Jan Hoersch

@nv1t
He/Him

Cyber Security

Speaker

Consultant

Open Source

Mentor

Conference Speaker

Remote Worker

Information Security

Parent

Coding

Technical Writer

GitHub

Hiker

Hardware Engineer

Linux

health and wellness

System Administrator

Personal Growth

GitHub user

Outdoors Enthusiast

Electronics

Neurodivergent

Nature Lover

Security Researcher

Runner

Twitter

White hat hacker

I’m an IT Security Consultant & Penetration Tester with 12 years experience in IT Security and 8 years of professional experience in IT Security Consulting targeting various companies in FinTec, Chemical Industries, Banking, Automotive Industry. With at least basic knowledge in a wide variety of IT Security topics, my major focus is on penetration testing and reverse engineering of various devices.

Read more

I'm open to

partnering on side projects,

open source contributions,

guest lecturing,

live streaming,

speaking at events,

speaking on podcasts,

talking to journalists,

and brainstorming.

Contact Me

Resume

Jan 2021 - Present

Senior Security Consultant, SSE - Secure Systems Engineering GmbH

Aug 2018 - Dec 2020

Lead Security Consultant, Context Information Security

Nov 2014 - Jul 2018

Security Consultant, Securai GmbH

Nov 2011 - Oct 2014

Network & Security Engineer, TMT GmbH & CO. KG

Links

Mastodon - @nv1t@chaos.social

Blog - https://nv1t.github.io

Portfolio

View All

The weird BLE-Lock

I was a guest speaker in a nice Podcast "Dumm Gefragt" (Stupid question) from 1Live. The main topic was breaking stereotypes about hackers. Have a listen at (https://www1.wdr.de/radio/1live/podcast...

It was a great day speaking at the IGER 2022 (Intergalaktische Erfahrungsreise) in Bamberg about JSON Interoperability Vulns and Hardware Reverse Engineering. My slides are located in my Github Rep...

Somebody took a Side Project of mine and reworked it in a better product. It was so nice to see my work being beneficial to others! (https://github.com/StefanMack/DokuCam)

Side projects

Do you want to move forward in IT Sec without the hassle of external companies? You don't want to spend unlimited money on discovering and fixing vulnerabilities of your application? Yolo Security ...

Speaking engagements

Why JSON is (sometimes) bad and should feel bad

https://media.ccc.de/v/29c3-5285-de-en-men_who_stare_at_bits_h264

Spoke at the Kaspersky Security Analyst Summit about easy exploitation of IoT devices and the current state of responsible disclosure due to bad communication with vendors.

Articles and blogs

Write-up about high-risk vulnerabilities within Melag FTP Server (Used in Medical Environments). This should be considered as #0day. Upon use, please check your network segregation and act accordin...

https://www.securai.de/veroeffentlichungen/blog/binary-patching-java/

https://www.securai.de/veroeffentlichungen/blog/iot-pentest-der-weg-von-der-firmware-zur-shell/

https://nv1t.github.io/blog/i-hate-you-wd