Insinuator.net – Bold Statements

April 25, 2018 by Matthias Luft

Industrial IoT Overview & Case Studies

Stefan and I had the pleasure of joining a one-day closed workshop on Industrial IoT Security. As always, we ended up with plenty of new research ideas and great contacts. We hope of course to post on follow-up research, but in this short post we quickly want to publish our slides which contain our input for the workshop. We mainly presented on IT security challenges for modern IIoT environments and presented some case studies for successful hardening/protection of IIoT environments as well as security in IIoT product development.

You can find our slides here.

Breaking

April 24, 2018 by Pascal Turbing

Yet Another Information Disclosure?

Hey there, for those of you that roll your eyes when writing the nth Information Disclosure Finding in a report, here is a short story of how such information helped compromising a system.

Continue reading “Yet Another Information Disclosure?”

Misc

April 13, 2018 by Oliver Matula

Security Advisory for VMware vRealize Automation Center

During a recent customer project we identified several vulnerabilities in the VMware vRealize Automation Center such as a DOM-based cross-site scripting and a missing renewal of session tokens during the login. The vulnerabilities have been disclosed to VMware on November 20th, 2017. A security advisory for the vulnerabilities has been made available here on April 12th, 2018. Continue reading “Security Advisory for VMware vRealize Automation Center”

Events

March 23, 2018 by Niki Vonderwell

#TR18 Attack & Research Summaries

This blogpost contains summaries of talks from this year’s TROOPERS18 Attack & Research Track.

Continue reading “#TR18 Attack & Research Summaries”

Events

March 23, 2018 by Niki Vonderwell

#TR18 SAP Security Summaries

This blogpost contains summaries of talks from this year’s TROOPERS18 SAP Security Track.

Continue reading “#TR18 SAP Security Summaries”

Events

March 23, 2018 by Niki Vonderwell

#TR18 Next Generation Internet (NGI) Summaries

This blogpost contains summaries of talks from this year’s TROOPERS18 Next Generation Internet Event.

Continue reading “#TR18 Next Generation Internet (NGI) Summaries”

Events

March 22, 2018 by Enno Rey

#TR18 Active Directory Security Track, Part 1

This is the first post discussing talks of the Active Directory Security Track of this year’s Troopers which took place last week in Heidelberg (like in the last nine years ;-). It featured, amongst others, a new track focused on Microsoft AD and its security properties & implications. This was the agenda.

Continue reading “#TR18 Active Directory Security Track, Part 1”

Breaking

March 15, 2018 by Florian Grunow

Squirrelmail Full Disclosure – TROOPERS18

Birk an me basically fully disclosed a 0day in Squirrelmail yesterday. This is a short Q&A to answer the most common questions about the issue to calm you all down a little bit. 😉

Continue reading “Squirrelmail Full Disclosure – TROOPERS18”

Events

March 14, 2018 by Florian Horsch

The Hackers‘ Sanctuary City

TROOPERS has a long history of theming the conference every year. Usually we pick a surreal topic, a fun story which we think is worth to pick up on. Some of it starts as a crazy thought, others have been the result of long discussions. Most of them are online, only our master piece from 2016 is securely stored in the company’s vaults.

Continue reading “The Hackers‘ Sanctuary City”