Bold Statements
Hey!
I attended this really nice conference in Slovenia on April 16th. It was a smaller conference, but very memorable for the people (students, IT sec professionals and managers alike) who attended.
I also had the pleasure to present on How secure am I with EMET? and Evaluating the APT armor and wanted to share the slides with you — feel free to approach me for any kind of feedback or discussion.
I’m looking forward to go to Ljubljana again! 😉
Greetings,
Benedikt
A while a go Dominik and I gave an introductory presentation about SSL at the BASTA.NET conference, a developer-oriented event held in Darmstadt twice a year. At that time there were quite some enthusiastic participants but recently we’ve also gotten some inquiries asking for the relevant materials. Although there’s no recording of the session, we’ve decided to put the slides here for those interested who didn’t make it to the talk.
“Who should have a look at the slides?” you ask, well, if you’ve been wanting to get a sense for what the idea behind SSL is, where it is used, how it is usually leveraged and what problems could arise when poorly employed, you will certainly find the slide-deck interesting. Although the session was meant to slowly get participants up to speed in matters SSL, it’s still likely that more informed folks will still find it interesting, even if just as a refresher about key and certificate formats, PKI 101, SSL stripping, secure cookies, and other topics.
Without further, here’s slide deck.
For the hungry, here are some other interesting resources we suggested to attendees willing to go a bit deeper on the topic after the talk.
– OWASP – SSL für Alle
– OWASP – Transport Layer Protection Cheat Sheet
– Mozilla – Server Side TLS
For those attending to the BASTA.NET next autumm, we’re looking forward to meeting you. But for the time being, that’s going to be pretty much it.
Thanks for reading and let us know what you think.
Continue reading
This year’s PacketWars contest at Troopers was a blast! Under the topic of “Connected Car” the teams faced several different challenges, which we will describe (as a debriefing) here.
Continue reading “Troopers PacketWars 2015 – Write Up”
Continue readingThis is a guest post from Fernando Gont.
On March 16th, 2015, at the Troopers IPv6 Security Summit, we finally released the SI6 Networks’ IPv6 Toolkit v2.0 (Guille). The aforementioned release is now available at the SI6 IPv6 Toolkit homepage. It is the result of over a year of work, and includes improvements in the following areas:
Continue readingAs TROOPERS15 has come to an end, I’ve finally got the time and energy to give you a deeper insight into the TR15 badge. As most of you have probably heard during the conference, this year’s badge was based on the OpenPCD2. The OpenPCD 2 is a 13.56MHz NFC Reader, Writer and Emulator under the GNU GPL v2. As NFC is, yet again, on an uprise, a badge with NFC simply gives you the chance to fiddle around and hack stacks of stuff in the real world. Adding some TROOPERS spirit and a few little secrets we hope we’ve designed a pretty nice badge!
Continue reading “Troopers 15 Badge”
Last week Matthias and I went to Singapore to teach our workshop on Hypervisor Exploitation at SyScan. After a very unpleasant Lufthansa strike (which made us arrive late in Singapore) and two intense workshop days, we were free to attend the “last” SyScan. There are few IT security conferences that have such a great reputation in the community and so we had high expectations, which were definitely not disappointed. This year had a lot of really interesting talks so I will just summarize some of the ones I liked the most.
Continue reading “Syscan 2015”
Continue readingWe’ve just published the videos from TROOPERS15. The playlist can be found here.
Thanks! again to everybody for joining us in Heidelberg. We had a great time with you 😉
Have a good weekend,
Enno
Continue reading
Additionally to Wifi, Troopers is also offering a GSM network.
If you want to use it, simply ask your phone to scan for available mobile networks. There you should see the usual T-Mobile D, Vodafone.de, E-Plus, O2-de operators, but also the unusual D 23 or 262 23. Just select this one, and your are done. You also can use the Troopers SIMs which you get on the welcome desk on the ground floor.
Continue reading “GSM@Troopers”
Continue readingAdmitted, we’re a bit late this time, but here we go with the agenda of this year’s TelcoSecDay.
Given the high number of quality contributions overall there’s more talks than in the previous years and we’ll hence start more early (and finish later 🙂 ), so please plan accordingly.
This is the agenda, details for the invididual talks can be found in the respective links:
8:30-9:00 Opening & Intro
9:00-9:45 Luca Bruno: Through the Looking-Glass, and What Eve Found There
9:45-10:30 Dieter Spaar: How to Assess M2M Communication from an Attacker’s Perspective
Break
11:00-11:45 Tobias Engel: Securing the SS7 Interconnect
11:45-12:30 Ravishankar Borgaonkar: TelcoSecurity Mirage: 1G to 5G
12:30-13:00 Hendrik Schmidt: Security Aspects of VoLTE
Lunch
14:00-14:45 Rob Kuiters: On her majesty’s secret service – GRX and a Spy Agency
14:45-15:30 “Watching the Watchers”
Break
16:00-16:45 Markus Vervier: Borrowing Mobile Network Identities – Just Because We Can
16:45-17:15 Shahar Tal: I hunt TR-069 admins – CWMP Insecurity
Refreshment
17:30-18:00 Sébastien Roche (Orange): tba
19:30 Dinner (it will be hosted by us, location & details will be provided during workshop and from @WEareTROOPERS).
See you all there, have a safe trip everybody
Enno
Continue reading
This is a guest post from Antonios Atlasis.
Last year, during the IPv6 Security Summit of Troopers 14 I had the pleasure to present publicly, for first time, my IPv6 Penetration Testing / Security Assessment framework called Chiron, while later, it was also presented at Brucon 14 as part of the 5×5 project. This year, I am returning back to the place where it all started, to the beautiful city of Heidelberg to give another workshop about Chiron at the IPv6 Security Summit of Troopers 15. But, is it just another workshop with the known Chiron features or has something changed?
I would say a lot :). The most significant enhancements are described below.
Continue reading “A Chiron Workshop at the IPv6 Security Summit of Troopers 15”
Continue reading