Insinuator.net – Page 59 – Bold Statements

October 19, 2014 by Brian Butterly

LTE vs. Darwin @ Hackers to Hackers Conference 11

Hello Everybody and greetings from Sao Paulo,

We’re currently enjoying the Brazilian sunshine, waiting for H2H2 11’s closing remarks and decided to give you a few details on the past three days. The conference was opened by a short welcome by our fellow Trooper Rodrigo Rubira Branco and stuffed with loads of great talks. This year’s keynotes came from Daniel J. Bernstein and Halvar Flake and gave yet another insight into the ever changing world of InfoSec. The international lineup also included Travis Goodspeed, Sergej Bratus and Fernando Gont. H2HC was a great chance for us to talk to various Hackers from around the world and share our opinions and knowledge. Continue reading “LTE vs. Darwin @ Hackers to Hackers Conference 11”

Breaking

October 18, 2014 by Enno Rey

A “Please, Don’t Waste my Time” Approach and the Sourcefire/Snort Evasion

This is a guest post from Antonios Atlasis.

Yesterday we (Rafael Schaefer, Enno and me) had the pleasure to deliver together our talk at BlackHat Europe 2014 named Evasion of High-End IDPS Devices at the IPv6 Era (by the way, latest slides can be found here and the white paper here). In this talk we summarised all the IDPS evasion techniques that we have found so far. At previous blogposts I had the chance to describe how to evade Suricata and TippingPoint. In this post I am going to describe some other techniques that can be used to evade Snort, and its companion commercial version, Sourcefire. The tool used to evade these IDPS is – what else – Chiron.

The versions that we used for our tests are the latest available ones at the time of this writing, that is:

Sourcefire, Model 3D7020 (63) Version 5.2.0.3 (Build 48), VDB version 216.
Snort 2.9.6.2 GRE (build 77), Registered User’s Release Rules.

Continue reading “A “Please, Don’t Waste my Time” Approach and the Sourcefire/Snort Evasion”

Building

October 15, 2014 by Enno Rey

Deaggregation by large organizations

Some hours ago Iljitsch van Beijnum posted an email with the above subject to the RIPE Best Current Operational Practices (BCOP) mailing list.
Therein he describes the growing issue of (IPv6 prefix) deaggregation desires/approaches by certain organizations vs. the filtering practices of other organizations (providers). I touched this problem, from an enterprise’s perspective, some time ago in the second part of my blog post series on IPv6 address planning. Given we think that the discussion is heavily needed from several angles, I had actually submitted a talk on the topic twice (for the RIPE meeting in Warsaw in May and the upcoming one in London) which was unfortunately rejected at both occasions.
I’m hence very happy to see that a dialogue about the inherent dilemma might be started by Iljitsch’s mail. As a contribution to the development of a BCOP document I will hereby publish our draft slides of the talk which was initially planned. Furthermore two fellow IPv6 practitioners (Hi Roland & Nico!) and I plan to release a detailed paper with research results as for IPv6 prefix distribution at major European IXs in the near future.

Let’s hope that we as the IPv6 community can reach some consensus in this space soon. See you in London,
have a good one everybody

Enno

Events

October 14, 2014 by Christopher Werny

North American IPv6 Summit 2014

Hello everyone,

I know I am a bit late with this post, but I was speaking on the North American IPv6 Summit in Denver three weeks ago. The focus of my talk was on Why IPv6 Security is hard – Structural Deficits of IPv6 & Their Implications (slightly modified/updated from the Troopers IPv6 Security Summit). We consider the NA IPv6 Summit as one of the most important IPv6 events at all and we were happy to contribute to the overall success. The conference was organized for the 7^th time by the Rocky Mountain IPv6 Task Force and took place in the Grand Hyatt Denver (37th floor ;-)). Luckily the weather was perfect, and the view of the landscape from the conference rooms was just amazing. I really enjoyed the time in Denver, as the organizer sdid all they could to treat the speaker well J. The talks were of mix of regular research or case-study type talks and some sponsored talks ranging from deployment experience, security and statistics to SDN (Yes, I said it ;)) and the Internet of Things (I said it again ;)). The line-up was nicely put together.

Continue reading “North American IPv6 Summit 2014”

Breaking

October 4, 2014 by Enno Rey

Chiron – An All-In-One IPv6 Penetration Testing Framework

This is a guest post from Antonios Atlasis.

Last week I had the pleasure to give you my impressions regarding my experience about hacking for b33r at Ghent, that is, my participation at BruCON 2014 hacking conference. As I said among else, the reason that I was there was to present Chiron, my IPv6 penetration testing/security assessment framework, which was supported by the Brucon 5×5 program. The first version of Chiron had been presented at Troopers 14, during the IPv6 Security Summit.

Continue reading “Chiron – An All-In-One IPv6 Penetration Testing Framework”

Events

September 27, 2014 by Enno Rey

“Hacking for a B33r” at Ghent

This is a guest post by Antonios Atlasis.

This week I had the pleasure to attend BruCON 2014. While participating at the Brucon 5×5 program, I had also the chance to attend this well-known European Con which is held in the beautiful city of Ghent.

Continue reading ““Hacking for a B33r” at Ghent”

Misc

September 20, 2014 by Enno Rey

Security Implications of Disruptive Technologies

Yesterday I gave a talk with the above title in a private setting. Given it might be of interest for some of you, the slides can be found here.

Have a great weekend everybody

Enno

Building

September 3, 2014 by Enno Rey

MLD and Neighbor Discovery. Are They Related?

This is a guest post from Antonios Atlasis.

Today we had the opportunity at ERNW to have a full-day discussion about MLD. The discussion was led by Jayson Salazar who writes his thesis on the topic.

For the newcomers to IPv6 world, the purpose of MLD, a subprotocol of IPv6, as defined in RFC 2710, is “to enable each IPv6 router to discover the presence of multicast listeners (that is, nodes wishing to receive multicast packets) on its directly attached links, and to discover specifically which multicast addresses are of interest to those neighboring nodes.” MLD was updated by MLDv2 in RFC 3810 in order to “add the ability for a node to report interest in listening to packets with a particular multicast address only from specific source addresses or from all sources except for specific source addresses.”

Continue reading “MLD and Neighbor Discovery. Are They Related?”

Breaking

August 25, 2014 by Frank Block

ERNW’s Top 9 Burp Plugins

In the context of an internal evaluation, we recently had a look at most of the burp plugins available from the BApp store. The following overview represents our personal top 9 plugins, categorized in “Scanner Extensions”, “Manual Testing” and “Misc” in alphabetic order:
Continue reading “ERNW’s Top 9 Burp Plugins”

Building

August 21, 2014 by Enno Rey

Atomic Fragments vs. Fragmentation in the IPv6 “Real World”

This is a guest post by Antonios Atlasis.

Continuing the discussion about the IPv6 Atomic Fragments started at the IPv6 hacker’s mailing list and the freshly proposed draft RFC regarding the deprecation of the generation of IPv6 Atomic Fragments, we decided to check very quickly what is the current situation regarding the acceptance or the rejection of Atomic fragments in the “real world”. Thanks to Rafael Schaefer and the RISC lab at ERNW, we got some first measurements really fast.

Continue reading “Atomic Fragments vs. Fragmentation in the IPv6 “Real World””