Misc

A little KeePass Mea Culpa…

Some weeks ago, I tweeted about grabbing clipboard content from KeePass with some PowerShell. From some reactions to this tweet, and after reading it a couple of times again, I realize it was sending the wrong message, and I would like to take a bit more than 280 chars to clarify what I meant when I posted that tweet…

TLDR: Password managers are a must, not using one exposes you to far more risks than using one. Do it.  Continue reading “A little KeePass Mea Culpa…”

Continue reading
Misc

Security Advisory for VMware vRealize Automation Center

During a recent customer project we identified several vulnerabilities in the VMware vRealize Automation Center such as a DOM-based cross-site scripting and a missing renewal of session tokens during the login. The vulnerabilities have been disclosed to VMware on November 20th, 2017. A security advisory for the vulnerabilities has been made available here on April 12th, 2018. Continue reading “Security Advisory for VMware vRealize Automation Center”

Continue reading
Misc

White Paper on Incident Analysis and Forensics in Docker Environments

In this article, we describe the impact of the increased use of Docker in corporate environments on forensic investigations and incident analysis. Even though Docker is being used more and more (Portworx, Inc., 2017), the implications of the changed runtime environment for forensic processes and tools have barely been considered. We describe the technological basics of Docker and, based on them, outline the differences that occur with respect to digital evidence and previously used methods for evidence acquisition. Specifically, we look at digital evidence within a Docker container which are lost or need to be acquired in different ways compared to a classical virtual machine, and what new traces and opportunities arise from Docker itself.

Continue reading “White Paper on Incident Analysis and Forensics in Docker Environments”

Continue reading
Misc

An Update of PenTesting Tools that (do not) Support IPv6

As you may remember, back in 2014 we published a whitepaper (compiled by Antonis Atlasis) on the support of IPv6 in different pentesting tools. This is almost three years ago and we thought it is time for an update. In short not much has changed. Most of the tools which didn’t support IPv6 are still not supporting it or haven’t got any update since then.
This post will  cover the tools where we could identify some progress on supporting IPv6.

Continue reading “An Update of PenTesting Tools that (do not) Support IPv6”

Continue reading
Misc

Local Packet Filtering with IPv6

Just recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).

Continue reading “Local Packet Filtering with IPv6”

Continue reading