Events

Patch Me If You Can

Right after the Opening Keynote of TROOPERS16, an informative and interesting talk took place at the SAP Security track. This talk was given by three speakers; Damian Poddebniak who is currently a master student at the University of Applied Sciences of Münster, Sebastian Schinzel who works as an IT security Professor at the University of Applied Sciences of Münster and he is also the founder of CycleSEC GmbH and finally the sixth-time speaker at Troopers “Andreas Wiegenstein” who is the CTO of Virtual Forge GmbH and a professional SAP security consultant since 2003. Continue reading “Patch Me If You Can”

Continue reading
Events

Tools for Troubleshooting and Monitoring IPv6 Networks

Yet another interesting 180-minute workshop in IPv6 Security Summit of TROOPERS16, which aimed to introduce the IPv6 troubleshooting and monitoring tools, which are essentially needed by users in order to know how to deal with IPv6 in any IPv6-enabled network.

Before we dive into this post, let me introduce you in few words “Gabriel Müller” the speaker and the instructor of this workshop. Gabriel works as a senior consultant at AWK Group by mainly assisting clients in the public and private sectors as a project manager and an expert in the network area.

Continue reading “Tools for Troubleshooting and Monitoring IPv6 Networks”

Continue reading
Events

The road to secure Smart Cars: ENISA approach

At TROOPERS16, Dr. Cédric LÉVY-BENCHETON an expert in cyber security at ENISA, the European Union Agency for Network and Information Security. Dr. Cédric LÉVY-BENCHETON  holds a presentation about cyber security of IoT (Internet of Things) and smart cars he presents the current threats in IoT and Smart cars. ENISA is an agency of the European Union. ENISA assists the Commission, the Member States and, the business community in meeting the requirements of network and information security. Continue reading “The road to secure Smart Cars: ENISA approach”

Continue reading
Events

QNX: 99 Problems but a Microkernel ain’t one!

The talk “QNX: 99 Problems but a Microkernel ain’t one!” was part of the Troopers conference in Heidelberg, 16 March 2016. The talk was done by the researchers Alex Plaskett and Georgi Geshev from the MWR Labs. The MWR Labs is the research department of the cyber security consultancy MWR InfoSecurity located in the UK.
 
The talk provided an overview of the research on the architecture and security systems of the QNX kernel with focus on the Blackberry 10 operating system. The talk was divided into two parts. First Alex Plaskett gave an introduction regarding the general structure of the QNX operation system and introduced the main subsystems. Second Georgi Geshev presented tools and approaches to abuse vulnerabilities in the QNX system.
Continue reading “QNX: 99 Problems but a Microkernel ain’t one!”

Continue reading
Events

unrubby: reversing without reversing

The talk “unrubby: reversing without reversing” was part of the Troopers conference in Heidelberg, 16 March 2016. The talk was done by Richo Healey, who is currently working on the security engineering team at the Irish payment company Stripe. Richo Healey is an experienced conference speaker. Amongst other he has spoken at Kiwicon, DEF CON and 44con.
 
In his talk Richo Healey spoke about reverse engineering of Ruby software. First he talked about existing tools and techniques to regenerate source code from Ruby bytecode. Then he presented a new concept, which is implemented in his tool “unrubby”.

Continue reading “unrubby: reversing without reversing”

Continue reading
Events

Imma Chargin Mah Lazer-How to protect against (D)DoS attacks

Denial of Service (DoS) attacks aim to make services and systems unavailable to legitimate users . If these attacks are performed by multiple sources at the same time and for the same target, they are called Distributed Denial of Service (DDoS) attacks. This talk “Imma Chargin Mah Lazer” describes different types of (D)DoS attacks that are out in the wild and are seen on a daily basis by different corporations. Furthermore,  a multi-layered strategy to mitigate such kinds of attacks has been presented within the talk. The speaker is Dr. Oliver Matula, an IT security researcher at ERNW who holds a PHD degree in physics. He presented the topic in a simple way which eases the delivery of information to audience of different technical levels and backgrounds.

Continue reading “Imma Chargin Mah Lazer-How to protect against (D)DoS attacks”

Continue reading
Events

Reverse Engineering a Digital Two-Way Radio

In their talk “Reverse Engineering a Digital Two Way Radio” Travis Goodspeed and Christiane Ruetten presented the challenges they faced and overcame while reverse engineering “Tytera MD380”, a handheld transceiver for the Digital Mobile Radio (DMR) protocol.

“Tytera MD380” is based around two chips: STM32F405 CPU with an ARM Cortex M4F core and Readout Device Protection and a HRC5000 baseband processor which implements the actual digital radio. While STM32F405 is fully documented, there is no documentation for HRC5000 publicly available but with the help of the Chinese community they were able to obtain the Chinese documentation.

Continue reading “Reverse Engineering a Digital Two-Way Radio”

Continue reading