Insinuator.net – Page 40 – Bold Statements

March 29, 2016 by Niki Vonderwell

IPv6 Security Summit – Track 2

The Troopers experience will never be the same without the “IPv6 summit”. It is one of kind of two-day special event where different security experts gather to discuss IPv6 current challenges. It addresses different topics ranging from a broad introduction of the IPv6 to how secure the protocol is and what the latest standards are.

The summit is divided into 2 different tracks that run simultaneously. For the first day on the second track, Christopher Werny and Rafael Schaefer have carried out the first three sessions. Continue reading “IPv6 Security Summit – Track 2”

Building

March 29, 2016 by Brian Butterly

Troopers 16 USB Condom

At times with many many digitally transmittable diseases, protection might be more important than ever. When connecting your smartphone to a rogue charger, or a foreign smartphone to your own laptop, you never now what will happen. You never know what data crosses the lines. But there is help: A USB condom!

Continue reading “Troopers 16 USB Condom”

Events

March 28, 2016 by Birk Kauer

Attacking Next-Generation Firewalls

Felix Wilhelm presented in his talk various ways to attack his new target – The PA-500 which is produced by Palo Alto Networks.

He discovered vulnerabilities in 3 different exposed aspects of the device. The first vulnerability occurred inside of an unauthenticated API from the Management-Website which could only be accessed within the Admin Network. This vulnerability was a typical off-by-one Command Injection, which could be abused by reaching out to the API with a special client=wget Request.

Continue reading “Attacking Next-Generation Firewalls”

Events

March 28, 2016 by Niki Vonderwell

The Joy of Sandbox Mitigations

This year at TROOPERS16 in Heidelberg we welcomed James Forshaw for his talk about “The Joy of Sandbox Mitigations“.

He is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he has numerous disclosures in a wide range of products from web browsers to virtual machine breakouts as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. Continue reading “The Joy of Sandbox Mitigations”

Events

March 28, 2016 by Patrik Fehrenbach

Security Evaluation of Dual-Stack Systems [Troopers 2016 recap] (Part 1)

Dear Readers of Insinuator,

tldr;This blogpost presents a measurement study of a current security state regarding to open ports on a direct comparison of IPv4 and IPv6. The study analyses almost 58,000 dual-stacked domains in order to find discrepancies in applied security policies. We further discuss the potential reasons and, more importantly, the implications of the identified differences. \tldr;

For those of you who couldn’t participate at Troopers Conference 2016 in Heidelberg or watch my talk at the IPv6 Security Summit, I want to recap some of the most important parts of my research in this blogpost.

Continue reading “Security Evaluation of Dual-Stack Systems [Troopers 2016 recap] (Part 1)”

Events

March 28, 2016 by Niki Vonderwell

SDR and non-SDR tools for reverse engineering wireless systems

Hey there!
The God of frequencies Michael Ossmann visited us again this year at the TROOPERS16 and showed us how to break another device using a specific setup.

Last time he introduced the HackRF One to us (Read here:https://www.insinuator.net/2014/08/hackrf-one-the-story-continues/), but this post is a short summary of his talk about “Rapid Radio Reversing”, he is a wireless security researcher, who makes hardware for hackers. Best known for the HackRF, Ubertooth, and Daisho projects, he founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.

Continue reading “SDR and non-SDR tools for reverse engineering wireless systems”

Events

March 25, 2016 by Christopher Werny

Reflections on the IPv6-only WiFi Experience during Troopers

Hello,

Troopers is (unfortunately) over. It was a blast (but I may be biased ;-))! After things have settled, I want to take the opportunity to reflect my thoughts and impressions on the IPv6-only WiFi we had deployed during the conference. To make sure that everybody is on the same page let’s start at the beginning.

In the last couple of years we had provided Dual-Stack connectivity on the main “Troopers” SSID but also had an additional IPv6-only SSID. This year we decided to spice things up and made the “Troopers“ SSID IPv6-only (with NAT64) while providing Dual-Stack connectivity on the “Legacy“ SSID. We wanted to get a feeling how many clients and applications can work properly in an IPv6-only environment. We intentionally didn’t announce it vastly beforehand, hoping that attendees would just connect to the main SSID without noticing anything. We were aware that some applications might expose issues but, as I said , we wanted to get a feeling to which degree problems actually occured. Continue reading “Reflections on the IPv6-only WiFi Experience during Troopers”

Breaking

March 23, 2016 by Timo Schmid

Classic Web Vulns Found in Google Search Appliance 7.4

Hi all,

I’ve recently found some sort of classic web vulnerabilities in the Google Search Appliance (GSA) and as they are now fixed [0][1][2], I’d like to share them with you.

First of all, some infrastructure details about the GSA itself. The GSA is used by companies to apply the Google search algorithms to their internal documents without publishing them to cloud providers. To accomplish this task, the GSA provides multiple interfaces including a search interface, an administrative interface and multiple interfaces to index the organization’s data. Continue reading “Classic Web Vulns Found in Google Search Appliance 7.4”

Events

March 20, 2016 by Brian Butterly

Troopers 16 – Taking the Badge to yet Another Level!

Real men used to wear pink pagers, but that’s the past and recently it was time for Troopers 16. Meaning: Real Troopers wear awesome Badges! And, from the feedback we got, they did!
Troopers might be over, but the era of the TR16 Badge is seemingly just beginning. As such, here’s a quick insight into the badge!

Continue reading “Troopers 16 – Taking the Badge to yet Another Level!”

Events

March 16, 2016 by Hendrik Schmidt

Troopers16 – GSM Network

Hello Troopers!

only a few seconds left! As a short reminder, there is a GSM network running on Troopers 2016. It should be available in the whole building. To attend the network you need to

Get a SIM Card @Troopers_Desk
Put it in your phone
Start the phone

That’s it!

You can always dial *#100# to get your phone number. All further information (and a phonebook) you’ll find on gsm.troopers.de, but here again a brief summary:

gsm.troopers.de
Phonebook
Update your name in phonebook via sending your_name to 1000
Submit tokens via sending your_token to 1111 (you must register at the terminal first)

Please note, against to our announcement, there is not Internet (GPRS) yet. Due to questions and problems, please contact Kevin Redon or Hendrik Schmidt. Have fun!