We are super excited for TROOPERS18 (March 12-16th, 2018) as are many of you! We even have this great saying that “after TROOPERS is before TROOPERS”, which means we spend a lot of time looking through feedback from attendees, speakers/trainers, and our own Crew for ways to not only top what we’ve done in the years before, but also how to simply make it better for everyone involved. Looking around at our Crew we realized how many have either attended TROOPERS or other conferences as students. We heard from them, as well as other students, how life changing it was to be able, as a student, to attend an IT-Security conference. How they got to meet a speaker whose work they’d read about in class. How people felt even more a part of the community they were studying hard to belong to. Continue reading “TROOPERS for Students!”
Continue readingAuthor: Niki Vonderwell
Black Hat 20 & DEFCON 25
Some of the ERNW Crew hit up Black Hat USA and DEFCON. Our own Omar Eissa even gave his first BH and DEFCON talks! See which talk we liked and what inspiration we took home.
Continue reading “Black Hat 20 & DEFCON 25”
Continue readingDevOps, Continuous Deployment & Agile Security September 7, 2017
The following post is in German as it is covering an Event with German as the main language.
INSIGHT SUMMIT 2017 präsentiert DevOps, Continuous Deployment & Agile Security
Inspiriert durch die erfolgreichen Round Table Session der TROOPERS freuen wir uns Ihnen heute mit dem AgileSecurity Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.
Die Veranstaltung beginnt am Morgen mit einer Keynote, gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus der Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round-Table Sessions teilnehmen. In den Round-Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert. Continue reading “DevOps, Continuous Deployment & Agile Security September 7, 2017”
Continue readingDocker Security & (Sec) DevOps Training July 19-20th
The following post is in German as it is covering a Training with German as the main language.
Professionelles Training im Workshop Character:
Docker, Microservices, Kubernetes, DevOps, Continuous
Integration/Deployment/Delivery (CI/CD), Container – moderne
Entwicklungsprozesse kommen nicht mehr ohne diese Begriffe aus. In diesem Kurs
lernen Sie die Security Grundlagen um diese Dinge zu beherschen.
Docker Security & (Sec) DevOps Training:
Im Training werden unter Anderem die folgenden Fragestellungen behandelt:
- Wie stark/zuverlässig sind die Isolationsmechanismen hinter Docker/Linux/Betriebssystem-Containern?
- Wie beeinflussen Container typische Applikations- und Netzwerk-Landschaften?
- Wie beeinflussen die CI/CD/Microservice Paradigmen traditionelle Entwicklungsprozesse?
- Wie sieht eine typische CI/CD Pipeline aus?
- Was sind potentielle Schnittstellen zwischen „Security“ und diesen Paradigmen?
- Welche zusätzlichen Security-Herausforderungen ergeben sich aus der veränderten Entwicklungslandschaft und neuen Tool-Chains?
Continue reading “Docker Security & (Sec) DevOps Training July 19-20th”
Continue readingActive Directory Security & Secure Operations July 18, 2017
The following post is in German as it is covering an Event with German as the main language.
INSIGHT SUMMIT 2017 präsentiert Active Directory Security & Secure Operations
Inspiriert durch die erfolgreichen Round Table Sessions der TROOPERS freuen wir uns Ihnen heute mit dem Active Directory Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.
Die Veranstaltung beginnt am Morgen mit einer Hinführung zum Thema Active Directory Sicherheit gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus Wirtschaft und Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round Table Sessions teilnehmen (jeder Teilnehmer kann an beiden Sessions teilnehmen). In den Round Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert.
Continue reading “Active Directory Security & Secure Operations July 18, 2017”
Continue readingTR17 Training: Crypto attacks and defenses
This is a guest blog written by Jean-Philippe Aumasson & Philipp Jovanovic about their upcoming TROOPERS17 training: Crypto attacks and defenses.
The 1-day training from last TROOPERS has become a 2-day training, featuring even more real-world attacks and defenses as well as new hands-on sessions! We’ll teach you, step by step, how to spot and exploit crypto vulnerabilities, how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications), and bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto. Continue reading “TR17 Training: Crypto attacks and defenses”
Continue reading3rd Round of TROOPERS17 Talks
We had to make some tough choices regarding our TROOPERS17 Main Conference Agenda. Thank you again to everyone for submitting! The full agenda will be published later this week, but for now here are the next round of talks!
Continue reading “3rd Round of TROOPERS17 Talks”
Continue readingTR17 Training: Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer
This is a guest blog written by Hanno Böck who will be running the Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer at TROOPERS17.
Fuzzing is a very old technique to find bugs and vulnerabilities in software. However it has seen a new push in recent years due to vastly improved tools. The compilers gcc and clang have received Sanitizer tools that allow finding a lot of bugs like use after free errors and out of bounds reads that are otherwise very hard to find.
Continue reading “TR17 Training: Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer”
Continue reading2nd Rounds of TROOPERS17 Talks!
It is the end of the year and we are hoping it is not too hectic of a time for you all! But if it is, hopefully the announcement of our next round of TROOPERS17 talks is enough to get you in the TROOPERS (if not the holiday) spirit 🙂
Francis Alexander & Bharadwaj Machiraju: How we hacked Distributed Configuration Management Systems
With increase in necessity of distributed applications, coordination and configuration management tools for these classes of applications have popped up. These systems might pop-up occasionally during penetration tests. The major focus of this research was to find ways to abuse these systems as well as use them for getting deeper access to other systems. Continue reading “2nd Rounds of TROOPERS17 Talks!”
Continue readingCCS’16 – Day 2 – 25th October 2016
Hello again.
Andrei Costin (at http://firmware.re project) is here, and this is the second post from a series of guest postings courtesy of ERNW (thanks Niki and Enno!).
Few days ago, the first CCS’16 summarization post went online: https://insinuator.net/2016/11/introduction-ccs16-day-1-24th-october-2016/
It summarized five presentations of the 6th Annual Workshop on Security and Privacy in Smartphones (SPSM’16). In short, it contained presentations on: over-the-top and phone number abuse, smartphone fingerprinting, apps privacy increase and protection/security, and apps privacy ranking. Continue reading “CCS’16 – Day 2 – 25th October 2016”
Continue reading