This is Why Your Wireless Mouse Should Have a Tail and Your Presenter is a Fail

Hello world,

TL;DR Please take into account that you put your laptop at risk of being hacked by using wireless equipment during Troopers. This could lead to a full system compromise. Wirelessly. Attacks like keystroke injection or sniffing of latter and mouse movements are possible. This, e.g. applies to speakers, using wireless presenters (like Logitech R400/R800, old and new models), as also to any attendee or crew member who might use wireless¬†mouses or keyboards. Be aware of this! Continue reading “This is Why Your Wireless Mouse Should Have a Tail and Your Presenter is a Fail”

Continue reading

Autonomic Network Analysis – Part 2

This is the second part in the Autonomic Network series. We have introduced previously in our first part the Autonomic Network (AN), took a look about the needed configuration to run it on Cisco gear and what is the expected communication flow. In this post, we will dive deeper to have a closer look on the packets and how they are composed. Cisco’s AN protocol is a proprietary one and as far as I know, the analysis provided here for the protocol is the first of its kind.

Before I begin the analysis, I would like to thank Marc Heuse for his contributions to the protocol analysis.

The AN protocol consists mainly of 3 phases:

  1. Channel Discovery
  2. Adjacency Discovery
  3. Secure Channel

Continue reading “Autonomic Network Analysis – Part 2”

Continue reading

Autonomic Network Overview – Part 1

Good Evening,

This is a 3-part series which introduces and analyzes Cisco’s implementation for Autonomic Network. In the 1st part, the technology is introduced and we have an overview about communication flow. In the 2nd part, Cisco’s proprietary protocol is reverse engineered ūüėČ then finally in the 3rd part, multiple vulnerabilities will be disclosed for the first time. If you’re aware of the technology, you can skip directly to part 2 where the action begins!¬†

Autonomic Network is Cisco’s vision for the future of smart networks. Autonomic systems have the ability to self-manage themselves. In other words, autonomic systems are smart enough to configure and secure themselves, optimize the running processes and re-run the failed processes. Cisco engineers in collaboration with IETF defined the Autonomic Networks main components and features through multiple RFCs found in the ANIMA workgroup. Cisco has deployed the Autonomic Network capabilities on their systems since 2014 and multiple big companies started to integrate and make use of Autonomic Network features within their systems. Continue reading “Autonomic Network Overview – Part 1”

Continue reading

CSA Summit CEE and BSides Ljubljana 2017

At the end of last week I had the pleasure to visit the CSA Summit CEE and the Bsides Event in Ljubljana.

At CSA, I was talking about hypervisors, breakouts and an overview of security measures to protect the host. (Slides)
This ranged from the basic features some hypervisors provide out of the box to advanced features like SELinux, device domain models and XSM-FLASK.

Most of the other talks were more targeted towards management level employees, but even as a fairly technical person I found Mike Bursell’s talk ¬†highly interesting. After my talk about securing the host system from a malicious guest, he dealt with the inverse: Technologies to protect a guest from a malicious or compromised host.

At BSides Ljubljana, I was talking about Binary Analysis Frameworks e.g Angr, Triton and others.
My slides can be found here, the video recording of the presentation should be available soon too. The cheat-sheet mentioned can be found in the official repository and will be maintained there.

Both conferences provided a great opportunity to meet interesting people and were small enough to get to know (nearly) everyone.



Continue reading

TR17 Training Teaser: Wireshark Scripting with Lua (2 days training)

This is a guest blog by Peter Kiesberg and Sebastian Schrittwieser for their training, Wireshark Scripting with Lua

Learn, how to script Wireshark to better suit your needs, as well as save on costs by letting Wireshark automatize many of your daily analytical tasks!

In this highly interactive training at TROOPERS you will learn how to write your own protocol dissectors to support new protocols unknown to the standard Wireshark, as well as create your own analysis mechanisms for gathering more details on known protocols. Use Wireshark as a tool for post-processing and data analytics, as well as for triggering alarms based on traffic patterns. With the integration of the highly versatile Lua scripting language into Wireshark, it is possible to tailor the capabilities of Wireshark right for you special requirements. In this two-days training you will learn how to customize Wireshark starting from scratch with an in-depth introduction to Lua over writing simple dissectors for unknown protocols to setting up customized network analysis scenarios. Continue reading “TR17 Training Teaser: Wireshark Scripting with Lua (2 days training)”

Continue reading

TROOPERS17 GSM Network – How about your own SMPP Service?

Hello fellow Troopers!

The event of the events is getting closer and¬†again, we are very optimistic to have a lot of awesome trainings, talks, evening events, and discussions. But we again will also have some “features” and gimmicks for those of you who would like to play with new, old, or just interesting technologies. As you might remember, since some years one of these features is and¬†again will be our own GSM Network. As we are improving¬†our setup¬†from year to year, this time we’d like to give you the chance to actively participate with ideas and your own services.

Continue reading “TROOPERS17 GSM Network – How about your own SMPP Service?”

Continue reading

Agile Development & Security

I’m a big fan of Chris Gates’ publications on DevOops and From Low to Pwned. The content reflects a lot of issues that we also experience in many assessments in general and assessments in agile environments in particular. In addition, we were supporting several projects recently that were organized in an agile way. In this post, I want to summarize some thoughts on how security work can/should be integrated into agile projects. The post was also a result from the preparation of our upcoming Troopers workshop on Docker Security & Devops, which of course also covers organizational aspects, but not to the degree this post describes them.

Continue reading “Agile Development & Security”

Continue reading