Events

Docker Security & (Sec) DevOps Training July 19-20th

The following post is in German as it is covering a Training with German as the main language.


Professionelles Training im Workshop Character:
Docker, Microservices, Kubernetes, DevOps, Continuous
Integration/Deployment/Delivery (CI/CD), Container – moderne
Entwicklungsprozesse kommen nicht mehr ohne diese Begriffe aus. In diesem Kurs
lernen Sie die Security Grundlagen um diese Dinge zu beherschen.

Docker Security & (Sec) DevOps Training:
Im Training werden unter Anderem die folgenden Fragestellungen behandelt:

  • Wie stark/zuverlässig sind die Isolationsmechanismen hinter Docker/Linux/Betriebssystem-Containern?
  • Wie beeinflussen Container typische Applikations- und Netzwerk-Landschaften?
  • Wie beeinflussen die CI/CD/Microservice Paradigmen traditionelle Entwicklungsprozesse?
  • Wie sieht eine typische CI/CD Pipeline aus?
  • Was sind potentielle Schnittstellen zwischen „Security“ und diesen Paradigmen?
  • Welche zusätzlichen Security-Herausforderungen ergeben sich aus der veränderten Entwicklungslandschaft und neuen Tool-Chains?

Continue reading “Docker Security & (Sec) DevOps Training July 19-20th”

Continue reading
Events

Active Directory Security & Secure Operations July 18, 2017

The following post is in German as it is covering an Event with German as the main language.


INSIGHT SUMMIT 2017 präsentiert Active Directory Security & Secure Operations

Inspiriert durch die erfolgreichen Round Table Sessions der TROOPERS freuen wir uns Ihnen heute mit dem Active Directory Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.
Die Veranstaltung beginnt am Morgen mit einer Hinführung zum Thema Active Directory Sicherheit gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus Wirtschaft und Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round Table Sessions teilnehmen (jeder Teilnehmer kann an beiden Sessions teilnehmen). In den Round Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert.

Continue reading “Active Directory Security & Secure Operations July 18, 2017”

Continue reading
Events

Looking back on RIPE 74

From May 8th to 12th I was able to attend the 74th RIPE meeting in Budapest, Hungary. Being rather new to the networking community, I enjoyed learning a lot of different things, not only from the various interesting talks but also from inspiring conversations with a variety of people from all areas during the beautiful social events.

As it was the first RIPE meeting for me, I was very thankful for the “Newcomer’s Introduction” on Monday morning, containing a RIPE and RIPE NCC 101. It was quite helpful to get into the mindset and understand the structure of the meeting, like the division into different working groups based on the participants’ interests. After familiarizing myself with the concept, I chose to attend several sessions on Address Policy, IPv6, Routing, Open Source, and DNS working groups besides the general plenary sessions. I’ll be reviewing those sessions here. Continue reading “Looking back on RIPE 74”

Continue reading
Events

Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS

Given the CfP for Black Hat US in Vegas ends in a few days – and as apparently some people have already started to think about their TR18 submissions – I’ll quickly provide some loose recommendations on how to write a submission here. There’s quite some reasonable advice out there already (the BH CfP site lists this and this which you should both read as well) but some of you might find it useful to get (yet) another perspective. Continue reading “Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS”

Continue reading
Events

CSA Summit CEE and BSides Ljubljana 2017

At the end of last week I had the pleasure to visit the CSA Summit CEE and the Bsides Event in Ljubljana.

At CSA, I was talking about hypervisors, breakouts and an overview of security measures to protect the host. (Slides)
This ranged from the basic features some hypervisors provide out of the box to advanced features like SELinux, device domain models and XSM-FLASK. Continue reading “CSA Summit CEE and BSides Ljubljana 2017”

Continue reading
Events

Troopers17 GSM Network – How about your own SMPP Service?

The event of the events is getting closer and again, we are very optimistic to have a lot of awesome trainings, talks, evening events, and discussions. But we again will also have some “features” and gimmicks for those of you who would like to play with new, old, or just interesting technologies. As you might remember, since some years one of these features is and again will be our own GSM Network. As we are improving our setup from year to year, this time we’d like to give you the chance to actively participate with ideas and your own services. Continue reading “Troopers17 GSM Network – How about your own SMPP Service?”

Continue reading
Events

33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?

This was one of the few technical talks at 33c3 I managed to see, by that I mean live-stream during an access control shift, by Clémentine Maurice and Moritz Lipp.

The talk gave an overview of some already known possible information leaks by abusing certain x86 instructions(the same concept applies to ARM too though) and demonstrating the various ways an attacker could use them. Continue reading “33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?”

Continue reading
Events

ERNW at 33C3 – Part 1

This is part 1 of our report series on interesting talks of the 33rd Congress of the Chaos Computer Club. Every year the congress attracts hundreds (up to twelve thousand this year) of technical interested people with the opportunity to socialize and exchange knowledge with each other. The congress is organized by the European largest hacker association and speakers give talks about technical and societal issues like surveillance, privacy, freedom of information, data security and various more.

Talks in this part deal with CCC at schools, Wi-Fi security and the security of the N26 banking app.

Continue reading “ERNW at 33C3 – Part 1”

Continue reading