They who can give up essential liberty
to obtain a little temporary safety,
deserve neither liberty nor safety.

Benjamin Franklin, 1775


december 2020

due to the pandemic everything slowed down a bit and happens now from home ... but there are now the afl++ v3.0 and thc-ipv6 3.8 releases :-) Happy holidays!

july 2020

over the last year afl++ became the best fuzzer available - by independant assessments: Google's FuzzBench Fuzzer Benchmark Assessment from July 2020

I also participated in an academic paper that was accepted for the 14th USENIX Workshop on Offensive Technologies: AFL++: Combining incremental steps of fuzzing research

march 2020

a lot has happend the last months, so here are the highlights:

my afl++ project attracted 3 talented security guys, and we are making the project so much better at such a fast pace - it is amazing! It is that good that is was selected to be in Google Summer of Code :-)

I am performing a training on fuzzing source code and binary programs at the Troopers conference

I wrote an article on the effectiveness of security static code analysis tools which is online now: heise developer: statische code analyse auf dem prüfstand (GERMAN)

june 2019

since afl is not being maintained since fall 2017 and i am collecting afl community patches for over a year i created an update afl++. increased performance in llvm and qemu mode, bug fixes and new featres. plus I added the enhanced performance from aflfast. in other words its the best afl out there :)

afl++ at github

may 2019

i just released version9.0 of hydra: new modules rdp, mongodb and memcached

hydra at github

april 2019

the quality of my security servies are now certified by iso 9001:2015!

january 2019

i wish everyone a happy new year!

2019 was already started enthusiastically by me - I made new releases of hydra and thc-ipv6 available, additionally afl-dyninst now supports dyninst 10!

that being said, I am currently getting my processes iso 9001 certified :)

hydra at github thc-ipv6 at github afl-dyninst at github

november 2018

I am now tisax level 3 security certified for handling prototypes and information with high protection requirements.

happy holidays!

august 2018

new things:

afl-dynamorio enables blackbox binary fuzzing with alf-fuzz through dynamorio

afl patches is a collection of patches for afl that improve performance, coverage, features - or fixes bugs.

additionally I improved the performance of afl-dyninst which is now by far the fastest guided fuzzer solution for blackbox binaries.

afl with dynamorio afl patches afl-dyninst

march 2018

happy eastern! and I brought gifts:

afl-pin enables blackbox binary fuzzing with alf-fuzz through pintool

afl-simulate simulates afl-fuzz to benchmark performance of e.g. afl-pin, afl-dynamorio and afl-dyninst

additionally I am now the co-author of afl-dyninst :)

afl with pintool afl-fuzz simulator afl-dyninst

january 2018

i just released version 3.4 of my ipv6 pentest toolkit.

happy new year!

december 2017

about 20 years ago I coded the proof-of-concept tool rwwwshell. today it can be seen used in the tv series mr.robot in season 2 episode 12 and season 3 episode 1 :)

i wish everyone happy holidays and a great new year!

august 2017

at the (german) heise conference for secure software development (24-26 october 2017) I will do a talk about the (in-)security impact of processors and compilers on the machine code created.

my talk at heise secdev 2017 (german)

july 2017

attention: by availability for the rest of 2017 is already getting low!
and i just released version 8.6 of hydra

hydra at github

may 2017

i just released version 8.5 of hydra

hydra at github

april 2017

the new design of the web page is there :)
happy eastern!

december 2016

the year worked out perfectly well with interesting projects and a lot of work. thank you for your trust in me! i wish everyone a happy xmas and a wonderful new year!
my ipv6 pentest & security training will be held for a last time for north america at the cansecwest security conference in vancouver from the 12-13th march 2017.
inhouse training are possible though, just contact me.

IPv6 Pentest & Security Training, CanSecWest conference, 12-13 March 2017, Vancouver, Canada

october 2015

presentations, keynotes & trainings in singapore, spain, netherlands, austria, ... and i'm booked out until beginning of next year :)

march 2015

many presentations and keynotes at international conferences, booked out with projects - thank you for a great 2014!

what makes my work & results special

  • it-security competence since 1994 - few people have more experience
  • clarity on vulnerabilities in your critical infrastructures
  • practical and down-to-earth recommendations which respect the organisation and processes
  • know-how transfer with the results and better awareness among your team
  • my systems, processes and office is certified by tisax 3.0 for advanced protection requirements
  • my processes have been certified for their quality by ISO 9001
download my cv