Misc – Page 9 – Insinuator.net

Misc

February 14, 2018 by Niki Vonderwell

White Paper on Incident Analysis and Forensics in Docker Environments

In this article, we describe the impact of the increased use of Docker in corporate environments on forensic investigations and incident analysis. Even though Docker is being used more and more (Portworx, Inc., 2017), the implications of the changed runtime environment for forensic processes and tools have barely been considered. We describe the technological basics of Docker and, based on them, outline the differences that occur with respect to digital evidence and previously used methods for evidence acquisition. Specifically, we look at digital evidence within a Docker container which are lost or need to be acquired in different ways compared to a classical virtual machine, and what new traces and opportunities arise from Docker itself.

Continue reading “White Paper on Incident Analysis and Forensics in Docker Environments”

Misc

January 29, 2018 by Florian Gattermeier

White Paper on Multi-Factor Authentication in Microsoft Windows Environments

A new ERNW whitepaper was just published. I wrote this whitepaper in the course of my bachelor thesis and it examines multi-factor authentication in Microsoft Windows environments: Continue reading “White Paper on Multi-Factor Authentication in Microsoft Windows Environments”

Misc

October 26, 2017 by Timo Schmid

Interacting with the BlueCoat Filesystem

the last post was about a fuse filesystem which provides a read-only access to the proprietary bluecoat filesystem. After some further investigations based on the possibilities this offered us, I started to implement a tool which allows to modify parts of the filesystem.

Continue reading “Interacting with the BlueCoat Filesystem”

Misc

October 9, 2017 by Enno Rey

Position Paper on an Enterprise Organization’s IPv6 Address Strategy

A while ago I wrote a short paper laying out options for an enterprise organization to get global IPv6 address space from the RIPE NCC, discussing the advantages and disadvantages of different approaches. As I think the topic may be of interest for others, too, I’ve distilled an anonymized version. It can be found here. I hope some of you find it useful.

Cheers, Enno

Misc

September 19, 2017 by Rafael Schaefer

An Update of PenTesting Tools that (do not) Support IPv6

As you may remember, back in 2014 we published a whitepaper (compiled by Antonis Atlasis) on the support of IPv6 in different pentesting tools. This is almost three years ago and we thought it is time for an update. In short not much has changed. Most of the tools which didn’t support IPv6 are still not supporting it or haven’t got any update since then.
This post will cover the tools where we could identify some progress on supporting IPv6.

Continue reading “An Update of PenTesting Tools that (do not) Support IPv6”

Misc

July 6, 2017 by Enno Rey

Local Packet Filtering with IPv6

Just recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).

Continue reading “Local Packet Filtering with IPv6”

Misc

June 23, 2017 by Jacky Hammer

Testing RFC 6980 Implementations of FreeBSD

Following Enno’s research on “Testing RFC 6980 Implementations with Chiron“, we decided to redo the experiment with FreeBSD targets.

Continue reading “Testing RFC 6980 Implementations of FreeBSD”

Misc

May 22, 2017 by Niklaus Schiess

6th No-Spy Conference

Last friday Florian and me attended the 6th No-Spy Conference in Stuttgart, Germany. We gave a talk about surveillance and censorship on modern devices in North Korea and discussed various aspects with the attendees. The atmosphere was very welcoming and we had some nice discussions about various topics which allowed us to better clarify some things. The slides are available here.

Thanks to the organizers for having us!

Misc

May 12, 2017 by Enno Rey

RIPE74 / Why IPv6 Security Is So Hard

I’m on my way back from the RIPE74 meeting in Budapest. It was a great event: quite a few nice technical talks in the plenary, productive working group meetings and some really good hallway discussions.
Big thanks to the RIPE NCC team for the smooth organization and for taking care of us!

Continue reading “RIPE74 / Why IPv6 Security Is So Hard”