Hey there - I am Ole, a 23-year-old university student in computer science, currently writing my master thesis in cybersecurity at the RWTH Aachen University. I am a tech enthusiast, with a passion for offensive cybersecurity. After I graduate with my master’s degree, I want to pursue a career in pentesting/ethical hacking, aiming for future work in sophisticated red team assessments.
This portfolio gives an overview of my skills, where you can look into some of the bigger projects I worked on throughout my time as a student. Feel free to contact me if you have any questions or just want to have a chat.
As part of my master thesis, I developed an evaluation framework for industrial intrusion detection systems (IIDS) in cooperation with the Fraunhofer FKIE. This framework enables a completely automated evaluation of a given IIDS within a complex power grid simulation, combining the execution of sophisticated attacks based on the power grid network protocols IEC 60870-5-104, with a thorough data collection. By combining gathered information about attacks, network traffic, power grid states, and alerts generated by the IIDS, the framework computes evaluation metrics and visualizes the results in multiple ways. For further information about the inner workings of this framework, please refer to my master thesis. The framework was implemented in Python and automated with Bash.
... read more
Since I have mostly programmed in Python, which provides a high level of abstraction, I found myself lacking understanding of more complex low-level vulnerabilities, which I encountered in my cybersecurity journey. I therefore decided to diversify my repertoire of programming languages. In order to not just start with random projects, but to build an understanding of the languages, I approached this in a practical, but guided format via the platform Exercism.
I want to complete the Rust course, providing a foundation for programming tools, which require a high degree of memory safety. Additionally, I want to learn the basics of C and Assembly, refining my code understanding for identifying memory vulnerabilities and reverse engineering. Lastly, I strive for a better understanding of Bash and PowerShell, which both play a major part in exploiting targets, and automating processes.... read more
Over the last few years, I have done a lot of projects, either as part of my university studies or as a means to gain some hands-on experience in my free time. To showcase some of my achievements, I developed this portfolio website. This website runs over an Apache instance on my Raspberry Pi, which is accessible over a Cloudflare tunnel and exposes this website, as well as my Security Vault.
... read more
As part of a lab in my masters studies, we explored different ways in which industrial intrusion detection systems can analyze network traffic and classify malicious activity. In the final part of this lab, we were tasked to develop a project in the field of intrusion detection, in which case we developed a highly experimental detection approach. We built a system, which classifies Modbus network communication with the help of a GPT model, such as the one used by ChatGPT.
After preprocessing the data in Python, we fed the parsed network traffic into an existing GPT-2 implementation in PyTorch, which predicts future network traffic. After a comparison to the actual network traffic, we identify malicious patterns and visualize the results. Even though the evaluation required extensive computation times on the university's computer cluster for model training, the results showed promising performance.
... read more
In my bachelor studies, me and four other students built a microprocessor architecture. This includes a thorough design of the processor's components, layout, instruction set and memory management from the ground up, which we implemented in VHDL. Moreover, we developed mnemonics, and an assembler, which assembles the code according to our instruction set. Afterwards, we wrote programs, which process inputs such as button presses and switches, and output over a set of LEDs.
... read more
In the modern age, the energy sector has undergone several changes. Consequently, power grids have shifted to a smart architecture, relying on closely connected control systems. Due to vulnerabilities that arise from said connectivity, industrial intrusion detection systems have become an essential part of security in critical infrastructure. Even tough this research field has seen great attention by researchers, analysis, evaluations, and comparisons of different intrusion detection solutions suffer from great methodological differences.
In cooperation with the Fraunhofer FKIE, we address the missing methodological evaluations of intrusion detection systems. To solve this, we develop a methodology for consistent intrusion detection system evaluations. Based on the results, we develop an evaluation framework, a tool which implements the methodology. By developing complex attack scenarios for IEC 60870-5-104 and utilizing the implemented framework, we evaluate state-of-the-art intrusion detection systems like Omicron's StationGuard in Wattson, a highly sophisticated simulation for power grid environment.
... read more
Cyber-physical systems have special requirements due to the environment they are set in. In many cases, security is not a priority in the system's design, keeping the induced overhead to the bare minimum. Due to the rising threat of quantum computing, these security protocols need to be adapted to the post-quantum age, which poses as a challenge due to the aforementioned restrictions.
This paper presents state-of-the-art approaches to enabling post-quantum security in cyber-physical systems. By grouping proposals and highlighting the specific problems that they address, the paper overviews and analyzes the current state of this research field.
... read more
The advent of quantum computing offers new algorithmic possibilities to solving some complex computational problems. From a cybersecurity perspective, two quantum algorithms are of special interest: Shor and Grover. Application of these two algorithms on classical cryptography schemes enables drastically quicker brute force attacks, breaking classical encryption.
In this thesis, I detail the inner workings of quantum computers as well as quantum algorithms and their application on cryptography. Moreover, the thesis discusses which schemes are vulnerable to quantum computing and how those can be broken in practice.... read more
Throughout my cybersecurity journey, I picked up on such a great amount of information, which made its retention challenging. I quickly learned, that a strategic note-taking system is essential for succeeding in the cybersecurity space. After a while, I noticed several inconsistencies in my notes which lead to me wanting a complete overhaul of my notes and relate the information in an obsidian vault, allowing for quick look-ups. I took this chance and decided to publish my notes, which lead to the creation of my Security Vault, which focuses on all things offensive cybersecurity.
With the help of quartz, git, and a Bash script, my obsidian vault gets routinely compiled to static HTML, which is then served over this Apache server. This project will most likely remain work-in-progress, as I strive to continuously extend this knowledge database.
... read more
In order to get a better grasp on more advanced offensive cybersecurity tools, topics and methodologies, I joined HackTheBox Academy. This platform offers detailed and high quality modules, which combine deep theoretical lessons with practical challenges, in which I can apply my new knowledge. At the end of each module, multiple practical challenges with higher difficulty need to be completed, in order to finish the module.
The best way of reinforcing my cybersecurity knowledge is its practical application in live engagements. For this purpose, I try to solve Capture-the-Flag challenges on HackTheBox. These require me to apply my knowledge in new settings, with the aim of gaining initial access to vulnerable machines in a black-box scenario and escalate my privileges to root. Since my busy time schedule oftentimes clashes with the long duration of these engagements, I instead shifted my focus to HackTheBox Academy. In the rare case that I do have the time to complete a box, I try to add my write-up to my Security Vault.... read more
TryHackMe was my first introduction to cybersecurity in a practical setting, which brought me into the offensive side of cybersecurity. On this website, I engaged with several hacking topics and tools, combined with more beginner-friendly Capture-the-Flag challenges. I successfully completed numerous learning paths, such as “Jr Penetration Tester”, “Offensive Pentester”, “Red Teaming” and “Security Engineer”.
... read more
After gaining some experience in Capture-the-Flag challenges, I joined a club at my university, which regularly participates in these kinds of events and organizes meetups to talk about cybersecurity. As a team, we competed in the “HTB University CTF: Brains & Bytes 2023”, where we ranked 103rd out of 955 teams.
... read more
