Due to the new release of macOS Mojave in September we updated the El Capitan hardening guide.
Continue reading “macOS Mojave Hardening Guide”
Continue readingSecure CI/CD Pipelines @Troopers ’19
In the last couple of months we participated in an increasing count of customer projects following current trends of agile software development approaches and corresponding toolstacks. Especially the terms Continuous Integration and Continuous Delivery kept (and still keep) popping up on every corner. The frameworks and processes behind those two hypes aid developing software at higher quality in shorter release cycles. This is especially relevant since end consumers nowadays expect fast releases including the newest features. If companies neglect this demand, competitors might take advantage of their better time-to-market which might result in increased market share and -dominance. A lot of changes are happening in the space of CI/CD. Existing tools become more mature, gaining increased attention, and new ones are appearing every month including better ways of integrating them into existing or new processes. Companies benefit from more choices, increased flexibility, and faster integration into existing company policies.
Continue reading “Secure CI/CD Pipelines @Troopers ’19”
Continue reading35C3: Refreshing Memories
Hello fellow Troopers and Happy new Year!
35C3 is over, and the recordings are available so in case you did not have the chance or the time to watch the live streams during the holidays or overwhelmed with the number of talks, see in the following a list of recommended talks to fill your evenings or weekends. Apart from the broad coverage of topics in different areas (Ethics, Society & Politics, Hardware & Making, Resilience, Art and Culture, Security, Science, Resilience), foundation talks were aiming for the very basics following this year’s motto “Refreshing Memories.”
Continue reading “35C3: Refreshing Memories”
Continue readingCatching fire with Docker, DevOps & Security in Enterprise Environments
Docker has become the go-to technology in enterprise- and DevOps contexts. Yet, before mastering a skill, there is the thumb rule: one must learn the basics to have solid fundament before building a house on top. Continue reading “Catching fire with Docker, DevOps & Security in Enterprise Environments”
Continue readingBlackhoodie at TROOPERS19
We are going to have a Blackhoodie event at Troopers 2019 on March 18th and 19th in Heidelberg. With a very exciting event last year, we have decided to roll it once again during Troopers.
Continue reading “Blackhoodie at TROOPERS19”
Continue readingMotivational Aspects and Privacy Concerns on Wearables in the German Running Community
Today I am proud to announce that another paper of my former colleagues from Heilbronn University and me was published in one of the journals with the highest impact factor for Medical Informatics research called JMIR mHealth and uHealth. There is a reason why we published in this journal besides its informatics focus. The journal is an open access journal. That means that readers are not charged on a pay-per-view basis or other business models to access the full text of the paper. In return, the authors need to pay publication fees. In my opinion restricting access to academic research is not a way to go. I think this isn’t a thing we see in the security community often anyway. But this is and was the standard in academia for years.
Continue readingERNW Whitepaper 67: Active Directory Trust Considerations
Last week Will “harmj0y” Schroeder published an excellent technical article titled “Not A Security Boundary: Breaking Forest Trusts” in which he lays out how a highly critical security compromise can be achieved across a forest boundary, resulting from a combination of default AD (security) settings and a novel attack method. His post is a follow-up to the DerbyCon talk “The Unintended Risks of Trusting Active Directory” which he had given together with Lee Christensen and Matt Nelson at DerbyCon (video here). They will also discuss this at the upcoming Troopers Active Directory Security Track (details on some more talks, including Sean Metcalf’s one, can be found in this post or this one).
Continue reading “ERNW Whitepaper 67: Active Directory Trust Considerations”
Continue readingAnd Five Talks More Were Accepted at TROOPERS19!
And five talks more were chosen for TROOPERS19! It sounds like it is going to be the best year ever again…
Follow us on Twitter (@WEareTROOPERS) for more information and do not hesitate to use our hashtag #TR19 when you have questions or remarks about TROOPERS19!
Your TROOPERS Team Continue reading “And Five Talks More Were Accepted at TROOPERS19!”
Continue readingDirectoryRanger 1.1.0 Introduces Informational Audit Checks
With version 1.1.0 our tool DirectoryRanger introduces a new feature: informational audit checks. These checks do not have a severity rating because they are just “for your information” and the included information might or might not contain security issues, depending on other facts. But these checks can help to reduce your Active Directory attack surface by pointing you to some aspects which need your attention and at least require to be discussed and documented (and they might also imply governance measures like a risk acceptance).
Continue reading “DirectoryRanger 1.1.0 Introduces Informational Audit Checks”
Continue readingFirst Talks of TROOPERS19 Accepted!
TROOPERS18 was the best year ever (did you check our archives?) and it will be challenging to do better… However, we accept the challenge!
The trainings and talks were from high quality and choices were difficult to make… We hope you will enjoy reading these little teasers!
Follow us on Twitter (@WEareTROOPERS) for more information and do not hesitate to use our hashtag #TR19 when you have questions or remarks about TROOPERS19!
With that being said, we are excited to introduce the first official five talks of TROOPERS19! Continue reading “First Talks of TROOPERS19 Accepted!”
Continue reading