tl;dr: With the tool nmap-parse-output you can convert, manipulate or extract data from a Nmap/masscan scan output. This allows you to get the information you’re looking for by just entering a straightforward command. Continue reading “nmap-parse-output: A tool for analyzing Nmap scans”
Continue readingCategory: Building
IPython Support for Binary Ninja
This blogpost is about the release of a plugin for Binary Ninja that allows you to run a Python Kernel inside the Binary Ninja GUI environment to which you can attach a Jupyer (QT) console, formerly known as IPython shell. The first section is about why this is useful, the second is about some issues I encountered and how to solve them, and the third contains everything you need to know to set it up. Continue reading “IPython Support for Binary Ninja”
Continue readingdizzy version 2.0 released
A new major version of our fuzzing framework dizzy has been released.
This blog post will cover the biggest changes and new features, as well as give you a short introduction into how to use them.
You can find the new version on github.
Continue reading “dizzy version 2.0 released”
Continue readingPoSh_ATTCK – ATT&CK Knowledge at your PowerShell Fingertips…
When I recently joined the Windows Security team at ERNW, Enno asked me if I wanted to write a ‘welcome’ blogpost on a topic of my choosing… Up for the challenge, and since I had been playing with BloodHound & Cypher for the last couple of months, I first thought I would do something on that topic.
However, after gathering my thoughts and some Cypher I had collected here and there, I realized that the topic of Bloodhound Cypher might actually require several blog posts… And so I changed my mind. I will keep the joys of Cypher for later, and in this post, I will talk about a tiny tool I wrote to query the Mitre ATT&CK™ knowledge base from the comfort of a PowerShell prompt. Continue reading “PoSh_ATTCK – ATT&CK Knowledge at your PowerShell Fingertips…”
Continue readingNew Release of Glibc Heap Analysis Plugins
After quite some time and work, I’m happy to announce the new release of the Linux Heap Analysis Plugins, which are now part of the Rekall project, but not yet part of an official Rekall release, so you have to grab them manually.
This release fixes several bugs and adds the following features:
Continue reading “New Release of Glibc Heap Analysis Plugins”
printf(“Hello World!”) Part 2
As our journey to the new product continues we are facing the typical challenges of phase 2 in the software development life cycle, the design phase (see part 1 for the overview of the phases):
Continue reading “printf(“Hello World!”) Part 2″
Continue readingprintf(“Hello World!”)
ERNW has a new baby, so please say “hello” to the new ERNW SecTools GmbH ;-).
But why another ERNW company? Short answer: Because we want to contribute to changing the way how software is built today: insecure, focused on profit and sometimes made by people who ignore lessons from history. So how can we contribute in this space? Start changing it ;-).
Continue reading “printf(“Hello World!”)”
Continue readingVirtualized Training Environment with Ansible
As Kai and I will be holding a TROOPERS workshop on automation with ansible, we needed a setup for the attendees to use ansible against virtual machines we set up with the necessary environment. The idea was, that every attendee has their own VMs to run ansible against, ideally including one to run ansible from, as we want to avoid setup or version incompatibilities if they set up their own ansible environment on their laptop. Also they should only be able to talk to their own machines, thus avoiding conflicts because of accidental usage of wrong IPs or host names but also simplify the setup for the users.
Continue reading “Virtualized Training Environment with Ansible”
Continue readingWhy It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects
Looking at IPv6 deployment graphs like this one it becomes clear that IPv6 still is not widely deployed in enterprise space (the reason for the apparent oscillation in that curve is the difference between working days – where people use their office computers – and weekend where they preferably use their smartphones or their home equipment connected by means of broadband networks).
Continue reading “Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects”
Continue readingReading the BlueCoat FileSystem
You may remember our last post regarding the SGOS system and the proprietary file system. Since then, we got access to a newer version of the system (6.6.4.2). Still not the most current one (which seems to be 6.7.1.1) nor of the 6.6.x branch (which seems to be 6.6.5.1) though. As this system version also used the same proprietary filesystem (although it initially booted from a FAT32 partition), I decided to take a deeper look into this.
Continue reading “Reading the BlueCoat FileSystem”
Continue reading