As we promised some days ago when we published the first round, here we go with the second:
Continue reading “Troopers15 – Second Round of Talks Selected”
Continue readingBold Statements
As we promised some days ago when we published the first round, here we go with the second:
Continue reading “Troopers15 – Second Round of Talks Selected”
Continue readingWe’re delighted to provide the first announcement of talks of next year’s Troopers edition. Looks like it’s going to be a great event again .
Here we go:
Continue reading “Troopers15 – First Round of Talks Selected”
Continue readingI had the pleasure to participate in this year’s Power of Community and was invited to talk about the insecurity of medical devices. The conference is based in Seoul, Korea and started in 2006. It has a strong technical focus and it is a community driven event. For me it was great to participate as mostly hackers from Asia were there and I got the chance to talk to a lot of nice folks that I wouldn’t be able to meet otherwise. This is especially true for the host, vangelis.
Continue reading “Power of Community 2014”
Continue readingHello Everybody and greetings from Sao Paulo,
We’re currently enjoying the Brazilian sunshine, waiting for H2H2 11’s closing remarks and decided to give you a few details on the past three days. The conference was opened by a short welcome by our fellow Trooper Rodrigo Rubira Branco and stuffed with loads of great talks. This year’s keynotes came from Daniel J. Bernstein and Halvar Flake and gave yet another insight into the ever changing world of InfoSec. The international lineup also included Travis Goodspeed, Sergej Bratus and Fernando Gont. H2HC was a great chance for us to talk to various Hackers from around the world and share our opinions and knowledge. Continue reading “LTE vs. Darwin @ Hackers to Hackers Conference 11”
Hello everyone,
I know I am a bit late with this post, but I was speaking on the North American IPv6 Summit in Denver three weeks ago. The focus of my talk was on Why IPv6 Security is hard – Structural Deficits of IPv6 & Their Implications (slightly modified/updated from the Troopers IPv6 Security Summit). We consider the NA IPv6 Summit as one of the most important IPv6 events at all and we were happy to contribute to the overall success. The conference was organized for the 7th time by the Rocky Mountain IPv6 Task Force and took place in the Grand Hyatt Denver (37th floor ;-)). Luckily the weather was perfect, and the view of the landscape from the conference rooms was just amazing. I really enjoyed the time in Denver, as the organizer sdid all they could to treat the speaker well J. The talks were of mix of regular research or case-study type talks and some sponsored talks ranging from deployment experience, security and statistics to SDN (Yes, I said it ;)) and the Internet of Things (I said it again ;)). The line-up was nicely put together.
Continue reading “North American IPv6 Summit 2014”
Continue readingThis is a guest post by Antonios Atlasis.
This week I had the pleasure to attend BruCON 2014. While participating at the Brucon 5×5 program, I had also the chance to attend this well-known European Con which is held in the beautiful city of Ghent.
Continue reading ““Hacking for a B33r” at Ghent”
Continue readingInformation security conferences are known to be attended because of several reasons. For some it’s the technical content, for others the networking potential and for some others simply meeting old friends. Pinpointing our motives is clearly a challenging task, but the following wrap-up ought to share our personal highlights of the week we spent visiting Black Hat USA 2014 and DEFCON 22 in Las Vegas.
Continue reading “Wrap-Up: A Memorable Week at Black Hat and DEFCON in Las Vegas”
Continue readingLast week we had the opportunity and pleasure to present some of our research results at BlackHat US 2014 (besides of meeting a lot of old friends and having a great researchers’ dinner).
Enno and Antonios gave their presentation on IDPS evasion by IPv6 Extension Headers, described here.
The material can be found here: Slides, tools (the main tool used was Chiron, authored by Antonios) & whitepaper.
Ayhan and me presented our results of the security analysis of Cisco’s EnergyWise protocol. The protocol enables network-wide power monitoring and control (ie turning servers off or on, putting phones to standby — basically controlling the power state of all EnergyWise-enabled or PoE devices). The main problem (besides a DoS vulnerability we found in IOS, see official Cisco advisory) is its PSK-based authentication model, which enables an attacker to cause large-scale blackouts in data centers if the deployment is lacking certain controls (for example our good old favorite, segmentation…). There will be a longer blogpost/newsletter on this topic soon.
The material can be found here: Slides & tools
Best,
Matthias
Continue reading
Past month we (which is me and a group of other ERNW students, supported by some of the “old” guys — I hope my team lead won’t yell at me for this 😉 ) attended the Haxpo and Hack in the Box in Amsterdam. Starting from 28. May, we had three days at this great conference (HITB) and exposition (Haxpo). The two events took place in the former building of the stock exchange in Amsterdam, called: “Beurs van Berlage”. Upon entering the building for the first time we were given details on where our booth was and where the talks would take place — setting up our booth and planning the shifts was just another thing to do before exploring the Haxpo area:
Continue reading “HackInTheBox and Haxpo – 2014”
Continue readingGreetings from Heidelberg to Paris,
and thanks for a great time at HES14! A nice venue (a museum), sweet talks and stacks of spirit carried us through the three day con. It all set off with a keynote byTROOPERs veteran Edmond ‘bigezy’ Rogers, who stuck to a quite simple principle: “People do stupid things” and I guess every single one of you has quite a few examples for that on offer. Next to every speaker referenced that statement at some point during her/his talk. Furthermore we presented an updated version of our talk LTE vs. Darwin, covering our research of security in LTE networks and potential upcoming problems.
For those who missed HES2014, we prepared a short summary of some of the talks that inspired us.
Continue reading “Hackito Ergo Sum 2014”
Continue reading