Niki Vonderwell – Page 4

March 28, 2016 by Niki Vonderwell

The Joy of Sandbox Mitigations

This year at TROOPERS16 in Heidelberg we welcomed James Forshaw for his talk about “The Joy of Sandbox Mitigations“.

He is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he has numerous disclosures in a wide range of products from web browsers to virtual machine breakouts as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. Continue reading “The Joy of Sandbox Mitigations”

Events

March 28, 2016 by Niki Vonderwell

SDR and non-SDR tools for reverse engineering wireless systems

Hey there!
The God of frequencies Michael Ossmann visited us again this year at the TROOPERS16 and showed us how to break another device using a specific setup.

Last time he introduced the HackRF One to us (Read here:https://www.insinuator.net/2014/08/hackrf-one-the-story-continues/), but this post is a short summary of his talk about “Rapid Radio Reversing”, he is a wireless security researcher, who makes hardware for hackers. Best known for the HackRF, Ubertooth, and Daisho projects, he founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.

Continue reading “SDR and non-SDR tools for reverse engineering wireless systems”

Breaking

March 2, 2016 by Niki Vonderwell

How to crack a white-box without much effort

By: Philippe Teuwen (@doegox)

White-box cryptography is a relatively new field that aims at enabling safely cryptographic operations in hostile situations.
A typical example is its use in digital-right management (DRM) schemes, but nowadays you also find white-box implementations in mobile applications such as Host Card Emulation (HCE) and the protection of credentials to the cloud.
In all these use-cases the software implementation uses the secret key of a third-party which should remain secret from the owner of the device which is running this executable.

Continue reading “How to crack a white-box without much effort”

Events

February 2, 2016 by Niki Vonderwell

Pentesting with Metasploit #TR16 Training

In this year’s MSF training we will guide you through the typical steps of the pentest cycle: information gathering, attacking and looting your targets. For each step, demos and exercises will help you deepen and test your newly acquired knowledge. In addition to the typical penetration-test scenarios you will also learn several advanced aspects of the framework such as: how writing your own metasploit modules works, how to export payloads and make them undetected. With a final exercise each day you can finally challenge yourself and apply what you have learned!

Be prepared with a Virtualbox installation and a notebook. If you prefer, you can install MSF on your laptop beforehand and make yourself familiar with it. As a special bonus, MSF is typically one of the tools always summoned during the infamous PacketWars!

See you there!
Benedikt

Building

January 27, 2016 by Niki Vonderwell

TROOPERS16 Training Teaser: Dos and Don’ts of Secure Active Directory Administration

In the last few years, attack techniques which fall in the categories of “Credential Theft” or “Credential Reuse” have grown into one of the biggest threats to Microsoft Windows environments. Microsoft has stated more than one time, that nearly almost all of their customers that run Active Directory have experienced “Pass-the-Hash” (PtH) attacks recently.[1] Once an attacker gains an initial foothold on a single system in the environment it takes often less than 48 hours until the entire Active Directory infrastructure is compromised. To defend against this kind of attacks, a well-planned approach is required as part of a comprehensive security architecture and operations program. As breach has to be assumed[2], this includes a preventative mitigating control strategy, where technical and organizational controls are implemented, as well as preparations against insider attacks. This is mainly achieved by partitioning the credential flow in order to firstly limit their exposure and secondly limit their usefulness if an attacker was able to get them. Although we spoke last year at Troopers 15 about “How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise”[3], we would like to summarize exemplary later in this post Active Directory pentest findings that we classified in four categories in order to better understand what goes typically wrong and thus has to be addressed. For a better understanding of the overall security goals, we classified the findings as to belonging as a security best practice violation of the following categories: Continue reading “TROOPERS16 Training Teaser: Dos and Don’ts of Secure Active Directory Administration”

Events

January 14, 2016 by Niki Vonderwell

5th Round of TROOPERS16 Talks Accepted

Happy 2016 everyone! We are exactly 2 months away from the start of TROOPERS16!! Speakers and Trainers across the globe are polishing (or in some cases creating) their PowerPoints to use while delivering their highly technical and entertaining talks. While we here at TR HQ are busy tweaking orders, creating challenges to boggle the mind and test your skills, and of course working on some top secret fun. 😉

#BestWeekEver

Your TROOPERS Team

Continue reading “5th Round of TROOPERS16 Talks Accepted”

Misc

January 7, 2016 by Niki Vonderwell

Another Perspective in Vulnerability Disclosure

As you know we (as in ERNW) are quite involved when it comes to vulnerability disclosure and we’ve tried to contribute to a discussion at several occasions, such as Reflections on Vulnerability Disclosure and ERNW Newsletter 50 Vulnerability Disclosure Reflections Case Study.

In this post I want to add (yet) another perspective, motivated by a disclosure procedure which just happened recently. Continue reading “Another Perspective in Vulnerability Disclosure”

Events

December 22, 2015 by Niki Vonderwell

4th Round of TROOPERS16 Talks Accepted

As we come to the end of the year we can’t help but take a moment to thank all of your who made TROOPERS15 special! It just makes us all the more pumped to kick it up a notch for TROOPERS16!! #BestWeekEver

Happy Holiday and much Joy to you in the New Year!

Your TROOPERS Team

Continue reading “4th Round of TROOPERS16 Talks Accepted”

Events

December 17, 2015 by Niki Vonderwell

3rd Round of TROOPERS16 Talks Accepted

Here at TROOPERS HQ we are well into the Holiday (read TROOPERS) Spirit so we thought we would publish another round of talks! The current agenda can be found here.

Happy Holidays!

Your TROOPERS Team

Continue reading “3rd Round of TROOPERS16 Talks Accepted”

Events

December 11, 2015 by Niki Vonderwell

2nd Rounds of TROOPERS16 Talks

Here’s the second round of TROOPERS16 talks. For more information check out our website: TROOPERS

Happy Holidays and all the best for 2016 to everybody!

Your TROOPERS Team Continue reading “2nd Rounds of TROOPERS16 Talks”