After a couple of years in pentesting Telco Networks, I’d like to give you some insight into our pentesting methodology and setup we are using for testing “Mobile and Telecommunication Devices”. I am not talking about pentesting professional providers’ equipment (as in previous blogposts), it is about pentesting of devices that have a modem in place like a lot of IoT devices (you know about the fridge having a GSM Modem, right?) do.
Continue reading “Some Notes on Utilizing Telco Networks for Penetration Tests”
WPAD Name Collision Vulnerability (TA16-144A)
Yesterday the US-CERT released a Technical Alert (TA16-144A) about the recently found WPAD Name Collision Vulnerability. We will give you a summary about the vulnerability as well as the basic mechanisms here.
Continue reading “WPAD Name Collision Vulnerability (TA16-144A)”
Continue readingBMC BladeLogic Vulnerabilities PoCs
Hi everyone!
A quick update: earlier in our blog we released BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543 vulnerabilities. Now the exploits are also available in our github if you want to check your systems š
Have a nice week,
Olga
Introduction of a new hardware guy
Hi folks!
We couldn’t be more proud to welcome such a predestined #1 hardware hacking victim, than VICTor is!
Before Brian and I gave a lecture on hardware hacking last week at DHBW Mosbach, we felt, that we needed a custom victim which is fully documented and provides a good “hackability” to the students.
Surely we could also have used some cheap $wifi_ap, but here’s the thing: Would you really want to use a device which you don’t really know? Mostly, there’s a massive lack of documentation regarding the SoCs used…not to mention the unavailability of schematics and layouts.
As we wanted to teach students the basics of hardware hacking effectively, we decided to create something by ourselves.
Continue reading “Introduction of a new hardware guy”
Continue readingReview about the System and Security Info iOS App from SektionEins GmbH
Dear readers of Insinuator,
Today I want to give a little review about the latest app released by SektionEins called “System and Security Info” due to its recent media appearance. So first of all the app can be obtained via the Apple App store for 0,99ā¬ at the time this article was written. This article will try to answer two basic questions: for whom (or āwhich groups of peopleā) is this app helpful, and which security features does this app actually has. The design of the app is straight forward and pretty minimalistic with a clean and modern design. The first page of the Application called “Overview” provides nothing more than the current CPU usage of the device, with detailed subdivision in User, Idle, Total and Load. The next section provides an overview about the used RAM divided into Wire, Active RAM usage, Inactive RAM usage, “other”, free and the total amount of the deviceās ram. The next option shows the used and unused part of the devices available storage, with “used”, “free” and total amount of space. While these features can be handled with several other (free and open source) applications I won’t write a comment wether it Ā these components make sense. Continue reading “Review about the System and Security Info iOS App from SektionEins GmbH”
Continue readingBecause of Cyber – A Recap
Troopers16 has been over for quite a while now, but because sharing is caring, we would like to give you some more insight and share some gems that happened over the 2 days of us running a small/medium sized enterprise in mid-west Russia as part of the well received FishBowl side story.
Hell Yeah, show me
How āsecurityā black boxes might corrupt your investment
Usually Iām not the kind of guy who talks about such economic topics. Because Iām an engineer / security researcher who is exclusively concerned with understanding technical problems and if possible, solving them accordingly. My whole education is based on this and contains predominantly technical aspects of information security. This sometimes makes it difficult to understand what the market cares about (and why some products are being developed / exist on the market š ). Nevertheless, a current engagement for one of our customers made me stumble upon such a product.
We were involved in a test where a security appliance (a black box š ) played the core role. As you might know, the test procedure generally depends on the security question to be answered. In this case the question to be answered was, whether the black box provides the promised information security benefit. More specifically, we took a look at the environment / infrastructure, the protocols and the systems around it and checked if the black box does its magic. So the black box itself wasn’t in direct focus of the test. We were quite amazed about the blind trust the product received (but what else can one do, but trust the device they have already purchased ;-)? You can analyze it and that is what we did. Continue reading “How āsecurityā black boxes might corrupt your investment”
Continue readingA Trip to Hannover Messe
Once every few years I decide to head to Hannover and attend Hannover Messe, probably the largest industrial trade fair in Germany and apparently on of the most important in the world. As this year’s main topic was “Industrie 4.0” I simply could not resist to go out on a hunt for new and interesting (secure) smart connected magic! And trust me, I was not disappointed – here’s a few of my impressions.
Continue reading “A Trip to Hannover Messe”
Continue readingSAP Security @ Troopers16
When it comes to SAP, Troopers has two events that are about Security in SAP Systems in particular. On the first day of the Troopers16 Trainings the BIZEC workshop takes place. The second event is a dedicated SAP track during the conference. Apart from these events there were of course a lot of nice folks to talk to (about SAP) š This post is a short overview about SAP security @ TROOPERS16.
Continue reading “SAP Security @ Troopers16”
Continue readingInfiltrate and Syscan 360
Hi everyone,
I spent the last weeks traveling to SingaporeĀ and MiamiĀ to present my Xenpwn research about double fetch vulnerabilities in paravirtualized devices at Infiltrate and Syscan360. You can find my slides here. Both conferences had great organization, very technical talks and a cool audience. In the following I want to give a short recap of some of the talks I liked the most:
Continue reading “Infiltrate and Syscan 360”
Continue reading