Breaking
by Prof. Dr.-Ing. Andreas Dewald

FireEye Security Bug: Connection to physical host and adjacent network possible during analysis in Live-Mode

We recently identified a security issue in FireEye AX 5400, that also affected other products. We responsibly disclosed the bug to FireEye and a fix that addresses the issue has been released with version 7.7.7. The fix was also merged into the common core and is available as 8.0.1 for other products (i.e. FireEye EX).

The related release notes can be found here:

FireEye announced to post a 2017 Q3 notice with credit to us, too.

Continue reading “FireEye Security Bug: Connection to physical host and adjacent network possible during analysis in Live-Mode”

Continue reading
Events
by Frank Block

DFRWS USA 2017

As mentioned in my last blogpost, I had the pleasure to participate in this years DFRWS USA and present our paper. The paper and presentation can be freely viewed and downloaded here or here. Note that there is also an extended version of the paper, which can be downloaded here.

The keepassx, zsh and heap analysis plugins are now also part of the Rekall release candidate 1.7.0RC1, so it’s easier to get started.

The conference had some great talks and workshops, which I’m going to briefly sum up.
Continue reading “DFRWS USA 2017”

Continue reading
Events
by Niklaus Schiess

11th USENIX Workshop on Offensive Technologies (WOOT17)

The 11th USENIX Workshop on Offensive Technologies (WOOT17) took place the last two days in Vancouver. Some colleagues and I had the chance to attend and enjoy the presentations of all accepted papers of this rather small, single-track co-located USENIX event. Unfortunately, the talks have not been recorded. However, all the papers should be available on the website. It’s worth taking a look at all of the papers, but these are some presentations that we’ve enjoyed: Continue reading “11th USENIX Workshop on Offensive Technologies (WOOT17)”

Continue reading
Building
by Jann Foehringer

A Life Without Vendors Binary Blobs

This blogpost will be about my first steps with coreboot and libreboot and a life with as few proprietary firmware blobs as possible. My main motivation were the latest headlines about fancy firmware things like Intel ME, Computrace and UEFI backdoors. This post is not intended to be about a as much as possible hardened system or about coreboot/libreboot being more secure, but rather to be able to look into every part of software running on that system if you want to.

I first got curious about coreboot and libreboot at the 33C3 (Bootstraping a slightly more secure laptop). Then I searched for some old retired hardware at ERNW which I could flash coreboot to and found an old Thinkpad X61. Finding the X60 as officially supported hardware on the libreboot homepage, I have read through the libreboot and coreboot manuals to learn about the main coreboot part and it’s several payloads. Continue reading “A Life Without Vendors Binary Blobs”

Continue reading
Building
by Christopher Werny

IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited

As you may know, we published a whitepaper discussing the behavior of different operating systems once they receive IPv6 configuration parameters from different sources two years ago. At that time, the results were quite a mess. We were curious whether the situation is still so “dire” like two years ago. We fired up the lab, updated the tested operating systems and performed the tests again. Continue reading “IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited”

Continue reading
Building
by Frank Block

Release of Glibc Heap Analysis Plugins for Rekall

I’m happy to announce the release of several Glibc heap analysis plugins (for Linux), resp. plugins to gather information from keepassx and zsh, which are now included in the Rekall Memory Forensic Framework. This blogpost will demonstrate these plugins and explain how they can be used. More detailed information, including real world scenarios, will be released after the talk at this years DFRWS USA.

Continue reading “Release of Glibc Heap Analysis Plugins for Rekall”

Continue reading
Misc
by Enno Rey

Local Packet Filtering with IPv6

Just recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).

Continue reading “Local Packet Filtering with IPv6”

Continue reading
Misc
by Christoph Klaaßen

GDPR and Pseudonymisation – Easing the Pain of Regulation

27 April 2016 marked a turning point for a lot of countries as well as a lot businesses worldwide: EU regulation 2016/679 (going by it’s more widely known name General Data Protection Regulation and abbreviated GDPR) was adopted by the European Parliament, the Council as well as the Commission [1]. Especially readers from countries outside of the EU might ask “Why should this be of interest for me?”. Continue reading “GDPR and Pseudonymisation – Easing the Pain of Regulation”

Continue reading