Spoiler Free Spoilers: What LEGO tought me about IT-Security

After watching unfos last vlog https://localhost.exposed/2016/04/12/path-to-oscp-appendix-a-how-to-ask-for-help/ I decided that I need a blogpost to help people without bringing myself in the danger of making OS angry. So here it is. A spoiler free spoiler page. Remember kids, I have no materials from OffSec, I have no clue how the lab looks like. So I CAN’T help you with SERVER X. And this blog is just about LEGO, if somebody gets a nice idea for the labs. Well this is your idea congratulation. I’m talking about LEGO here. Just to be clear. No lab discussion here. JUST LEGO !

So lets assume I give you a LEGO Set number. What can you do with it, without any knowledge at all ?

Here it is: LEGO 70412

Well lets google it ….


What did we learn ??

Its the Soldiers Fort. The last bastion of the brave Imperials against the scurvy Pirates.

bild11 cannon and one small stud shooter, armed guards jada jada.

Did we learn more … lets have a look here. It seems there is a website listing all the nitty gritty details of every LEGO set.


Number of pieces, ohhh it is from 2015 and out of production. MMM

bild3Seems like LEGO doesn’t support it any further.

Lets dig a little bit deeper on that website.

Oh here we have product reviews.


It seems that there are some older folks, who think that this new version of that pirate theme is just a money grab and just flashy and the old version is better. I guess there are people around still displaying the old version and being proud with doing it so. Lets write that fact down. And of course all the other nice little details we found. Like that you can discover the old sets, because the Imperial Soldiers had Red Shoulder pieces, well except for that short period with red uniforms.


badaboomAnd that this new cannons pack a better punch then the old versions. So the old version seems to be a easier target. But we are just interested in this set for the moment. But anyways good little details to know. Just in chase.

Lets see what the manufacture has to say to that set.


Well a bunch of measurements.



Every little detail about this product in a handy pdf. How every brick fits into its place. How helpful. Lets have a look at this pdf .. well looks nice, building building. Well that steps looks weird. I bet a lot of folks get that wrong. How handy that wall from the prison cell can be pulled out. So a backdoor for the prison. How handy. What could possible go wronig the bad guys know about it ?? Hey there are no backwalls. So our mighty fort is totally open from a attack from behind. How handy.


So we figured out some ways to attack it. We identified some possible misconfigurations of that set. And this without even touching it. Nice or ?

And as always in lego, you just could tear everything apart and try to build it in a slightly different way. Or just look at every piece for itself. Like the arches in that set. They are the new version ..



so there are some differences compared to the “classic” version. Will it help us .. maybe.

Just saying. Sometimes just looking at one piece of the puzzle help a lot. Just make sure that THIS ONE PIECE is the right one for your set. If I use the old one or wrong one the whole set will not work.

So much for LEGO Post 1

Greetings ucki

(guess which set I build yesterday)

Ein Gedanke zu „Spoiler Free Spoilers: What LEGO tought me about IT-Security“

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:


Du kommentierst mit Deinem WordPress.com-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )

Verbinde mit %s

%d Bloggern gefällt das: