Suricata is an advanced open source network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata is owned and supported by the Open Information Security Foundation (OISF), a US based non-profit organization dedicated to open source security technologies. Suricata’s use around the world and ongoing development is the result of the open source community with focus on security, performance and advanced features. Continue reading “TR17 Training Teaser: Suricata: World-class and Open Source”
Ensuring the security of web applications in continuous delivery environments is an open challenge for many organizations. Traditional application security practices slow development and, in many cases, don’t address security at all. Instead, a new approach based on security automation and tactical security testing is needed to ensure important components are being tested before going live. Security professionals must master their tools to improve the efficiency of manual security testing as well as to deploy custom security automation solutions. Continue reading “TR17 Training Teaser: Developing Burp Suite Extensions – From manual testing to security automation”
The 1-day training from last TROOPERS has become a 2-day training, featuring even more real-world attacks and defenses as well as new hands-on sessions! We’ll teach you, step by step, how to spot and exploit crypto vulnerabilities, how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications), and bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto. Continue reading “TR17 Training: Crypto attacks and defenses”
We had to make some tough choices regarding our TROOPERS17 Main Conference Agenda. Thank you again to everyone for submitting! The full agenda will be published later this week, but for now here are the next round of talks!
Fuzzing is a very old technique to find bugs and vulnerabilities in software. However it has seen a new push in recent years due to vastly improved tools. The compilers gcc and clang have received Sanitizer tools that allow finding a lot of bugs like use after free errors and out of bounds reads that are otherwise very hard to find.
It is the end of the year and we are hoping it is not too hectic of a time for you all! But if it is, hopefully the announcement of our next round of TROOPERS17 talks is enough to get you in the TROOPERS (if not the holiday) spirit 🙂
Francis Alexander & Bharadwaj Machiraju: How we hacked Distributed Configuration Management Systems
With increase in necessity of distributed applications, coordination and configuration management tools for these classes of applications have popped up. These systems might pop-up occasionally during penetration tests. The major focus of this research was to find ways to abuse these systems as well as use them for getting deeper access to other systems. Continue reading “2nd Rounds of TROOPERS17 Talks!”
It summarized five presentations of the 6th Annual Workshop on Security and Privacy in Smartphones (SPSM’16). In short, it contained presentations on: over-the-top and phone number abuse, smartphone fingerprinting, apps privacy increase and protection/security, and apps privacy ranking. Continue reading “CCS’16 – Day 2 – 25th October 2016”
TROOPERS16 was packed with epic talks from around the world, an unknown evil twin brother appearing, hands-on trainings, and a legendary year for our TROOPERS Charity efforts! If you were there you might be wondering to yourself how could they possibly top it? Well, I am going to let you in on a little secret: Next year is the 10th edition of TROOPERS. One DECADE of TROOPERS, and we are pulling out all the stops! Starting with the announcement of the first 5 talks!
The newest addition to ERNW, ERNW Insight which now hosts TROOPERS, is launching a new concept this year. Based on the successful TROOPERS Roundtable sessions, ERNW Insight will host a series events every year covering current and relevant topics in the field of IT Security. While the style of the events may vary the in-depth knowledge sharing that you have come to know from TROOPERS will not! Continue reading “IoT Insight Summit November 15, 2016”