Bold Statements
At the end of last week I had the pleasure to visit the CSA Summit CEE and the Bsides Event in Ljubljana.
At CSA, I was talking about hypervisors, breakouts and an overview of security measures to protect the host. (Slides)
This ranged from the basic features some hypervisors provide out of the box to advanced features like SELinux, device domain models and XSM-FLASK. Continue reading “CSA Summit CEE and BSides Ljubljana 2017”
Last year I encountered a slight variation of an internal port scan vulnerability for the CrystalReports component of SAP Business Objects. The original vulnerability was presented and disclosed by rapid7 in the talk “Hacking SAP Business Objects”. The corresponding slides can be found here. Continue reading “Information About SAP Security Note 2336795”
Continue readingIn the recent post on the IPv6 properties of the latest MS Windows versions I announced another one providing details on the RFC 6980 related testing I had performed. So here we go.
When doing IPv6 security testing there’s mainly four toolkits which can be used: Continue reading “Testing RFC 6980 Implementations with Chiron”
Continue readingLast week we gave a talk at the very first 31c0n in Auckland, New Zealand. The talk focused mainly on the methodology that we use to assess security products.
More specifically, this methodology consists of 7 steps Continue reading “31c0n 2017 in Auckland, New Zealand”
Continue readingThe event of the events is getting closer and again, we are very optimistic to have a lot of awesome trainings, talks, evening events, and discussions. But we again will also have some “features” and gimmicks for those of you who would like to play with new, old, or just interesting technologies. As you might remember, since some years one of these features is and again will be our own GSM Network. As we are improving our setup from year to year, this time we’d like to give you the chance to actively participate with ideas and your own services. Continue reading “Troopers17 GSM Network – How about your own SMPP Service?”
Continue readingI’m a big fan of Chris Gates’ publications on DevOops and From Low to Pwned. The content reflects a lot of issues that we also experience in many assessments in general and assessments in agile environments in particular. In addition, we were supporting several projects recently that were organized in an agile way. In this post, I want to summarize some thoughts on how security work can/should be integrated into agile projects. Continue reading “Agile Development & Security”
Continue readingExactly one week ago I noticed an “urgent” tweet from Tavis Ormandy to get in contact with the Cloudflare team.
Normally when a tweet like this appears from Tavis, something is horribly broken. Well, today we know the background of this tweet as the bug tracker issue went public and it exposed quite a bug from Cloudflare. Continue reading “Cloudflare Incident #Cloudbleed”
IP Multimedia Subsystem (IMS) offers many multimedia services to any IP-based access network, such as LTE or DSL. In addition to VoLTE, IMS adds service provider flexibility, better QoS and charging control to the 4th generation of mobile networks. IMS exchanges SIP messages with its users or other IMS and usually these communications are secured by TLS or IPSec. But if an attacker manages to break the confidentiality and the integrity with IMS, he would find it vulnerable to several attacks. Continue reading “Exploitation of IMS in absence of confidentiality and integrity protection”
Continue reading“Lockpicking in the IoT, …or why adding BTLE to a device sometimes isn’t smart at all” by Ray was one of my favourite talks, as it beautifully showed many different attack vectors as well as giving a nice guide for getting started in this area. Continue reading “Summary of “Lockpicking in the IoT” at 33C3”
Continue readingThis was one of the few technical talks at 33c3 I managed to see, by that I mean live-stream during an access control shift, by Clémentine Maurice and Moritz Lipp.
The talk gave an overview of some already known possible information leaks by abusing certain x86 instructions(the same concept applies to ARM too though) and demonstrating the various ways an attacker could use them. Continue reading “33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?”
Continue reading