Dive into my latest experiments in digital security, from exploit analysis and reverse engineering to advanced network defense configurations and protocols. Find out more about what drives my curiosity and passion for cybersecurity.

Over the past few months, I've immersed myself in the world of Capture The Flag (CTF) competitions. These challenges are more than just games; they are a playground for creative problem-solving and a vital way to stay ahead of evolving attack vectors. My experience spans low-level binary exploitation at ETHZ's Information Security Lab, rigorous hands-on training in the Software Security Course at EPFL, and competing in the Swiss Hacking Challenge 2026, where I placed 40th out of 300+ participants. From reverse engineering and cryptography to web security and forensics, I love the diverse and creative nature of these challenges. They are a great way to learn and have fun, while keeping me up to date with the latest security trends and techniques.

Network Security has piqued my interest quite a bit. In the Network Security class at ETHZ, I built a (low-performance) Python-based firewall. This project incorporated modern defense mechanisms such as rate limiting, port scan detection, stateful handling of malicious (bogus) UDP/TCP packets, blacklisting, as well as Network Address Translation (NAT). Implementing a firewall system highlighted the critical tension between efficient, high-performance security enforcement and the necessity of minimizing false positives. A second project in this class was to set up and explore the SCION architecture. SCION is a future Internet architecture designed to be secure, available, and robust by design, addressing major security issues of the current BGP-based Internet. In the Network Security class, I explored its fundamental concepts, such as path-aware networking, control-plane isolation, and trust root delegation. The project involved setting up a SCION environment in Go and communicating over its channels.

The future of secure authentication are Passkeys. In a group of two, we implemented a website that used WebAuthn to replace traditional passwords with cryptographic keys stored securely on the device. Our main motivation was to understand how underlying algorithms like FIDO2, public-private key cryptography, and attestation work. This project granted us a much deeper understanding of user identity and zero-trust security models. For reference, we also added normal username & password logins as well as 2FA!

There are many more projects that I have worked on, but I won't list them all here. They include attacks on trusted execution environments, formal verification with Tamarin, adversarial examples on machine learning models, a shopping list web app, distributed large-scale real-time routing for SBB with hadoop and spark, or Get-Together, a web app for trip planning. However, I do want to mention one project that has a special place in my heart: this website. Since 2023, I have been updating, improving and maintaining it to the best of my ability. Without knowing HTML, CSS, or JavaScript, I started and arrived at the current static website you're seeing. The process was sometimes hard but mostly fun, since I directly saw the results of my work. I really hope you like the contents and the design. If you happen to have any feedback, I would be glad to hear it! Alright, that's all for now. If you came this far, I wish you all the best, thanks a lot for reading, and peace out! ✌🏽