Misc – Page 2 – Insinuator.net

Misc

June 21, 2023 by Matthias Hamann

The DRACO Stream Cipher

In symmetric-key cryptography, we typically distinguish two types of encryption schemes: block ciphers and stream ciphers. Block ciphers divide a plaintext into blocks of a fixed size (e.g., 64 or 128 bits) and encrypt one such block of data as a whole. Stream ciphers, on the other hand, consider the plaintext as a continuous stream of data. The stream cipher maintains an internal state and in each step it outputs one bit or several bits and updates its internal state. The output bit stream is then combined with the plaintext, usually using the XOR operation. One advantage of stream ciphers is that their resource requirements are lower than those of block ciphers in many application scenarios. This makes them particularly useful in lightweight cryptography targeting resource constrained devices such as low-cost RFID tags.

In this blog post, we provide an overview over current developments in this area and introduce our new lightweight stream cipher DRACO, which was developed in cooperation with the Universität Mannheim (Alexander Moch, Matthias Krause) and the Universität Siegen (Vasily Mikhalev) and has recently been presented at FSE 2023 in Kobe, Japan.

Continue reading “The DRACO Stream Cipher”

Misc

May 25, 2023 by Florian Bausch

IMF Conference 2023 in Munich

The IMF Conference is the International Conference on IT Security Incident Management & IT Forensics. This year it took place from May 23 to 24 in Munich. The schedule lists a lot of interesting talks. One of the talks was my presentation on a paper about Ceph forensics, based on my Master Thesis:

Continue reading “IMF Conference 2023 in Munich”

Misc

May 5, 2023 by Friedwart Kuhn

AD /Azure Security Track on Troopers 23

Hi!

We’re excited to announce the nearly complete composition of the Active Directory & Azure Security Track on Troopers 23 with fantastic speakers!

Here we go:

“Dumping NTHashes from Azure AD”
(Nestori Syynimaa)

“Hidden Pathways: Exploring the Anatomy of ACL-Based Active Directory Attacks and Building Strong Defenses”
(Jonas Bülow Knudsen, Alexander Schmitt)

“Priority for Effective Action – A Practical Model for quantifying the Risk of Active Directory Attacks”
(Mars Cheng, Dexter Chen)

“(Windows) Hello from the other side” (Dirk-jan Mollema)

“The Power of Coercion Techniques in Windows Environments”
(Martin Grottenthaler)

Stay tuned for regularly updated info about Troopers 23 conference.

Cheers,

Friedwart.

Misc

May 4, 2023 by Julian Suleder

Hack In The Box Security Conference 2023 @ Amsterdam – Summary

In this blog post, we are sharing summaries of talks from the Hack in the Box Conference in Amsterdam (HITBSecConf2023), the final HITB conference in Amsterdam. Before we do that, however, we would like to extend a heartfelt thank you to the organizers of the conference for putting together such an insightful and engaging event.

Continue reading “Hack In The Box Security Conference 2023 @ Amsterdam – Summary”

Misc

December 16, 2022 by Florian Grunow

Hilarious Buffer Overflow Mitigation and TCL Injection in CheckPoint Gaia Portal

Hey there,

I am going to disclose two bug classes I found a while ago in CheckPoint R77.30: Two buffer overflows in the username (no shit) and HTTP method of a request to the administrative UI pre-auth and some interesting injections into the TCL web interface.

Continue reading “Hilarious Buffer Overflow Mitigation and TCL Injection in CheckPoint Gaia Portal”

Misc

September 7, 2022 by Ahmad Abolhadid

Spymax: The android RAT and it works like that….

Spymax is a mobile Remote Administration Tool (RAT) that enables an attacker to control victims’ devices through an Android malware. Once the malware is installed on a phone, the attacker can execute many attacks that highly impact the confidentiality and integrity of the victim’s data, as well as the victim’s privacy. It is powerful, widely available, and does not require root privileges on the victim’s device. In this blogpost, I show the capabilities of this RAT and analyze how its Android malware works.

Continue reading “Spymax: The android RAT and it works like that….”

Misc

August 10, 2022 by Fabian Ullrich

Whitepaper Endpoint Management & Monitoring Solutions Released

Over the course of the last 2 years we performed vulnerability research on several Endpoint Management & Monitoring Solutions. The results were already partially presented in security advisories which were published on this blog during the last two years. The advisories can be found here:

We also recently presented the results on Troopers 2022. Now the results have been published in a more in-depth manner in the form of a technical whitepaper. The whitepaper can be found here.

Breaking, Misc

June 9, 2022 by Fabian Ullrich

Security Advisories for Broadcom Automic Automation (UC4)

Updated on 20.06.22 with CVEs and link to Broadcom Security Notice.

In April 2021 we reported seven vulnerabilities in Broadcom Automic Automation (UC4) 12.3.5+hf.3. CVE IDs were assigned on 16.06.22, the corresponding Broadcom Security Notice can be found here.

The vulnerabilities have been found in the course of a research project, in which we analyzed the security of multiple Endpoint Management solutions. Similar vulnerabilities have been found in other solutions as we pointed out in previous posts about the Ivanti DSM Suite, Nagios XI, and Solarwinds N-Central. The outcome of the research project will be published as a whitepaper and a conference talk at Troopers 2022.

In this blog post we will provide a short description of the vulnerabilities outlining the impact. More technical details will be published in the whitepaper and conference talk. All vulnerabilities were found in Broadcom Automic Automation (UC4) version 12.3.5+hf.3.

Continue reading “Security Advisories for Broadcom Automic Automation (UC4)”

Misc

April 1, 2022 by Malte Heinzelmann

Solving client-side controls once and for all

Missing server-side validation consistently scores a place in the OWASP Top 10. Browsers nowadays offer a lot of ways to easily implement client-side controls, increasing the usability by a lot. They automatically detect missing fields or invalid characters in your input fields and may even validate user input against a regular expressions.

However, these controls should only be considered as usability features. When sending data to a back-end system the application must always ensure data integrity by implementing encodings, validations and filters. Even for small applications this is a painful and tedious process. For each possible input, developers together with security experts have to carefully identify the context of each field, how the input is going to be used and what data requirements are present.

Furthermore, the application must always be aware of the current data encoding and apply the correct decoding before validating or filtering anything.

In this post we are going to present a new groundbreaking solution to combat missing server-side validation once and for all.

Continue reading “Solving client-side controls once and for all”

Misc

March 24, 2022 by Oliver Matula

A Tale of an OFTP2 Vulnerability

This is a guest post from Thomas Smits.

A long time ago in a galaxy far, far away….

In my ordinary life, I teach computer science at the University of Applied Sciences in Mannheim but for some months, I was an intern at ERNW learning a lot about IT security and penetration testing. One of these learnings is that old protocols can be fun and breaking them even more. But let’s start at the beginning of the story…

Back in the year 1986: Top Gun, Platoon, and Crocodile Dundee were the top-grossing films in the cinema and IBM sold the very first laptop computer, called IBM PC Convertible (model 5140). The Internet Engineering Task Force (IETF) was just founded and Boris Becker won the Wimbledon Championships for the second time. A group of engineers of the Organisation for Data Exchange by Tele Transmission in Europe (ODETTE) met and specified OFTP, a protocol to transfer files over … no, there was no Internet commercially available at that time … X.25 networks. X.25 itself dates back to 1976 and is a packet-switched protocol for WANs. The OFTP protocol tried to “address the electronic data interchange (EDI) requirements of the European automotive industry” RFC2204, page 3. With the rise of the Internet, OFTP was extended in 1997 to support TCP/IP in addition to X.25 as the transport protocol (RFC2204) and in 2007 again to include encryption and authentication (RFC5024). With RFC5024 we have the most recent specification of the protocol which is called “OFTP2”. They somehow skipped their 10-year cycle (86, 97, 07) and did not release a current specification in the last 14 years.

Continue reading “A Tale of an OFTP2 Vulnerability”