As you may know, we published a whitepaper discussing the behavior of different operating systems once they receive IPv6 configuration parameters from different sources two years ago. At that time, the results were quite a mess. We were curious whether the situation is still so “dire” like two years ago. We fired up the lab, updated the tested operating systems and performed the tests again. Continue reading “IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited”
Continue readingCategory: Building
Release of Glibc Heap Analysis Plugins for Rekall
I’m happy to announce the release of several Glibc heap analysis plugins (for Linux), resp. plugins to gather information from keepassx and zsh, which are now included in the Rekall Memory Forensic Framework. This blogpost will demonstrate these plugins and explain how they can be used. More detailed information, including real world scenarios, will be released after the talk at this years DFRWS USA.
Continue reading “Release of Glibc Heap Analysis Plugins for Rekall”
Continue readingAgile Development & Security
I’m a big fan of Chris Gates’ publications on DevOops and From Low to Pwned. The content reflects a lot of issues that we also experience in many assessments in general and assessments in agile environments in particular. In addition, we were supporting several projects recently that were organized in an agile way. In this post, I want to summarize some thoughts on how security work can/should be integrated into agile projects. Continue reading “Agile Development & Security”
Continue readingIPv6 Properties of Windows Server 2016 / Windows 10
In this post we’ll take a detailed look at the properties of the Windows Server 2016 IPv6 stack.
I perform(ed) this exercise for several reasons:
Continue reading “IPv6 Properties of Windows Server 2016 / Windows 10”
Continue readingIPv6 Configuration Approaches for Servers
In this post I’ll discuss configuration approaches for systems which usually have been configured with “static” IP parameters in the IPv4 age/context (like servers in data centers). When it comes to IPv6 there are more options and we’ll have a look at their implications and potential advantages/disadvantages.
Continue reading “IPv6 Configuration Approaches for Servers”
Continue readingConsiderations on DMZ Design in 2016, Part 3: Some Notes on Firewall Rule Management
This is the 3rd part of this loose series on considerations of (operating) DMZs in 2016 (part 1 on the role of a DMZ is can be found here, part 2 on reverse proxies here).
Again, I dare to deviate a bit from the plan & order I initially had in mind – today I will cover one process whose maturity may significantly influence the overall security posture of a DMZ environment: firewall rule management.
(Securely) Updating Smart Devices / Some Considerations
How to provide updates to IoT devices – yes, I’m aware this might be a overly broad generalization for many different devices – has been the topic of many discussions in the last years (for those interested the papers from the “Internet of Things Software Update Workshop (IoTSU)” might be a good starting point).
Given Matthias and I will moderate the respective session at tomorrow’s IoT Insight Summit I started writing down some points that we consider relevant in this context.
Continue reading “(Securely) Updating Smart Devices / Some Considerations”
Continue readingIPv6 Source Address Selection
As we all know an IPv6 enabled host can have multiple addresses. In order to select a source address for a to-be established outbound connection, operating systems implement a source address selection mechanism that evaluates multiple source address candidates and selects the (potentially) best candidate. Criteria for this selection are defined in RFC6724 (which obsoletes RFC 3484).
Continue reading “IPv6 Source Address Selection”
Continue readingDiving into EMET
Last week, we decided to take a look onto the EMET library provided by Microsoft. This library is intended to introduce several security features to applications which are not explicitly compiled to use them.
It also adds an additional layer to protect against typical exploiting techniques by filtering library calls, preventing usage of dangerous functions/components and inserting mitigation technologies.
As EMET is already a target for many researchers, we currently only started to get an overview of it’s structure and how the different components are interacting with each other. Today we would like to share some of our results with you.
Continue reading “Diving into EMET”
Continue readingFiles Your Webserver Shouldn’t Deliver
During penetration tests, we often find interesting files on web servers. Almost as often, those files enable us to carry out further attacks with much higher impact. Inspired by Chris Gate’s great series From Low to Pwned, we decided to share the following small piece.
Continue reading “Files Your Webserver Shouldn’t Deliver”
Continue reading