Events

TR17 Training Teaser: Suricata: World-class and Open Source

This is a guest blog by Andreas Herz and Peter Manev for their training,  Suricata: World-class and Open Source

Suricata is an advanced open source network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata is owned and supported by the Open Information Security Foundation (OISF), a US based non-profit organization dedicated to open source security technologies. Suricata’s use around the world and ongoing development is the result of the open source community with focus on security, performance and advanced features. Continue reading “TR17 Training Teaser: Suricata: World-class and Open Source”

Continue reading
Events

TR17 Training Teaser: Developing Burp Suite Extensions – From manual testing to security automation

This is a guest post from TR17 trainer Luca Carettoni: Developing Burp Suite Extensions

Ensuring the security of web applications in continuous delivery environments is an open challenge for many organizations. Traditional application security practices slow development and, in many cases, don’t address security at all. Instead, a new approach based on security automation and tactical security testing is needed to ensure important components are being tested before going live. Security professionals must master their tools to improve the efficiency of manual security testing as well as to deploy custom security automation solutions. Continue reading “TR17 Training Teaser: Developing Burp Suite Extensions – From manual testing to security automation”

Continue reading
Events

TelcoSecDay 2017 – Next Talks and Agenda

As Troopers17 and TSD are getting closer, I’d like to publish the next talk’s abstract and a preliminary agenda. Still, the agenda is not final yet but you already can see some more confirmed talks. I hope to be able to confirm and publish more information about these slots soon. Also, please note that the TelcoSecDinner will start at 7pm – see more below.

Continue reading “TelcoSecDay 2017 – Next Talks and Agenda”

Continue reading
Events

33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?

This was one of the few technical talks at 33c3 I managed to see, by that I mean live-stream during an access control shift, by Clémentine Maurice and Moritz Lipp.

The talk gave an overview of some already known possible information leaks by abusing certain x86 instructions(the same concept applies to ARM too though) and demonstrating the various ways an attacker could use them. Continue reading “33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?”

Continue reading
Events

ERNW at 33C3 – Part 1

This is part 1 of our report series on interesting talks of the 33rd Congress of the Chaos Computer Club. Every year the congress attracts hundreds (up to twelve thousand this year) of technical interested people with the opportunity to socialize and exchange knowledge with each other. The congress is organized by the European largest hacker association and speakers give talks about technical and societal issues like surveillance, privacy, freedom of information, data security and various more.

Talks in this part deal with CCC at schools, Wi-Fi security and the security of the N26 banking app.

Continue reading “ERNW at 33C3 – Part 1”

Continue reading
Events

First dedicated Forensic Computing Training at TR17

I am looking forward to our newly introduced dedicated Forensic Computing Training at TR17!
We will start the first day with a detailed background briefing about Forensic Computing as a Forensic Science, Digital Evidence, and the Chain of Custody. The rest of the workshop we will follow the Order of Volatility starting with the analysis of persistent storage using file system internals and carving, as well as RAID reassembly with lots of hands-on case studies using open source tools. As a next step, we will smell the smoking gun in live forensics exercises. Depending on your preferences we will then dig a bit into memory forensics and network forensics. Continue reading “First dedicated Forensic Computing Training at TR17”

Continue reading
Events

TR17 Training: Crypto attacks and defenses

This is a guest blog written by Jean-Philippe AumassonPhilipp Jovanovic about their upcoming TROOPERS17 training: Crypto attacks and defenses. 

The 1-day training from last TROOPERS has become a 2-day training, featuring even more real-world attacks and defenses as well as new hands-on sessions! We’ll teach you, step by step, how to spot and exploit crypto vulnerabilities, how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications), and bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto. Continue reading “TR17 Training: Crypto attacks and defenses”

Continue reading