Breaking

Xen XSA 155: Double fetches in paravirtualized devices

As part of my research on the security of paravirtualized devices, I reported a number of vulnerabilities to the Xen security team, which were patched today. All of them are double fetch vulnerabilities affecting the different backend components used for paravirtualized devices. While the severity and impact of these bugs varies heavily and is dependent on a lot of external factors, I would recommend patching them as soon as possible. In the rest of this blog post I’ll give a short teaser about my research with full details coming out in the first quarter of 2016 .

Continue reading “Xen XSA 155: Double fetches in paravirtualized devices”

Continue reading
Building

Developing an Enterprise IPv6 Security Strategy / Part 3: Traffic Filtering in IPv6 Networks (I)

So this is the third part of our little series on securing IPv6 in enterprise environments. In the first part we tried to develop an understanding of threats in IPv4 networks as a kind-of baseline while analyzing the main differences induced by IPv6 and in the second part we laid out protection strategies on the infrastructure level, focusing on network isolation on the routing layer. Today I’ll dive into discussing IPv6-specific filtering of network traffic.

Continue reading “Developing an Enterprise IPv6 Security Strategy / Part 3: Traffic Filtering in IPv6 Networks (I)”

Continue reading
Breaking

Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement

In this blogpost we will briefly explain a well known Syscall hooking technique (a more detailed explanation can be gathered from e.g.  http://resources.infosecinstitute.com/hooking-system-service-dispatch-table-ssdt/) used by multiple malware samples (like the laqma trojan) and right after discuss how some memory analysis tools have trouble in the analysis and/or reporting of these.
Continue reading “Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement”

Continue reading
Building

Developing an Enterprise IPv6 Security Strategy / Part 2: Network Isolation on the Routing Layer

In the first part of this series we tried to identify which risks related to network-related threats actually change when IPv6 gets deployed and hence which ones to take care of in a prioritized manner (as opposed to those which one might be tempted to [initially] disregard with a “has been there in IPv4 already and we did not address it then, why now?” stance). Let’s assume we went through this step and, for those most relevant risks we identified, we want to come up with infrastructure level controls first, before tackling controls to be deployed on the host level (as in many organizations the sysowners of “hosts” like servers in datacenters tend to expect “the network/infrastructure guys to provide the 1st layer of defense against threats”, in particular once those originate from an apparent network layer protocol, that is IPv6).

Continue reading “Developing an Enterprise IPv6 Security Strategy / Part 2: Network Isolation on the Routing Layer”

Continue reading
Building

Developing an Enterprise IPv6 Security Strategy / Part 1: Baseline Analysis of IPv4 Network Security

We’ve been involved in some activities in this space recently and I thought it could be a good idea to share a couple of things we’ve discussed & displayed. Furthermore some time ago – in the Is IPv6 more Secure than IPv4? Or Less? post – I announced to come up with (something like) an “IPv6 threats & controls catalogue” at some point… so here we go: in an upcoming series of a few blogposts I will lay out some typical elements of an “Enterprise IPv6 Security Strategy” incl. several technical pieces (and I plan to give a talk on the exact topic at next year’s IPv6 Security Summit).

Continue reading “Developing an Enterprise IPv6 Security Strategy / Part 1: Baseline Analysis of IPv4 Network Security”

Continue reading
Events

Welcome to Brazil!

Welcome to Brazil!

“Welcome to Brazil”, I think, turned to being the most used statement during the past Hackers to Hackers Conference in Sao Paulo. It was used as the main reaction to every speech taking moment, and there were a lot of those! To honor the moments and give you a quick insight into was what going on in Sao Paulo, here is a quick summary of the overall event and our own contribution.

Continue reading “Welcome to Brazil!”

Continue reading
Events

DENOG7

Hi everyone,

we (Christopher, Jan-Pascal and me) had the pleasure to join the 7th DENOG (German Network Operators Group) meeting in Darmstadt which takes place yearly in autumn. For the first time the meeting was scheduled for two days which offered more time for talks and discussions than the previous meetings. The concept of DENOG is to meet, talk, discuss and share experience with the network operator community in Germany.  Continue reading “DENOG7”

Continue reading