Misc – Page 7 – Insinuator.net

Misc

May 27, 2019 by Aleksandar Milenkoski

Windows Insight: The TPM

The Windows Insight repository currently hosts three articles on the TPM (Trusted Platform Module):

The TPM: Communication Interfaces (Aleksandar Milenkoski): In this work, we discuss how the different components of the Windows 10 operating system deployed in user-land and in kernel-land, use the TPM. We focus on the communication interfaces between Windows 10 and the TPM. In addition, we discuss the construction of TPM usage profiles, that is, information on system entities communicating with the TPM as well as on communication patterns and frequencies;
The TPM: Integrity Measurement (Aleksandar Milenkoski): In this work, we discuss the integrity measurement mechanism of Windows 10 and the role that the TPM plays
as part of it. This mechanism, among other things, implements the production of measurement data. This involves calculation of hashes of relevant executable files or of code sequences at every system startup. It also involves the storage of these hashes and relevant related data in log files for later analysis;

Continue reading “Windows Insight: The TPM”

Misc

May 26, 2019 by Enno Rey

This week Chris and I participated in the RIPE 78 meeting in Reykjavík. Being part of the group was fun as always and we had quite some interesting conversations with peers from (not only) the IPv6 community.
Big thanks to the RIPE NCC team for the smooth organization and for taking care of us!

In this post I’ll provide some notes on talks I found particularly interesting, plus links to our own contributions.

Continue reading “The Week in Review #RIPE78”

Misc

May 23, 2019 by Aleksandar Milenkoski

Windows Insight: A New ERNW Repository

We are glad to announce the Windows Insight repository. The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.

Some of the content of this repository has been created in the course of a project named ‘Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10 (SiSyPHuS Win10)’ (ger.) – ‘Study of system design, logging, hardening, and security functions in Windows 10’ (eng.). This project has been contracted by the German Federal Office for Information Security (ger., Bundesamt für Sicherheit in der Informationstechnik – BSI). The work planned as part of the project is conducted by ERNW GmbH, starting in May 2017.

Continue reading “Windows Insight: A New ERNW Repository”

Misc

May 17, 2019 by Enno Rey

IPv6 Security for Enterprise Organisations @ #RIPE78

Chris and I will give a tutorial on the above topic at next week’s RIPE Meeting in Reykjavík. In this post (actually this will probably become a small series of posts) I’ll try to summarize some thoughts on IPv6 security in enterprise environments in 2019.

Continue reading “IPv6 Security for Enterprise Organisations @ #RIPE78”

Misc

May 13, 2019 by Aleksandar Milenkoski

Heise Security Tour: Offensive PowerShell

Dominik Phillips and I are taking part in a tour organized by Heise Security – the Heise Security Tour. We give a talk titled “PowerShell: Attack under the radar”. In this talk, we provide an overview of the architecture of PowerShell and show how attackers may use PowerShell for malicious purposes. We demonstrate PowerShell post-exploitation activities implemented as part of publicly available frameworks, such as Empire. We also discuss a security concept for defending against such activities.

You can find the slides of our talk here (in German).

– Aleksandar Milenkoski

Misc

May 2, 2019 by Oliver Matula

Security Advisory for Cisco Nexus 9000 Series Fabric Switches in ACI mode

Yesterday, Cisco released a number of security advisories. Three of the advisories originated from research performed by us for the Cisco Nexus 9000 Series Fabric Switches / Cisco Application Centric Infrastructure (ACI). Continue reading “Security Advisory for Cisco Nexus 9000 Series Fabric Switches in ACI mode”

Misc

April 15, 2019 by Florian Kiersch

MDMs – The Mobile Device “Magic” Solutions – Expectations and Reality

When you are working in the area of mobile security, you sooner or later receive requests from clients asking you to test specific ‘Mobile Device Management’ (MDM) solutions which they (plan to) use, the corresponding mobile apps, as well as different environment setups and device policy sets.
The expectations are often high, not only for the MDM solutions ability to massively reduce the administrative workload of keeping track, updating and managing the often hundreds or thousands of devices within a company but also regarding the improvements towards the level of security that an MDM solution is regularly advertised to provide.

With this very blog post you are reading and a small series of future blog posts, I would like to provide some insight from my day-to-day practical experience with some of the most often used MDM solutions from a testers perspective.

Continue reading “MDMs – The Mobile Device “Magic” Solutions – Expectations and Reality”

Misc

February 22, 2019 by Enno Rey

IPv6 Address Management / The “External” Flag

We’re regularly asked to review IPv6 address plans from different organizations and I’d like to share some reflections from such a process currently happening. I’ve discussed a few aspects of IPv6 address planning before; those readers interested please see this post which contains some references.

Continue reading “IPv6 Address Management / The “External” Flag”

Misc

February 20, 2019 by Enno Rey

IPv6 Security in an IPv4-only Environment

Starting a post, in 2019, with a mention of sth being “IPv4-only” somewhat hurts ;-), but here we go. Recently Manel Rodero from Barcelona asked me the following question on Twitter:

Continue reading “IPv6 Security in an IPv4-only Environment”

Misc

February 3, 2019 by Enno Rey

Some Notes on the IPv6 Properties of the Wireless Network @ Cisco Live Europe

Some years ago Christopher wrote two posts (2016, 2015) about the IPv6-related characteristics of the WiFi network at Cisco Live Europe. To somewhat continue this tradition and for mere technical interest I had a look at some properties of this year’s setting.

Continue reading “Some Notes on the IPv6 Properties of the Wireless Network @ Cisco Live Europe”