ERNW has a new baby, so please say “hello” to the new ERNW SecTools GmbH ;-).
But why another ERNW company? Short answer: Because we want to contribute to changing the way how software is built today: insecure, focused on profit and sometimes made by people who ignore lessons from history. So how can we contribute in this space? Start changing it ;-).
In various scenarios it might be helpful or even required to have a statically compiled version of Nmap available. This applies to e.g. scenarios where only limited user privileges are available and installing anything to the system might not be desirable.
Our new workshop about TLS/SSL in the enterprise will be held for the 1st time at Troopers 2018. So I would like to take the opportunity and post a short teaser about stuff we will cover in this workshop.
During years, many different researches and attacks against digital and physical payment methods have been discussed. New security techniques and methodologies such as tokenization process attempts to reduce or prevent fraudulent transactions.
In this article, we describe the impact of the increased use of Docker in corporate environments on forensic investigations and incident analysis. Even though Docker is being used more and more (Portworx, Inc., 2017), the implications of the changed runtime environment for forensic processes and tools have barely been considered. We describe the technological basics of Docker and, based on them, outline the differences that occur with respect to digital evidence and previously used methods for evidence acquisition. Specifically, we look at digital evidence within a Docker container which are lost or need to be acquired in different ways compared to a classical virtual machine, and what new traces and opportunities arise from Docker itself.
The first time I’ve heard about RFID was at high school, back in 2002, when I was studying Electronics. Back in that time, this technology was like some sort of black magic to me. A few years later in 2011, our government in Argentina decided to implement a “new technology” called NFC, designed as the new and only way of payment for the use of public transport. So, I decided to understand it better, play with it, and try some hacks I heard from the cool people of the CCC.
If you attack someone, they will defend themselves, but if you tickle them, they will eventually crack open. This surprisingly applies to Android apps as well! Therefore, I created AndroTickler, not to test apps against certain attacks or examine them for specific vulnerabilities, which developers would learn to avoid. However, it helps pentesters to analyze and test apps in their own style, but in a faster, easier and more flexible way. AndroTickler is a Swiss-Army-Knife pentesting tool for Android apps. It provides information gathering, static and dynamic analysis features, and also automates actions that pentesters frequently do and highly need during their pentests. In addition, it makes use of the powerful Frida to hook to the app and manipulate it in real-time.
We have a short update from the TelcoSecDay 2018 Agenda. But before that, a short reminder. The CFP for TelcoSecDay 2018 is still open. If you are into telco research, and if you have something interesting to talk, please make a submission here. The deadline is 17th February 2018.
Here is a short blog post that explains how you can make your own Man-in-the-Middle (MitM) setup for sniffing the traffic between a SIM card and the backend server. This is NOT a new research but I hope this will help anyone who doesn’t have a telco background to get started to play with mobile data sniffing and fake base stations. This is applicable to many scenarios today as we have so many IoT devices with SIM cards in it that connects to the backend.
In this particular case, I am explaining the simplest scenario where the SIM card is working with 2G and GPRS. You can probably expect me with more articles with 3G, 4G MitM in future. But lets stick to 2G and GPRS for now.
As Kai and I will be holding a TROOPERS workshop on automation with ansible, we needed a setup for the attendees to use ansible against virtual machines we set up with the necessary environment. The idea was, that every attendee has their own VMs to run ansible against, ideally including one to run ansible from, as we want to avoid setup or version incompatibilities if they set up their own ansible environment on their laptop. Also they should only be able to talk to their own machines, thus avoiding conflicts because of accidental usage of wrong IPs or host names but also simplify the setup for the users.