Hi, I'm Simon

I study Advanced IT-Security
and enjoy building Secure Applications


Alpha-Version Release: Q1 2024

Matrix logo1

ShadowIM - an Instant Messenger crafted with a strong emphasis on privacy. It seamlessly integrates the Matrix communication protocol to offer you state of the art message encryption and effortless communication with fellow Matrix Network users across various clients. ShadowIM ensures full client-side encryption, safeguarding your data against unauthorized access.

Features : E2EE, Application data encryption, Matrix Protocol, cross-client compatibility


Chrome Cookie/Credential Stealer

Allows the decryption of the Google Chrome Credentials/Cookie storage by using the Windows DPAI on the victims machine. Supports all Chrome editions in their newest versions. Perfect example of how easy Session-Hijacking can be realized to bypass modern Multi-Factor authentications.

Tech Stack : Python 3, Windows DPAPI

Features : 2-FA/MFA Bypass, Pentesting


DNS Data Exfiltration (File Transfer)

This project contains a server/client implementation for encrypted & integrity protected data-transfer through the inconspicuous DNS-Protocol. This exfiltration method allows attackers to possibly bypass Firewalls and establish a stealth connection to their C2-Server.

Tech Stack : Python 3

Features : Data Exfiltration, Firewall Bypass


Robot Social Engineering

Social engineering is a steadily evolving attack vector, often targeting companies that are not vulnerable on a technical level. With rapidly evolving technologies, a new category of Social Engineering is now upon us: Robot Social Engineering.

Subject : Applied Cyberpschology

Keywords : Social Engineering, Social Robots, Robot Social Engineering

Bluekeep - RCE Vulnerability

A very short technical explanation of the Bluekeep vulnerability (CVE-2019-0708). This paper is based on many blog articles and my own technical exploration of the vulnerability as Bluekeep itself isnt very popular as scientific research topic.

Subject : Offensive Cybersecurity

Keywords : Bluekeep, CVE-2019-0708, Exploits, Remote Code Execution, Reverse Engineering, Windows RDP