or contributed to:

• Project Reveal - New research into North Korea's digital control system (2022)
• Governmental Control of Digital Media Distribution in North Korea: Surveillance and Censorship on Modern Consumer Devices (2017)

Security Advisories

Various public security advisories for random stuff I've found:

• tac_plus Pre-auth Remote Command Execution in forks of Cisco's dev kit for TACACS+
  • CVE-2023-48643 :: Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution.
  • CVE-2023-45239 / GHSA :: Facebook tac_plus pre auth remote command execution.
• Arbitrary file read, command injection and local privilege escalation in innovaphone Linux Application Platform (LAP) allows full root access to the host system.
• Open redirect vulnerability in innovaphone Virtual Appliance (IPVA).
• Multiple remote code executions via template injections, SQL injections and XSS in Shopware before v5.2.25.
• CVE-2017-8920 :: irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
• CVE-2016-6519 :: Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1.

Misc

Fun little side projects that came up at some point:

• myip.space :: Returns a client's IP address, SSL/TLS clients certificates, and more via Lua in Nginx.
• Advent Calendar of Advanced Cyber Fun 2020 :: A technical advent calendar with CTF-like services where a new port opens every day, 2020 edition.
• Advent Calendar of Advanced Cyber Fun 2018 :: A technical advent calendar with CTF-like services where a new port opens every day, 2018 edition.
• forpy :: Generic network traffic forwarding with Python's asyncio module. A simple blueprint script that can be extended to manipulate any kind of traffic running through it.

Archived Projects/Tools

These projects/tools are not actively developed anymore. However, I left them here for reference, and maybe they will be useful for someone at some point. Feel free to open issues or send pull requests in any of these repositories, but expect delayed responses.

• kleber.io :: A Pastebin with various features like paste encryption, file uploads, removal of metadata from uploaded files, upload history, and a RESTful, JSON-based API. (Discontinued end of 2022)
  • Kleber :: Kleber source code.
  • Kleber CLI :: Official command line client for kleber.io.
• CTFPWNng :: A simple automation framework for attack-defense CTFs. (successor of CTFPWN)
• KNXmap :: KNXnet/IP scanning and auditing tool for KNX home automation installations.
• WebFixy :: On-the-fly decryption proxy for MikroTik RouterOS WebFig sessions.
• hb-test.py :: Proof-of-Concept code for Heartbleed (CVE-2014-0160).
• CTFPWN :: An exploit scheduling and flag submission framework for attack-defense CTFs implemented with Python's asyncio module.
• ILSpy-CosturaPlugin :: A plugin for ILSpy that loads references that have been embedded as resources with Costura.
• tskmgr :: Simple task/project management tool with a console UI.
• xss-board :: Example app for a simple Cross-Site Scripting (XSS) CTF challenge using Zombie.js.
• laf :: An abandoned old script that searches for administrative login pages.
• sstp-tools :: Initial information gathering for SSTP research.
• ip-https-tools :: Basic information gathering and tools for the IP-HTTPS protocol used by DirectAccess.