Building

Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects

Looking at IPv6 deployment graphs like this one it becomes clear that IPv6 still is not widely deployed in enterprise space (the reason for the apparent oscillation in that curve is the difference between working days – where people use their office computers – and weekend where they preferably use their smartphones or their home equipment connected by means of broadband networks).

Continue reading “Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects”

Continue reading
Events

My Journey to DockerCon Europe 2017

From October 17th – 19th I had the chance to attend my first DockerCon Europe 2017.

The conference was very well organized and attendee focused, which could be seen by the many little details found on the conference. For example you never ran out of coffee or beverages, there was a new Hallway Track where you could meet people from all disciplines, discuss about your favorite topics and there was always a place to sit and take a break between all those interesting presentations. I had the chance to speak to very nice people from different industries, most importantly in my case on the topic security. It was nice to see how the Docker community is growing and the adoption rate is increasing, especially in companies. The main focus of the conference (especially seen in talks held by people from Docker Inc.) was the Docker Enterprise Edition.

Continue reading “My Journey to DockerCon Europe 2017”

Continue reading
Breaking

Extract Non-Exportable Certificates and Evade Anti-Virus with Mimikatz and Powersploit

Some time ago, one of our customers contacted us with a special request. For some legitimate reason, they needed to centrally collect certain certificates including their private keys which were distributed across many client systems running Windows and stored in the corresponding user stores. Unfortunately (only in this case, but actually good from a security perspective), the particular private keys were marked non-exportable making a native export in the context of the user impossible. As if this wasn’t enough, the extraction was supposed to be executed in the context of the current user (i.e. without administrative privileges) while not triggering the existing Anti Virus solution at all. Also, the certificates needed to be transferred to some trusted system where they could not be accessed in an unauthorized way. So let’s have a look how we tackled these problems:

Continue reading “Extract Non-Exportable Certificates and Evade Anti-Virus with Mimikatz and Powersploit”

Continue reading
Events

TROOPERS for Students!

We are super excited for TROOPERS18 (March 12-16th, 2018) as are many of you! We even have this great saying that “after TROOPERS is before TROOPERS”, which means we spend a lot of time looking through feedback from attendees, speakers/trainers, and our own Crew for ways to not only top what we’ve done in the years before, but also how to simply make it better for everyone involved.  Looking around at our Crew we realized how many have either attended TROOPERS or other conferences as students. We heard from them, as well as other students, how life changing it was to be able, as a student, to attend an IT-Security conference. How they got to meet a speaker whose work they’d read about in class. How people felt even more a part of the community they were studying hard to belong to.  Continue reading “TROOPERS for Students!”

Continue reading
Breaking

Erlang distribution RCE and a cookie bruteforcer

In one of the last pentests we’ve found an epmd (Erlang port mapper daemon) listening on a target system (tcp/4369). It is used to coordinate distributed erlang instances, but also can lead to a RCE, given one knows the so called “authentication cookie”. Usually, this cookie is located in ~/.erlang.cookie and is generated by erlang at the first start. If not modified or set manually it is a random string [A:Z] with a length of 20 characters. If an attacker gains this cookie, a RCE is quite easy – as I like to describe below.

Continue reading “Erlang distribution RCE and a cookie bruteforcer”

Continue reading
Building

Reading the BlueCoat FileSystem

You may remember our last post regarding the SGOS system and the proprietary file system. Since then, we got access to a newer version of the system (6.6.4.2). Still not the most current one (which seems to be 6.7.1.1) nor of the 6.6.x branch (which seems to be 6.6.5.1) though. As this system version also used the same proprietary filesystem (although it initially booted from a FAT32 partition), I decided to take a deeper look into this.

Continue reading “Reading the BlueCoat FileSystem”

Continue reading
Events

RIPE IoT Roundtable Meeting / Balanced Security for IPv6 CPE Revisited

Last week I had the pleasure to participate at the first RIPE IoT Roundtable Meeting in Leeds (thanks! to Marco Hogewoning for organising it). It was a day with many fruitful discussions. I particularly enjoyed Robert Kisteleki‘s talk on RIPE NCC’s own design & (security) process considerations in the context of RIPE Atlas (at TR17 NGI there was an intro to Atlas, too).
In this post I’d like to quickly lay out the main points of my own contribution on “Balanced Security for IPv6 CPE Revisited” (the slides can be found here).

Continue reading “RIPE IoT Roundtable Meeting / Balanced Security for IPv6 CPE Revisited”

Continue reading