Building – Insinuator.net

April 8, 2025 by Florian Bausch

Cookie Prefixes – The Lesser Known Cookie Security Feature

When you’re analyzing web applications as a pentester or reading pentest reports about web applications, you will often see findings regarding cookies missing certain security flags. The Set-Cookie HTTP header and the JavaScript document.cookie API allow to use, for example, the flags Secure, Path, and Domain. Common audit and pentest tools will tell you when your web application does not or just insecurely implements these cookie flags.

However, they do not provide optimal security even when using these flags correctly. However, there are mitigations available that partly solve the issues.

Continue reading “Cookie Prefixes – The Lesser Known Cookie Security Feature”

Building, Misc

June 21, 2024 by Matthias Hamann

BMBF UNCOVER – Monitoring von Sicherheitsvorfällen in Fahrzeugen

English Abstract

For the realization and introduction of autonomous vehicles, the safe interaction of functions, systems and services as well as their monitoring over the entire product life cycle is essential. An exclusive security-by-design approach is no longer sufficient and must be continuously supported by feedback obtained from in-the-wild operation. This is where the recently successfully completed joint project BMBF UNCOVER comes into play, which targets the requirements of the standards ISO/SAE 21434 (Road vehicles – Cybersecurity engineering) and ISO 21448 (Road vehicles – Safety of the intended functionality (SOTIF)).

Continue reading “BMBF UNCOVER – Monitoring von Sicherheitsvorfällen in Fahrzeugen”

Building

October 20, 2023 by Florian Grunow

Student Project – Audit Framework

Introduction

In 2021, ERNW collaborated with Hochschule Mannheim for their CEP (Cyber Security Entwicklungsprojekt) to build an auditing framework for testing operating system configurations against security procedures. This project is part of the education program of the university to give the students the chance to utilize the knowledge gained throughout the first semesters in a real world project. ERNW posed as the fictitious customer, providing a requirements document and regular meetings with all project groups for feedback. We planned to process and adapt the results for an open source auditing framework. Unfortunately, we were not able to finish this project yet, but we think the students should get some attention for their work independent from our side. So here is a short summary of what the students created and the corresponding repositories.
Continue reading “Student Project – Audit Framework”

Building

December 31, 2021 by Frank Block

Release of PTE Analysis plugins for Volatility 3

I’m happy to announce the release of several plugins for Volatility 3 that allow you to dig deeper into the memory analysis. One of those plugins is PteMalfind, which is essentially an improved version of malfind. Another one is PteResolve which, similarly to the WinDBG command !pte, allows you to inspect Page Table Entry (PTE) information for e.g., a given virtual address. In this blog post we will have a closer look at these and more plugins, and the PteEnumerator base class and what you can do with it. The memory dump used for this blog post is available here. Some of the injection tools used in this blog post can be gathered from here.

Continue reading “Release of PTE Analysis plugins for Volatility 3”

Building

December 18, 2020 by Julian Suleder

ERNW White Paper 70 – HL7 FHIR: Preserving Distributed Resource Integrity

With this blog post I am pleased to announce the publication of a new ERNW White Paper about the HL7 FHIR communication standard.

Introduction

Digital networking is already widespread in many areas of life. More and more medical devices are also being networked in the healthcare industry. This growth makes the development and use of new medical communication standards necessary since existing solutions can only meet the changing requirements with great effort. The HL7 FHIR standard is an example of such a medical communication standard. FHIR is said to have increased the interoperability between different medical contexts,e.g., administration, billing, and clinical care, to enable data exchange of various systems. The FHIR standard addresses the security risks associated with strongly networked communication from a large number of systems across the trust and organizational boundaries only indirectly because FHIR does not define mandatory security controls or requirements.

Continue reading “ERNW White Paper 70 – HL7 FHIR: Preserving Distributed Resource Integrity”

Building

November 12, 2020 by Tillmann Oßwald

Reversing C++ Without Getting a Heart Attack – DEvirtualize VIrtual Calls With Devi

TLDR: This blogpost presents devi, a tool that can help you devirtualize virtual calls in C++ binaries. It uses Frida to trace the execution of a binary and uncover the call sources and destinations of virtual calls. The collected information can then be viewed in IDA Pro, Binary Ninja, or Ghidra. The plugin adds the respective control-flow edges allowing further analysis (using different plugins) or simply providing more comfort when analyzing C++ binaries.

Continue reading “Reversing C++ Without Getting a Heart Attack – DEvirtualize VIrtual Calls With Devi”

Building

September 17, 2020 by SadProcessor

Doing it Server-Side with CypherDog 4.0

Arrroooo… Bloodhound Crew!! Heard the news? CypherDog 4.0 is out and it’s full of new features…

Continue reading “Doing it Server-Side with CypherDog 4.0”

Building, Misc

September 10, 2020 by Prof. Dr.-Ing. Andreas Dewald

How can data from fitness trackers be obtained and analyzed with a forensic approach?

The use of Internet of Things devices is continuously increasing: People buy devices, such as smart assistants, to make their lives more comfortable or fitness trackers to assess sports activities. According to the Pew Research Center [1], every fifth American wears a device to track their fitness. In Germany, the number increases likewise. The increasing number of fitness trackers in use can also be seen in criminal proceedings, as there exist more and more cases where these devices provide evidence.

Which useful evidential information fitness trackers collect and how to analyze them forensically was part of a paper that we presented at WACCO 2020 this year [2]. The goal was to develop an open source program to support investigators analyzing data that fitness trackers provide and to give a general approach on how to analyze fitness trackers.

Continue reading “How can data from fitness trackers be obtained and analyzed with a forensic approach?”

Breaking, Building, Events

July 26, 2020 by Dennis Heinze

ACM WiSec 2020

Last week I attended ACM WiSec. Of course, only virtually. The first virtual conference I attended. Coincidentally, it was also the first conference I presented at. While the experience was quite different from a “real” conference, the organizers did a great job to make the experience as good as possible with, for example, a mattermost instance to interact with other conference participants.

In the following, I will list a few talks and papers that I either found very interesting or that generally stood out to me:

Continue reading “ACM WiSec 2020”

Building

May 6, 2020 by SadProcessor

Back from the ATT&CK jungle…

So there was a pandemic, the whole world was under lockdown, and I got a bit depressed.
I needed something new in my life, so I decided to take my favorite dog out for a walk in the ATT&CK jungle to check out the newly added sub-techniques…

Continue reading “Back from the ATT&CK jungle…”