Events
by Niki Vonderwell

Get your hands dirty playing with RFID/NFC

This is a guest blog post by Nahuel Grisolia.

The first time I’ve heard about RFID was at high school, back in 2002, when I was studying Electronics. Back in that time, this technology was like some sort of black magic to me. A few years later in 2011, our government in Argentina decided to implement a “new technology” called NFC, designed as the new and only way of payment for the use of public transport. So, I decided to understand it better, play with it, and try some hacks I heard from the cool people of the CCC.

Continue reading “Get your hands dirty playing with RFID/NFC”

Continue reading
Breaking
by Ahmad Abolhadid

AndroTickler: Tickling Vulnerabilities out of Android Apps

If you attack someone, they will defend themselves, but if you tickle them, they will eventually crack open. This surprisingly applies to Android apps as well! Therefore, I created AndroTickler, not to test apps against certain attacks or examine them for specific vulnerabilities, which developers would learn to avoid. However, it helps pentesters to analyze and test apps in their own style, but in a faster, easier and more flexible way. AndroTickler is a Swiss-Army-Knife pentesting tool for Android apps. It provides information gathering, static and dynamic analysis features, and also automates actions that pentesters frequently do and highly need during their pentests. In addition, it makes use of the powerful Frida to hook to the app and manipulate it in real-time.

Continue reading “AndroTickler: Tickling Vulnerabilities out of Android Apps”

Continue reading
Breaking
by Priya Chalakkal

Hacking 101 to mobile data

Here is a short blog post that explains how you can make your own Man-in-the-Middle (MitM) setup for sniffing the traffic between a SIM card and the backend server. This is NOT a new research but I hope this will help anyone who doesn’t have a telco background to get started to play with mobile data sniffing and fake base stations. This is applicable to many scenarios today as we have so many IoT devices with SIM cards in it that connects to the backend.
In this particular case, I am explaining the simplest scenario where the SIM card is working with 2G and GPRS. You can probably expect me with more articles with 3G, 4G MitM in future. But lets stick to 2G and GPRS for now.

Continue reading “Hacking 101 to mobile data”

Continue reading
Building
by Jacky Hammer

Virtualized Training Environment with Ansible

As Kai and I will be holding a TROOPERS workshop on automation with ansible, we needed a setup for the attendees to use ansible against virtual machines we set up with the necessary environment. The idea was, that every attendee has their own VMs to run ansible against, ideally including one to run ansible from, as we want to avoid setup or version incompatibilities if they set up their own ansible environment on their laptop.  Also they should only be able to talk to their own machines, thus avoiding conflicts because of accidental usage of wrong IPs or host names but also simplify the setup for the users.

Continue reading “Virtualized Training Environment with Ansible”

Continue reading
Events
by Priya Chalakkal

Yet another edition of BlackHoodie – #BlackHoodie17

I am amazed by how this years BlackHoodie unraveled. Three days that included a pre-conference of lightening talks and two parallel tracks with a total of 64 enthusiastic members. The very spirit of BlackHoodie is nothing other than the quest to gain deep knowledge. Reverse engineering is one of the hardest fields in security. It touches on all fields of computing, starting from assembly, programming, file formats, operating systems, networks and what not. This makes it hard but an extremely fulfilling experience to spend time learning it. For me, the very idea of staring at a binary till you understand what it does is a magical feeling.

Continue reading “Yet another edition of BlackHoodie – #BlackHoodie17”

Continue reading