Breaking

Reversing and Patching .NET Binaries with Embedded References

Lately I’ve been analyzing a .NET binary that was quite interesting. It was a portable binary that shipped without any third-party dependencies. I started looking at the .NET assembly with ILSpy and noticed that there was not that much code that ILSpy found and there were a lot of references to classes/methods that were neither in the classes identified by ILSpy nor were they part of the .NET framework.

Continue reading “Reversing and Patching .NET Binaries with Embedded References”

Continue reading
Events

Industrial IoT Overview & Case Studies

Stefan and I had the pleasure of joining a one-day closed workshop on Industrial IoT Security. As always, we ended up with plenty of new research ideas and great contacts. We hope of course to post on follow-up research, but in this short post we quickly want to publish our slides which contain our input for the workshop. We mainly presented on IT security challenges for modern IIoT environments and presented some case studies for successful hardening/protection of IIoT environments as well as security in IIoT product development.

You can find our slides here.

Continue reading
Misc

Security Advisory for VMware vRealize Automation Center

During a recent customer project we identified several vulnerabilities in the VMware vRealize Automation Center such as a DOM-based cross-site scripting and a missing renewal of session tokens during the login. The vulnerabilities have been disclosed to VMware on November 20th, 2017. A security advisory for the vulnerabilities has been made available here on April 12th, 2018. Continue reading “Security Advisory for VMware vRealize Automation Center”

Continue reading
Events

#TR18 Active Directory Security Track, Part 1

This is the first post discussing talks of the Active Directory Security Track of this year’s Troopers which took place last week in Heidelberg (like in the last nine years ;-). It featured, amongst others, a new track focused on Microsoft AD and its security properties & implications. This was the agenda.

Continue reading “#TR18 Active Directory Security Track, Part 1”

Continue reading