We just published my Whitepaper about First Steps, Preparation Plans, and Process Models for Incident Handling, that I wrote to pass the time between Christmas and New Year. The whitepaper sums up information that I consider to be useful to prepare for IT security incidents as a conclusion from the incidents in which we supported over the past year. Continue reading “White Paper on Incident Handling First Steps, Preparation Plans, and Process Models”
Continue readingIPv6 Properties of Windows Server 2016 / Windows 10
In this post we’ll take a detailed look at the properties of the Windows Server 2016 IPv6 stack.
I perform(ed) this exercise for several reasons:
Continue reading “IPv6 Properties of Windows Server 2016 / Windows 10”
Continue readingERNW at 33C3 – Part 1
This is part 1 of our report series on interesting talks of the 33rd Congress of the Chaos Computer Club. Every year the congress attracts hundreds (up to twelve thousand this year) of technical interested people with the opportunity to socialize and exchange knowledge with each other. The congress is organized by the European largest hacker association and speakers give talks about technical and societal issues like surveillance, privacy, freedom of information, data security and various more.
Talks in this part deal with CCC at schools, Wi-Fi security and the security of the N26 banking app.
Continue reading “ERNW at 33C3 – Part 1”
Continue readingTR17 Training: Hacking 101
Hi there,
Like in recent years the popular Hacking 101 workshop will take place on TROOPERS17, too! The workshop will give attendees an insight into the hacking techniques required for penetration testing. These techniques will cover various topics:
- information gathering
- network scanning
- web application hacking
- low-level exploitation
…and more!
Continue reading “TR17 Training: Hacking 101”
Continue readingCisco: Magic WebEx URL Allows Arbitrary Remote Command Execution – Project Zero
Tavis did it again[1]. As stated in the title it is possible to remotely execute commands via the Chrome extension for the popular meeting software Cisco WebEx. This post summarizes the most relevant information for you.
Continue reading “Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution – Project Zero”
Continue readingInsomni’hack pwn50 write-up
Hi all,
i´ve looked a bit at the Insomni’hack CTF which took place on the 21st January and lasted for 36 hours.
For the sake of warming up a bit for our Troopers workshop Windows and Linux Exploitation,
I decided to create a write-up of the first pwn50 challenge.
To grab your own copy of the presented files you can also find it in our Github repository:
Continue reading “Insomni’hack pwn50 write-up”
Continue readingFirst dedicated Forensic Computing Training at TR17
I am looking forward to our newly introduced dedicated Forensic Computing Training at TR17!
We will start the first day with a detailed background briefing about Forensic Computing as a Forensic Science, Digital Evidence, and the Chain of Custody. The rest of the workshop we will follow the Order of Volatility starting with the analysis of persistent storage using file system internals and carving, as well as RAID reassembly with lots of hands-on case studies using open source tools. As a next step, we will smell the smoking gun in live forensics exercises. Depending on your preferences we will then dig a bit into memory forensics and network forensics. Continue reading “First dedicated Forensic Computing Training at TR17”
TR17 Training: Crypto attacks and defenses
This is a guest blog written by Jean-Philippe Aumasson & Philipp Jovanovic about their upcoming TROOPERS17 training: Crypto attacks and defenses.
The 1-day training from last TROOPERS has become a 2-day training, featuring even more real-world attacks and defenses as well as new hands-on sessions! We’ll teach you, step by step, how to spot and exploit crypto vulnerabilities, how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications), and bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto. Continue reading “TR17 Training: Crypto attacks and defenses”
Continue readingTelcoSecDay 2017 – 2nd Round of Talks
Hello and a Happy new Year!
There are only two and a half months left, so I’d like to publish the next two talks for TelcoSecDay 2017, taking place at 21st of March in Heidelberg. Both talks are about the security of an upcoming technology which importance will raise in near future: 5G Networks.
Continue reading “TelcoSecDay 2017 – 2nd Round of Talks”
Woolim – Lifting the Fog on DPRK’s Latest Tablet PC
Niklaus, Manuel and me had a great time speaking about one of the latest Tablet PCs from DPRK at 33C3 this year. Our work on RedStar OS from last year revealed a nasty watermarking mechanism that can be used to track the origin and distribution path of media files in North Korea. We have seen some interesting dead code in some of RedStar’s binaries that indicated a more sophisticated mechanism to control the distribution of media files. We got hands on a Tablet PC called “Ul-lim” that implemented this advanced control mechanism.
Continue reading “Woolim – Lifting the Fog on DPRK’s Latest Tablet PC”
Continue reading