Insinuator.net – Page 37 – Bold Statements

April 11, 2016 by Niklaus Schiess

Discover the Unknown: Analyzing an IoT Device

This blog post will give a brief overview about how a simple IoT device can be assessed. It will show a basic methodology, what tools can be used for different tasks and how to solve problems that may arise during analyses. It is aimed at readers that are interested in how such a device can be assessed, those with general interest in reverse engineering or the ones who just want to see how to technically approach an unknown device.

This post will most likely not cover any vulnerabilities per se. However, it outlines weaknesses which affect a wide range of IoT devices so various aspects are applicable to other devices and scenarios.

Continue reading “Discover the Unknown: Analyzing an IoT Device”

Events

April 8, 2016 by Prof. Dr.-Ing. Andreas Dewald

Summary GI Sicherheit

This is a short summary of selected talks (i.e. those that I found the most interesting of those I was able to personally attend) of the GI Sicherheit 2016.

First of all, congratulations to Dr. Fabian Yamaguchi, who received an award (the GI Promotionspreis) for his PhD thesis “Pattern-Based Vulnerability Discovery“!
His work presents an “approach for identifying vulnerabilities which combines techniques from static analysis, machine learning, and graph mining to augment the analyst’s abilities rather than trying to replace her” by identifying and highlighting patterns of potential vulnerabilities in source code.
Continue reading “Summary GI Sicherheit”

Events

April 7, 2016 by Hendrik Schmidt

TSD 2016 – Follow Up

Thanks again for all the great talks and fruitful discussions @TSD 2016! I hope everybody had a safe trip home and enjoyed Troopers as we did. In the meantime I contacted all speakers to talk about publication of their slidesets. Some of them agreed (or already published them on their own) so I’d like to share these with you:
Continue reading “TSD 2016 – Follow Up”

Events

April 7, 2016 by Christoph Klaaßen

Unpatchable – Living with a vulnerable implanted device

TL;DR: Marie Moe talked about security issues of medical devices, especially implantable devices like pacemakers, but not in overwhelming technological depth. She wanted to point out the necessity of intensified security research in the field of medical devices as vendors and medical personnel seem to be lacking necessary awareness of security of devices, interfaces, services, and even data privacy.”Get involved, join the cavalry” was her core message. Continue reading “Unpatchable – Living with a vulnerable implanted device”

Events

April 6, 2016 by Olga Yanushkevich

Security Assessment of Microsoft DirectAccess

A talk about DirectAccess (an IPv6-only VPN solution) was given by our colleague Ali Hardudi during IPv6 summit. Ali has recently finished his master thesis on this topic.
Continue reading “Security Assessment of Microsoft DirectAccess”

Events

April 5, 2016 by Jan Kwiotek

Passive Intelligence Gathering and Analytics – It’s all Just Metadata!

The first talk after the keynote on day 2 of TROOPERS was from Christopher Truncer about passive intelligence gathering and the analytics of that. Christopher Truncer (@ChrisTruncer) is a red teamer with Mandiant. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Continue reading “Passive Intelligence Gathering and Analytics – It’s all Just Metadata!”

Events

April 5, 2016 by Jan Kwiotek

The Kings in your Castle

At the second day of the TROOPERS16 conference an interesting talk about Advanced Persistent Threats took place from Marion Marschalek and Raphaël Vinot. Marion Marschalek is a Security Researcher, focusing on the analysis of emerging threats and exploring novel methods of threat detection. Marion started her career within the anti-virus industry and also worked on advanced threat protection systems where she built a thorough understanding of how threats and protection systems work and how both occasionally fail. Continue reading “The Kings in your Castle”

Events

April 5, 2016 by Olga Yanushkevich

Anonymization IPv6 in PCAPs – Challenges and Wins

Jasper Bongertz is a Senior Technical Consultant at Airbus Defence and Space CyberSecurity. He is focusing on IT security, Incident Response and Network Forensics.
During the IPv6 summit on Troopers16 he had given a talk on anonymization IPv6 in PCAPs and presented his new tool.
Continue reading “Anonymization IPv6 in PCAPs – Challenges and Wins”

Building

April 4, 2016 by Enno Rey

draft-vyncke-pim-mld-security

Right now, I’m in Buenos Aires for IETF95 where, amongst others, an Internet-Draft authored by Eric Vyncke, Antonios Atlasis and myself will be presented (and hopefully discussed) in two working groups. In the following I want to quickly lay out why we think this is an important contribution.

Continue reading “draft-vyncke-pim-mld-security”

Events

April 3, 2016 by Olga Yanushkevich

Advanced IPv6 Network Reconnaissance

Fernando Gont, who is specializing in the field of communications protocols security, gave a talk during this year’s Troopers IPv6 summit. He spoke about network reconnaissance techniques in IPv6 area and presented a brand new set of tools for this purpose.
Continue reading “Advanced IPv6 Network Reconnaissance”