Building

A Life Without Vendors Binary Blobs

This blogpost will be about my first steps with coreboot and libreboot and a life with as few proprietary firmware blobs as possible. My main motivation were the latest headlines about fancy firmware things like Intel ME, Computrace and UEFI backdoors. This post is not intended to be about a as much as possible hardened system or about coreboot/libreboot being more secure, but rather to be able to look into every part of software running on that system if you want to.

I first got curious about coreboot and libreboot at the 33C3 (Bootstraping a slightly more secure laptop). Then I searched for some old retired hardware at ERNW which I could flash coreboot to and found an old Thinkpad X61. Finding the X60 as officially supported hardware on the libreboot homepage, I have read through the libreboot and coreboot manuals to learn about the main coreboot part and it’s several payloads. Continue reading “A Life Without Vendors Binary Blobs”

Continue reading
Building

IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited

As you may know, we published a whitepaper discussing the behavior of different operating systems once they receive IPv6 configuration parameters from different sources two years ago. At that time, the results were quite a mess. We were curious whether the situation is still so “dire” like two years ago. We fired up the lab, updated the tested operating systems and performed the tests again. Continue reading “IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited”

Continue reading
Building

Release of Glibc Heap Analysis Plugins for Rekall

I’m happy to announce the release of several Glibc heap analysis plugins (for Linux), resp. plugins to gather information from keepassx and zsh, which are now included in the Rekall Memory Forensic Framework. This blogpost will demonstrate these plugins and explain how they can be used. More detailed information, including real world scenarios, will be released after the talk at this years DFRWS USA.

Continue reading “Release of Glibc Heap Analysis Plugins for Rekall”

Continue reading
Misc

Local Packet Filtering with IPv6

Just recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).

Continue reading “Local Packet Filtering with IPv6”

Continue reading
Misc

GDPR and Pseudonymisation – Easing the Pain of Regulation

27 April 2016 marked a turning point for a lot of countries as well as a lot businesses worldwide: EU regulation 2016/679 (going by it’s more widely known name General Data Protection Regulation and abbreviated GDPR) was adopted by the European Parliament, the Council as well as the Commission [1]. Especially readers from countries outside of the EU might ask “Why should this be of interest for me?”. Continue reading “GDPR and Pseudonymisation – Easing the Pain of Regulation”

Continue reading
Events

17. Gulaschprogrammiernacht

Over one of the recent long weekends I attended the 17th “Gulaschprogrammiernacht”, or “GPN17” for short, in Karlsruhe, the largest CCC Event after the Chaos Communication Congress with roughly a thousand attendees. The name literally translates to “goulash programming night”, which makes about as much sense as the German version. Despite the name it lasted from Thursday to Sunday, had a much wider scope than just coding and offered various other (incl. vegan) dishes besides goulash. As an active member of the CCC community I planned on attending it anyway, but submitted my talk about Automated Binary Analysis in case there was interest. I didn’t anticipate that much interest given that it was a fairly theoretical IT-Security topic at an event that was not focused on IT-Security, but nonetheless the hall was filled with people from various backgrounds like math, formal verification and software optimization. The talk was an improved version of the one I gave at Bsides Ljubljana, incorporating feedback I received and new things I had learned since then. The English slides are available here, the recording of the talk in German can be found here.

Continue reading “17. Gulaschprogrammiernacht”

Continue reading
Events

DevOps, Continuous Deployment & Agile Security September 7, 2017

The following post is in German as it is covering an Event with German as the main language.


INSIGHT SUMMIT 2017 präsentiert DevOps, Continuous Deployment & Agile Security

Inspiriert durch die erfolgreichen Round Table Session der TROOPERS freuen wir uns Ihnen heute mit dem AgileSecurity Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.

Die Veranstaltung beginnt am Morgen mit einer Keynote, gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus der Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round-Table Sessions teilnehmen. In den Round-Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert. Continue reading “DevOps, Continuous Deployment & Agile Security September 7, 2017”

Continue reading
Events

Docker Security & (Sec) DevOps Training July 19-20th

The following post is in German as it is covering a Training with German as the main language.


Professionelles Training im Workshop Character:
Docker, Microservices, Kubernetes, DevOps, Continuous
Integration/Deployment/Delivery (CI/CD), Container – moderne
Entwicklungsprozesse kommen nicht mehr ohne diese Begriffe aus. In diesem Kurs
lernen Sie die Security Grundlagen um diese Dinge zu beherschen.

Docker Security & (Sec) DevOps Training:
Im Training werden unter Anderem die folgenden Fragestellungen behandelt:

  • Wie stark/zuverlässig sind die Isolationsmechanismen hinter Docker/Linux/Betriebssystem-Containern?
  • Wie beeinflussen Container typische Applikations- und Netzwerk-Landschaften?
  • Wie beeinflussen die CI/CD/Microservice Paradigmen traditionelle Entwicklungsprozesse?
  • Wie sieht eine typische CI/CD Pipeline aus?
  • Was sind potentielle Schnittstellen zwischen „Security“ und diesen Paradigmen?
  • Welche zusätzlichen Security-Herausforderungen ergeben sich aus der veränderten Entwicklungslandschaft und neuen Tool-Chains?

Continue reading “Docker Security & (Sec) DevOps Training July 19-20th”

Continue reading