6th No-Spy Conference

Last friday Florian and me attended the 6th No-Spy Conference in Stuttgart, Germany. We gave a talk about surveillance and censorship on modern devices in North Korea and discussed various aspects with the attendees. The atmosphere was very welcoming and we had some nice discussions about various topics which allowed us to better clarify some things. The slides are available here.

Thanks to the organizers for having us!

Continue reading

Looking back on RIPE 74

From May 8th to 12th I was able to attend the 74th RIPE meeting in Budapest, Hungary. Being rather new to the networking community, I enjoyed learning a lot of different things, not only from the various interesting talks but also from inspiring conversations with a variety of people from all areas during the beautiful social events.

As it was the first RIPE meeting for me, I was very thankful for the “Newcomer’s Introduction” on Monday morning, containing a RIPE and RIPE NCC 101. It was quite helpful to get into the mindset and understand the structure of the meeting, like the division into different working groups based on the participants’ interests. After familiarizing myself with the concept, I chose to attend several sessions on Address Policy, IPv6, Routing, Open Source, and DNS working groups besides the general plenary sessions. I’ll be reviewing those sessions here. Continue reading “Looking back on RIPE 74”

Continue reading

Git Shell Bypass By Abusing Less (CVE-2017-8386)

The git-shell is a restricted shell maintained by the git developers and is meant to be used as the upstream peer in a git remote session over a ssh tunnel. The basic idea behind this shell is to restrict the allowed commands in a ssh session to the ones required by git which are as follows:

  • git-receive-pack
    • Receives repository updates from the client.
  • git-upload-pack
    • Pushes repository updates to the client.
  • git-upload-archive
    • Pushes a repository archive to the client.

Besides those built-in commands, an administrator can also provide it’s own commands via shell scripts or other executable files. As those are typically completely custom, this post will concentrate on the built-in ones.

Note: This has nothing to do with the also recently fixed vulnerabilities in gitlab [1] [2].

Continue reading “Git Shell Bypass By Abusing Less (CVE-2017-8386)”

Continue reading

One Step Closer – RDNSS (RFC 8106) Support in Windows 10 Creators Update

Good Afternoon,

It is a pleasant surprise for many (us included) that Microsoft implemented support for the RDNSS (RFC 8106) option in Router Advertisements beginning with the Windows 10 Creators Update. Interestingly, I wasn’t able to find any official documents from Microsoft stating this. As we are involved in a lot of IPv6 related projects for our customers, the lack of RDNSS support for Windows and DHCPv6 for Android is a major pain point when implementing IPv6 in mixed client segments, as you need to implement both mechanisms to ensure that all clients do get the relevant network parameters. I won’t beat on the dead horse, but Microsoft’s decision is a huge step in the right direction and one can hope that one day Google finds a “compelling use case” to implement at least stateless DHCPv6 for Android. Continue reading “One Step Closer – RDNSS (RFC 8106) Support in Windows 10 Creators Update”

Continue reading

Insight Summit on June 1st: DevOps, Continuous Deployment & Agile Security

The following post is in German as it is covering an Event with German as the main language.

INSIGHT SUMMIT 2017 präsent DevOps, Continuous Deployment & Agile Security

Inspiriert durch die erfolgreichen Round Table Session der TROOPERS freuen wir uns Ihnen heute mit dem AgileSecurity Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.

Die Veranstaltung beginnt am Morgen mit einer Keynote, gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus der Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round Table Sessions teilnehmen (jeder Teilnehmer kann an beiden Sessions teilnehmen). In den Round Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert.

Was Sie erwartet:

  • Eröffnungsvortrag von Florian Barth (Stocard)
  • Fallstudien & Vorträge
  • 2 Round Table Diskussionen


09:00- Opening Remarks
09:15- DevOps Best Practices
10:00- DevOops: Security Fails in the DevOps World
10:45- Kaffeepause
11:00- Case Study
11:45- Integrating Security into Continuous Deployment
12:30- Mittagspause
13:30- Round Table Session
15:00- Kaffeepause
15:30- Round Table Session
17:00- Closing Remarks
17:15- Offizielles Ende

Break Out Sessions:

  • Organisatorische Herausforderungen und Möglichkeiten von DevOps und Continuous Integration/Deployment unter Sicherheitsaspekten
  • Technische Sicherheitsaspekte typischer Technologien der modernen agilen Software-Entwicklung

Gerne lassen wir Ihnen weitere Informationen zukommen oder nehmen Ihre Anmeldung unter registration@ernw-insight.de entgegen. (Link zu vollständigem Flyer)

Continue reading

Autonomic Network Part 3: Vulnerabilities

This is the 3rd post in the series of Autonomic Network (AN), it will dedicated for discussing the vulnerabilities. I recommend reading the first 2 parts (part one, part two) to be familiar with the technology and how the proprietary protocol is constructed.

Initially we will discuss 2 of the reported CVEs, but later there is more CVEs to come 😉

Continue reading “Autonomic Network Part 3: Vulnerabilities”

Continue reading

(Mostly) New, Interesting, and Security-focused Open Source Projects

Troopers ’17 – the 10th edition – madness is over and hopefully all of you are well rested and recovered after this special week. Of course the rest of the world did not stand still and thus Google lifted the curtains on a new public portal collecting and promoting the Open Source Software projects developed by employees of Google: opensource.google.com. There are a lot of interesting projects that might incubate new interesting developments. And even security oriented tools and projects (51 at the time of writing to be precise) are publically available Continue reading “(Mostly) New, Interesting, and Security-focused Open Source Projects”

Continue reading

Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS

Given the CfP for Black Hat US in Vegas ends in a few days – and as apparently some people have already started to think about their TR18 submissions – I’ll quickly provide some loose recommendations on how to write a submission here. There’s quite some reasonable advice out there already (the BH CfP site lists this and this which you should both read as well) but some of you might find it useful to get (yet) another perspective. Continue reading “Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS”

Continue reading

This is Why Your Wireless Mouse Should Have a Tail and Your Presenter is a Fail

Puh…it’s been a long time since my last post, huh?
However, let’s get straight back to topic. Today, I want to issue a warning, especially in face of upcoming Troopers 2017 (less than two days to go, wooo! 10th anniversary!): be careful when using wireless equipment (presenters, mouses, keyboards,…), especially during Troopers, but also in daily use. Continue reading “This is Why Your Wireless Mouse Should Have a Tail and Your Presenter is a Fail”

Continue reading