Florian Grunow – Insinuator.net

Misc

February 6, 2024 by Florian Grunow

Considerations on AI-Security – Part I: Introduction and Nondeterminism

Hey there!

This is the first blog post in a series about issues we think are currently relevant in the field of AI-Security. The intention is not to get full coverage of the topic, but to point out things that seem practical and relevant. We will base some of our statements on lab setups and real-life examples. The technology that we will focus on is chat bots based on generative AI, mainly OpenAI’s ChatGPT. Right now, this specific application of AI in the wild seems to be the best way to demonstrate issues and pitfalls when it comes to IT security.

Continue reading “Considerations on AI-Security – Part I: Introduction and Nondeterminism”

Building

October 20, 2023 by Florian Grunow

Student Project – Audit Framework

Introduction

In 2021, ERNW collaborated with Hochschule Mannheim for their CEP (Cyber Security Entwicklungsprojekt) to build an auditing framework for testing operating system configurations against security procedures. This project is part of the education program of the university to give the students the chance to utilize the knowledge gained throughout the first semesters in a real world project. ERNW posed as the fictitious customer, providing a requirements document and regular meetings with all project groups for feedback. We planned to process and adapt the results for an open source auditing framework. Unfortunately, we were not able to finish this project yet, but we think the students should get some attention for their work independent from our side. So here is a short summary of what the students created and the corresponding repositories.
Continue reading “Student Project – Audit Framework”

Misc

December 16, 2022 by Florian Grunow

Hilarious Buffer Overflow Mitigation and TCL Injection in CheckPoint Gaia Portal

Hey there,

I am going to disclose two bug classes I found a while ago in CheckPoint R77.30: Two buffer overflows in the username (no shit) and HTTP method of a request to the administrative UI pre-auth and some interesting injections into the TCL web interface.

Continue reading “Hilarious Buffer Overflow Mitigation and TCL Injection in CheckPoint Gaia Portal”

Breaking

November 23, 2018 by Florian Grunow

Plume Twitter Client URL Spoofing

It is possible to spoof the URLs that Plume will open to arbitrary locations because of how Plume parses URLs. The preview of an URL in a tweet will show the complete (at least the host name and the first few chars of the URL) but shortened URL. However, if the URL contains a semicolon (;) the URL that will be opened is the part after the semicolon. Continue reading “Plume Twitter Client URL Spoofing”

Breaking

May 16, 2018 by Florian Grunow

Security of Busch-Jaeger IP Gateway

IoT is everywhere right now and there are a lot of products out there. I have been looking at an IP Gateway lately and found some serious issues. The Busch-Welcome IP-Gateway from Busch-Jaeger is one of the devices that bridges the gap between sensors and actors in your smart home and the network/Internet. It enables the communication to a door control system that implements various smart home functions. The device itself is offering an HTTP service to configure it, which is protected by a username and password. Some folks even actually expose the device and its login to the Internet. I tried to configure one of these lately and stumbled upon some security issues that I would like to discuss in this blog post.
Continue reading “Security of Busch-Jaeger IP Gateway”

Breaking

March 15, 2018 by Florian Grunow

Squirrelmail Full Disclosure – TROOPERS18

Birk an me basically fully disclosed a 0day in Squirrelmail yesterday. This is a short Q&A to answer the most common questions about the issue to calm you all down a little bit. 😉

Continue reading “Squirrelmail Full Disclosure – TROOPERS18”

Events

September 28, 2017 by Florian Grunow

HITCON CMT 2017

Some of our Troopers had the chance to visit HITCON conference in Taiwan this year. There are two main events: HITCON Pacific, which is aimed more at corporate attendees and HITCON CMT, the community edition, which aims at students and the general Infosec community. HITCON is the biggest security conference in Taiwan.

Continue reading “HITCON CMT 2017”

Misc

December 28, 2016 by Florian Grunow

Woolim – Lifting the Fog on DPRK’s Latest Tablet PC

Niklaus, Manuel and me had a great time speaking about one of the latest Tablet PCs from DPRK at 33C3 this year. Our work on RedStar OS from last year revealed a nasty watermarking mechanism that can be used to track the origin and distribution path of media files in North Korea. We have seen some interesting dead code in some of RedStar’s binaries that indicated a more sophisticated mechanism to control the distribution of media files. We got hands on a Tablet PC called “Ul-lim” that implemented this advanced control mechanism.

Continue reading “Woolim – Lifting the Fog on DPRK’s Latest Tablet PC”

Events

September 3, 2016 by Florian Grunow

MRMCD16 – diagnosis:critical

This year’s MRMCD16 had a topic that immediately let me submit a talk about medical device security: “diagnosis:critical”. Or to quote the official website:


Security issues in soft- and hardware have a low chance of healing, especially in medical IT.
Despite years of therapy using code reviews and programming guidelines, we still face huge amounts of vulnerable software that probably is in need of palliative treatment.
Security vulnerabilities caused by the invasion of IT in the medical sector are becoming real threats. From insulin pumps over analgesic pumps through to pace makers, more and more medical devices have been hacked already. This year's motto "mrmcd2016 - diagnosis:critical" stands summarizing for the current state of the whole IT sector.

Continue reading “MRMCD16 – diagnosis:critical”

Events

December 30, 2015 by Florian Grunow

DPRK’s RedStar OS on 32c3

Niklaus and me had the chance to talk about our research on RedStar OS on the 32nd Chaos Communication Congress in Hamburg this year. You can see the talk online at media.ccc.de or on Youtube.

We talked about the details of the watermarking mechanism that we found in July and additional features of RedStar OS like it’s “Virus Scanner” and the system architecture. During the days after our talk we were able to find watermarks applied by RedStar OS in the wild on some sites on the Internet. We can confirm at least 7 different instances of RedStar OS that have applied watermarks to JPGs. Cleaning up the data is work in progress and we will get back to you with the results! Niklaus has put our presentation and additional resources in the git. Feel free to join us in our research and make the world a safer place!

32c3 was amazing, as every time! Big thanks to all the volunteers who made this possible. Niklaus and I enjoyed every second! 🙂

Hope to see some of you at Troopers 16 in March 2016!

Cheers,

Florian