Bold Statements
Hi,
I wrote a small python script that extracts the content from Alcatel .tim firmware files. It took some time staring at hex values, as well as a fair amount of guess work to figure out the file format.
Continue reading “An unpacker for Alcatel TiMOS images”
There has been, again, some development within the loki domain. Today I’m going to write about the latest module added to the suite, a module for decoding and cracking Cisco’s TACACS+.
Continue reading “TACACS+ module for loki”
Continue readingЗдравствуйте Insinuator Followers,
End of May eight ERNW members were travelling to Moscow (Russia) to visit the PHDays V conference. It was a very nice trip because we met a lot of gentle people, ate some great food and had quite some fun in this exciting and history-charged metropole, and we were able to get around using hands and feet (and Google translate ;-)).
The remainder of this post contains summaries of some of the most interesting talks at PHD V:
Continue reading “ERNW @PHDays V in Moscow”
Continue readingHi,
I’m back from London where I gave a talk about security evaluation of proprietary network protocols. I had a great time at InfoSecurity Intelligent Defence and BSides London, many thanks for inviting me and giving me the opportunity to speak to so much nice people.
Find the abstract and the download link to the slides after the break.
Continue reading “Advanced Security Evaluation of Network Protocols”
Continue readingScott Hogg recently (in his post “Holding IPv6 Neighbor Discovery to a Higher Standard of Security“) gave the following answer:
“The security of IPv4 is roughly equivalent to IPv6. So why do we expect more from IPv6?”
While I highly value Scott’s IPv6 expertise – not least because I learned a lot about IPv6 security from the book on the topic he wrote together with Eric Vyncke – I strongly disagree with his statement, mainly with the first part. In this post I will lay out why I think that IPv6 is actually less secure than IPv4.
Continue reading “Is IPv6 more Secure than IPv4? Or Less?”
Continue readingToday the ERNW Team participated in the Mudiator mud race in Mannheim. This mud run features 25 obstacles over 8 km, you can do either one or two rounds. Participating for the first time, the ERNW team went for one round (the Legionnaire distance as opposed to the two round Hercules distance):
Continue reading “ERNW @Mudiator”
Continue reading
The final blog in our series “Beyond the Thunderdome: A Review of TROOPERS15” focuses Exploitation & Attacking. With the last of this series we hope we you are already fired up and inspired for what lays a head during our upcoming TROOPERS16 (March 14-18, 2016)! Can’t wait to see you there!
Continue reading “Blog 5: Beyond the Thunderdome:
A Review of TROOPERS15″
Last week we enjoyed quite a wonderful HAXPO exhibition and HITB conference in Amsterdam. A number of great talks could be heard at the main HITB conference such as “Bootkit via SMS: 4G Access Level Security Assessment” or “Stegosploit: Hacking with Pictures“. And not only that: there were also several engaging hands-on workshops.
Apart from the main conference, there was the HAXPO – a hacker exhibition. At this exhibition you could connect with people from different companies, get a lot of merchandise, and also listen to several briefings on security and its philosophy. Fortunately, we had the pleasure to present two of these briefings and maybe you tested your web application skills at the ERNW booth.
Continue reading “ERNW@HAXPO/HITB 2015”
Continue reading
We hope you are enjoying the ride as we continue our journey through IPv6. Below we have a great mix of talks, slides, and videos in this area posted below. We look forward to hosting more IPv6 (March 14th & 15th) talks next year at TROOPERS16!
Continue reading “Blog 4: Beyond the Thunderdome:
A Review of TROOPERS15″
Welcome to the third edition of “Beyond the Thunderdome: A Review of TROOPERS15”. The focus today is on IPv6 and Data Center Networks, so kick back and enjoy the following talks and videos. And as always, check out our website www.troopers.de for details on TROOPERS16 March 14-18, 2016. Continue reading “Blog 3: Beyond the Thunderdome:
A Review of TROOPERS15″