Bold Statements
Tomorrow, I will join a meeting where I’m expected to contribute, amongst others, to a discussion on the impact of IPv6 on threat intelligence. To prepare for that I started putting together some thoughts & ideas on the topic, and I even thought I might share this in a post (the one you read right now ;-), not least to, maybe, stimulate a discussion.
Continue reading “IPv6 & Threat Intelligence”
Continue readingThe HITBSecConf or “Hack In The Box” in Amsterdam is a well known security conference in Europe. We also attended this year too, and there were quite some interesting talks at the HITBSecConf16 conference. One of the talks was about “New Methods for Exploiting ORM Injections in Java Applications” by the security researchers Mikhail Egorov and Sergey Soldatov.
Continue reading “New Methods for Exploiting ORM Injections in Java Applications (HITB16)”
Continue readingLast week we have visited the HITBSecConf16 – conference in Amsterdam.
There were many interesting talks, and in this post I am going to tell you about a talk held by Radu Caragea – “Telescope: Peering Into the Depths of TLS Traffic in Real-Time”.
Continue reading “Telescope – Peering Into the Depths of TLS Traffc in Real-Time (HITB16)”
In November 2014, after quite some controversy in the IETF OPSEC working group (for those interested look at the archives), the Informational RFC 7404 “Using Only Link-Local Addressing inside an IPv6 Network” was published. It is authored by Michael Behringer and Eric Vyncke and discusses the advantages & disadvantages of an approach using “only link-local addresses on infrastructure links between routers”.
Continue reading “The Beauty of IPv6 Link-Local Addressing. Not”
Continue readingTroopers16 has been over for quite a while now, but because sharing is caring, we would like to give you some more insight and share some gems that happened over the 2 days of us running a small/medium sized enterprise in mid-west Russia as part of the well received FishBowl side story.
Hell Yeah, show me
Once every few years I decide to head to Hannover and attend Hannover Messe, probably the largest industrial trade fair in Germany and apparently on of the most important in the world. As this year’s main topic was “Industrie 4.0” I simply could not resist to go out on a hunt for new and interesting (secure) smart connected magic! And trust me, I was not disappointed – here’s a few of my impressions.
Continue reading “A Trip to Hannover Messe”
Continue readingWhen it comes to SAP, Troopers has two events that are about Security in SAP Systems in particular. On the first day of the Troopers16 Trainings the BIZEC workshop takes place. The second event is a dedicated SAP track during the conference. Apart from these events there were of course a lot of nice folks to talk to (about SAP) 🙂 This post is a short overview about SAP security @ TROOPERS16.
Continue reading “SAP Security @ Troopers16”
Continue readingHi everyone,
I spent the last weeks traveling to Singapore and Miami to present my Xenpwn research about double fetch vulnerabilities in paravirtualized devices at Infiltrate and Syscan360. You can find my slides here. Both conferences had great organization, very technical talks and a cool audience. In the following I want to give a short recap of some of the talks I liked the most:
Continue reading “Infiltrate and Syscan 360”
Continue readingTROOPERS16 offered many different speakers from around the globe. Below are three different talks from the afternoon of Day 2’s Defense and Management Track. Continue reading “Defense & Management Day 2”
Continue readingThis is a short summary of selected talks (i.e. those that I found the most interesting of those I was able to personally attend) of the GI Sicherheit 2016.
First of all, congratulations to Dr. Fabian Yamaguchi, who received an award (the GI Promotionspreis) for his PhD thesis “Pattern-Based Vulnerability Discovery“!
His work presents an “approach for identifying vulnerabilities which combines techniques from static analysis, machine learning, and graph mining to augment the analyst’s abilities rather than trying to replace her” by identifying and highlighting patterns of potential vulnerabilities in source code.
Continue reading “Summary GI Sicherheit”