ShadowIM - an Instant Messenger crafted with a strong emphasis on privacy. It seamlessly integrates the Matrix communication protocol to offer you state of the art message encryption and effortless communication with fellow Matrix Network users across various clients. ShadowIM ensures full client-side encryption, safeguarding your data against unauthorized access.
Hi, I'm Simon
I study Advanced IT-Security
and enjoy building Secure Applications
ShadowIM
Alpha-Version Release: Q1 2024
Projects
Chrome Cookie/Credential Stealer
Allows the decryption of the Google Chrome Credentials/Cookie storage by using the Windows DPAI on the victims machine. Supports all Chrome editions in their newest versions. Perfect example of how easy Session-Hijacking can be realized to bypass modern Multi-Factor authentications.
Tech Stack : Python 3, Windows DPAPI
Features : 2-FA/MFA Bypass, Pentesting
Documentation
DNS Data Exfiltration (File Transfer)
This project contains a server/client implementation for encrypted & integrity protected data-transfer through the inconspicuous DNS-Protocol. This exfiltration method allows attackers to possibly bypass Firewalls and establish a stealth connection to their C2-Server.
Tech Stack : Python 3
Features : Data Exfiltration, Firewall Bypass
Documentation
Robot Social Engineering
Social engineering is a steadily evolving attack vector, often targeting companies that are not vulnerable on a technical level. With rapidly evolving technologies, a new category of Social Engineering is now upon us: Robot Social Engineering.
Subject : Applied Cyberpschology
Keywords : Social Engineering, Social Robots, Robot Social Engineering
Bluekeep - RCE Vulnerability
A very short technical explanation of the Bluekeep vulnerability (CVE-2019-0708). This paper is based on many blog articles and my own technical exploration of the vulnerability as Bluekeep itself isnt very popular as scientific research topic.