Looking back on RIPE 74

From May 8th to 12th I was able to attend the 74th RIPE meeting in Budapest, Hungary. Being rather new to the networking community, I enjoyed learning a lot of different things, not only from the various interesting talks but also from inspiring conversations with a variety of people from all areas during the beautiful social events.

As it was the first RIPE meeting for me, I was very thankful for the “Newcomer’s Introduction” on Monday morning, containing a RIPE and RIPE NCC 101. It was quite helpful to get into the mindset and understand the structure of the meeting, like the division into different working groups based on the participants’ interests. After familiarizing myself with the concept, I chose to attend several sessions on Address Policy, IPv6, Routing, Open Source, and DNS working groups besides the general plenary sessions. I’ll be reviewing those sessions here. Continue reading “Looking back on RIPE 74”

Continue reading

Insight Summit on June 1st: DevOps, Continuous Deployment & Agile Security

The following post is in German as it is covering an Event with German as the main language.

INSIGHT SUMMIT 2017 präsent DevOps, Continuous Deployment & Agile Security

Inspiriert durch die erfolgreichen Round Table Session der TROOPERS freuen wir uns Ihnen heute mit dem AgileSecurity Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.

Die Veranstaltung beginnt am Morgen mit einer Keynote, gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus der Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round Table Sessions teilnehmen (jeder Teilnehmer kann an beiden Sessions teilnehmen). In den Round Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert.

Was Sie erwartet:

  • Eröffnungsvortrag von Florian Barth (Stocard)
  • Fallstudien & Vorträge
  • 2 Round Table Diskussionen


09:00- Opening Remarks
09:15- DevOps Best Practices
10:00- DevOops: Security Fails in the DevOps World
10:45- Kaffeepause
11:00- Case Study
11:45- Integrating Security into Continuous Deployment
12:30- Mittagspause
13:30- Round Table Session
15:00- Kaffeepause
15:30- Round Table Session
17:00- Closing Remarks
17:15- Offizielles Ende

Break Out Sessions:

  • Organisatorische Herausforderungen und Möglichkeiten von DevOps und Continuous Integration/Deployment unter Sicherheitsaspekten
  • Technische Sicherheitsaspekte typischer Technologien der modernen agilen Software-Entwicklung

Gerne lassen wir Ihnen weitere Informationen zukommen oder nehmen Ihre Anmeldung unter entgegen. (Link zu vollständigem Flyer)

Continue reading

Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS

Given the CfP for Black Hat US in Vegas ends in a few days – and as apparently some people have already started to think about their TR18 submissions – I’ll quickly provide some loose recommendations on how to write a submission here. There’s quite some reasonable advice out there already (the BH CfP site lists this and this which you should both read as well) but some of you might find it useful to get (yet) another perspective. Continue reading “Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS”

Continue reading

CSA Summit CEE and BSides Ljubljana 2017

At the end of last week I had the pleasure to visit the CSA Summit CEE and the Bsides Event in Ljubljana.

At CSA, I was talking about hypervisors, breakouts and an overview of security measures to protect the host. (Slides)
This ranged from the basic features some hypervisors provide out of the box to advanced features like SELinux, device domain models and XSM-FLASK. Continue reading “CSA Summit CEE and BSides Ljubljana 2017”

Continue reading

Troopers17 GSM Network – How about your own SMPP Service?

The event of the events is getting closer and again, we are very optimistic to have a lot of awesome trainings, talks, evening events, and discussions. But we again will also have some “features” and gimmicks for those of you who would like to play with new, old, or just interesting technologies. As you might remember, since some years one of these features is and again will be our own GSM Network. As we are improving our setup from year to year, this time we’d like to give you the chance to actively participate with ideas and your own services. Continue reading “Troopers17 GSM Network – How about your own SMPP Service?”

Continue reading

33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?

This was one of the few technical talks at 33c3 I managed to see, by that I mean live-stream during an access control shift, by Clémentine Maurice and Moritz Lipp.

The talk gave an overview of some already known possible information leaks by abusing certain x86 instructions(the same concept applies to ARM too though) and demonstrating the various ways an attacker could use them. Continue reading “33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?”

Continue reading

ERNW at 33C3 – Part 1

This is part 1 of our report series on interesting talks of the 33rd Congress of the Chaos Computer Club. Every year the congress attracts hundreds (up to twelve thousand this year) of technical interested people with the opportunity to socialize and exchange knowledge with each other. The congress is organized by the European largest hacker association and speakers give talks about technical and societal issues like surveillance, privacy, freedom of information, data security and various more.

Talks in this part deal with CCC at schools, Wi-Fi security and the security of the N26 banking app.

Continue reading “ERNW at 33C3 – Part 1”

Continue reading