I'm a security engineer working in cloud security and security research. This site brings together the work I've published over the years: tools, talks, advisories, and research. Unless noted otherwise, these are independent projects built in my spare time, for learning and for fun.

Find me around the web:

• LinkedIn
• GitHub
• X
• Bluesky
• Mastodon

Contact me via email (optionally PGP encrypted):

• Email // takeshix [at] adversec [dot] com
• PGP Fingerprint // E175 9218 F7F2 45A0 41D0 5A6B 5BA3 7A49 F16B 408F

Projects

Projects I work on as time allows.

• dprktech.adversec.com // An effort to gather information, data, and software from DPRK-related research. Feel free to contact me for any questions or inquiries regarding North Korean software or hardware. NOTE: I'm not affiliated with dprktech.info anymore, please do not use it!
  • AndroidToolbox // A basic Android application to play around on North Korean devices.
  • woolim-tools // Collection of tools and information for the Woolim tablet PC.
  • redstar-tools // Collection of tools and information for Red Star OS.
  • dprkdict // A web-based viewer for North Korean dictionary files provided by the E-C-K app.
  • DPRK data mirror // A mirror for data of various DPRK software projects.
    • Red Star OS // Installation files for the North Korean Red Star OS.
    • Woolim Android Apps // A selection of Android apps extracted from the North Korean Woolim tablet PC.

Tools

Tools I've built and still maintain. Some get occasional updates; others are complete as they are.

• go-deen // Generic data decoding and encoding application (Golang port of deen).
• deen // Generic data encoding/decoding application built with PyQt5.
• static-toolbox // Collection of statically linked tools, compiled and packaged with GitHub Actions.
• go-empdecrypt // Decrypter for EIS passwords in Matrix24 configuration files.
• tools // A collection of useful tools and code snippets to make various tasks easier.
• csgo-overwatcher // A tool that allows to investigate the actual suspects of CS:GO Overwatch cases.
• Nmap Scripts // A collection of Nmap NSE scripts.
  • knx-gateway-discover.nse // Discovers KNX gateways by sending a KNX Search Request to the multicast address 224.0.23.12 including a UDP payload with destination port 3671.
  • knx-gateway-info.nse // Identifies a KNX gateway on UDP port 3671 by sending a KNX Description Request.
  • sstp-discover.nse // Check if the Secure Socket Tunneling Protocol is supported.
  • ip-https-discover.nse // Checks if the IP over HTTPS (IP-HTTPS) Tunneling Protocol is supported.
  • mop-discover.nse // Detect the Cisco Maintenance Operation Protocol (MOP) by sending layer 2 DEC DNA Remote Console hello/test messages.

Presentations

Talks I've given at conferences and events.

• Digital Options to Liberalize North Korea
  • The Sages Group and Digital Freedom Symposium, Seoul, KOR (2023)
• The Domestic Consumer ICT Space in North Korea
  • KIU Summit, Remote (2021)
• Exploring North Korean Technology - The Past, the Present and no Future for Free Media
  • HXM, Paris, FRA (2019)
• DPRK Tablet PCs - Recent Developments Part 2
  • Project Resilience Implementers' Meeting, Yokohama, JPN (2019)
• Information Expansion in North Korea
  • RightsCon, Tunis, TUN (2019)
• The Signature System and How to Bypass it
  • Project Resilience Implementers' Meeting, Kyōto, JPN (2018)
• Exploring North Korea's Surveillance Technology
  • TROOPERS17, Heidelberg, GER (2017) // Slides
  • 6th No-Spy Conference, Stuttgart, GER (2017) // Slides
• Woolim - Lifting the Fog on DPRK's Latest Tablet PC
  • 33C3, Hamburg, GER (2016) // Slides
• Lifting the Fog on Red Star OS
  • 32C3, Hamburg, GER (2015) // Slides // Code

Publications

Publications I've written or contributed to.

• Project Reveal - New research into North Korea's digital control system (2022)
• Governmental Control of Digital Media Distribution in North Korea: Surveillance and Censorship on Modern Consumer Devices (2017)

Security Advisories

Public security advisories for vulnerabilities I've found.

• tac_plus Pre-auth Remote Command Execution in forks of Cisco's dev kit for TACACS+
  • CVE-2023-48643 // Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution.
  • CVE-2023-45239 / GHSA // Facebook tac_plus pre auth remote command execution.
• Arbitrary file read, command injection and local privilege escalation in innovaphone Linux Application Platform (LAP) allows full root access to the host system.
• Open redirect vulnerability in innovaphone Virtual Appliance (IPVA).
• Multiple remote code executions via template injections, SQL injections and XSS in Shopware before v5.2.25.
• CVE-2017-8920 // irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
• CVE-2016-6519 // Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1.

Archived Projects

No longer actively developed, kept here for reference. Issues and pull requests are welcome, though responses may be slow.

• kleber.io // A Pastebin with various features like paste encryption, file uploads, removal of metadata from uploaded files, upload history, and a RESTful, JSON-based API. (Discontinued end of 2022)
  • Kleber // Kleber source code.
  • Kleber CLI // Official command line client for kleber.io.
• KNXmap // KNXnet/IP scanning and auditing tool for KNX home automation installations.
• python-ssllabs // Python interface and command line client for the SSL Labs APIs.
• WebFixy // On-the-fly decryption proxy for MikroTik RouterOS WebFig sessions.
• CTFPWNng // A simple automation framework for attack-defense CTFs. (successor of CTFPWN)
• hb-test.py // Proof-of-Concept code for Heartbleed (CVE-2014-0160).
• CTFPWN // An exploit scheduling and flag submission framework for attack-defense CTFs implemented with Python's asyncio module.
• ILSpy-CosturaPlugin // A plugin for ILSpy that loads references that have been embedded as resources with Costura.
• xss-board // Example app for a simple Cross-Site Scripting (XSS) CTF challenge using Zombie.js.
• laf // An abandoned old script that searches for administrative login pages.
• sstp-tools // Initial information gathering for SSTP research.
• ip-https-tools // Basic information gathering and tools for the IP-HTTPS protocol used by DirectAccess.
• myip.space // Returns a client's IP address, SSL/TLS clients certificates, and more via Lua in Nginx.
• Advent Calendar of Advanced Cyber Fun 2020 // A technical advent calendar with CTF-like services where a new port opens every day, 2020 edition.
• Advent Calendar of Advanced Cyber Fun 2018 // A technical advent calendar with CTF-like services where a new port opens every day, 2018 edition.
• forpy // Generic network traffic forwarding with Python's asyncio module. A simple blueprint script that can be extended to manipulate any kind of traffic running through it.