Insinuator.net – Page 21 – Bold Statements

February 26, 2018 by Priya Chalakkal

TelcoSecDay 2018 – Talks Part2

We have the next set of selected talks being announced here. I am super excited about the variety of applications we had this year. Here are some of the talks we will have.

Title: From LoRa technology to deployment within Orange affiliates

Continue reading “TelcoSecDay 2018 – Talks Part2”

Building

February 23, 2018 by Michael Thumann

printf(“Hello World!”)

ERNW has a new baby, so please say “hello” to the new ERNW SecTools GmbH ;-).
But why another ERNW company? Short answer: Because we want to contribute to changing the way how software is built today: insecure, focused on profit and sometimes made by people who ignore lessons from history. So how can we contribute in this space? Start changing it ;-).

Continue reading “printf(“Hello World!”)”

Misc

February 23, 2018 by Niklaus Schiess

Creating Static Binaries for Nmap, Socat and other Tools

In various scenarios it might be helpful or even required to have a statically compiled version of Nmap available. This applies to e.g. scenarios where only limited user privileges are available and installing anything to the system might not be desirable.

Continue reading “Creating Static Binaries for Nmap, Socat and other Tools”

Events

February 16, 2018 by Michael Thumann

TLS in the Enterprise: Is Heartbleed still a Problem?

Our new workshop about TLS/SSL in the enterprise will be held for the 1st time at Troopers 2018. So I would like to take the opportunity and post a short teaser about stuff we will cover in this workshop.

Continue reading “TLS in the Enterprise: Is Heartbleed still a Problem?”

Breaking

February 15, 2018 by Niki Vonderwell

Extracting data from an EMV (Chip-And-Pin) Card with NFC technology

This is a guest blog post by Salvador Mendoza.

During years, many different researches and attacks against digital and physical payment methods have been discussed. New security techniques and methodologies such as tokenization process attempts to reduce or prevent fraudulent transactions.

Continue reading “Extracting data from an EMV (Chip-And-Pin) Card with NFC technology”

Misc

February 14, 2018 by Niki Vonderwell

White Paper on Incident Analysis and Forensics in Docker Environments

In this article, we describe the impact of the increased use of Docker in corporate environments on forensic investigations and incident analysis. Even though Docker is being used more and more (Portworx, Inc., 2017), the implications of the changed runtime environment for forensic processes and tools have barely been considered. We describe the technological basics of Docker and, based on them, outline the differences that occur with respect to digital evidence and previously used methods for evidence acquisition. Specifically, we look at digital evidence within a Docker container which are lost or need to be acquired in different ways compared to a classical virtual machine, and what new traces and opportunities arise from Docker itself.

Continue reading “White Paper on Incident Analysis and Forensics in Docker Environments”

Events

February 14, 2018 by Niki Vonderwell

Get your hands dirty playing with RFID/NFC

This is a guest blog post by Nahuel Grisolia.

The first time I’ve heard about RFID was at high school, back in 2002, when I was studying Electronics. Back in that time, this technology was like some sort of black magic to me. A few years later in 2011, our government in Argentina decided to implement a “new technology” called NFC, designed as the new and only way of payment for the use of public transport. So, I decided to understand it better, play with it, and try some hacks I heard from the cool people of the CCC.

Continue reading “Get your hands dirty playing with RFID/NFC”

Breaking

February 10, 2018 by Ahmad Abolhadid

AndroTickler: Tickling Vulnerabilities out of Android Apps

If you attack someone, they will defend themselves, but if you tickle them, they will eventually crack open. This surprisingly applies to Android apps as well! Therefore, I created AndroTickler, not to test apps against certain attacks or examine them for specific vulnerabilities, which developers would learn to avoid. However, it helps pentesters to analyze and test apps in their own style, but in a faster, easier and more flexible way. AndroTickler is a Swiss-Army-Knife pentesting tool for Android apps. It provides information gathering, static and dynamic analysis features, and also automates actions that pentesters frequently do and highly need during their pentests. In addition, it makes use of the powerful Frida to hook to the app and manipulate it in real-time.

Continue reading “AndroTickler: Tickling Vulnerabilities out of Android Apps”

Events

February 8, 2018 by Priya Chalakkal

TelcoSecDay 2018 – CFP and First talks

We have a short update from the TelcoSecDay 2018 Agenda. But before that, a short reminder. The CFP for TelcoSecDay 2018 is still open. If you are into telco research, and if you have something interesting to talk, please make a submission here. The deadline is 17th February 2018.

Continue reading “TelcoSecDay 2018 – CFP and First talks”

Introduction