Events
by Aleksandar Milenkoski

TROOPERS20 Training Teaser: Insight Into Windows Internals

Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables:

  • in-depth studies of undocumented, or poorly documented, system functionalities;
  • development of performant and compatible software to monitor or extend the activities of the operating system itself; and
  • analysis of security-related issues, such as persistent malware.

Continue reading “TROOPERS20 Training Teaser: Insight Into Windows Internals”

Continue reading
Events
by Jan Harrie

DevSecCon19 London – How to Secure OpenShift Environments and What Happens If You Don´t

This week I was at DevSecCon in London to present my current research on Red Hat OpenShift. In this talk, I gave a brief introduction to OpenShift, demonstrated some threats that exist for such environments, and dived into different configuration issues that may affect the security of OpenShift environments. The implications of misconfigurations of such an environment have been shown in live demos.

Continue reading “DevSecCon19 London – How to Secure OpenShift Environments and What Happens If You Don´t”

Continue reading
Events
by Sven Nobis

TROOPERS20 Training Teaser: Hacking 101

Hi there,
like in recent years the popular Hacking 101 workshop will take place on TROOPERS20, too! The workshop will give you an insight into the hacking techniques required for penetration testing. These techniques will cover various topics:

  • Information gathering
  • Network scanning
  • Web application hacking
  • Low-level exploitation

…and more!

Continue reading “TROOPERS20 Training Teaser: Hacking 101”

Continue reading
Events
by Rachelle Boissard

TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation

We are happy to announce that TROOPERS20 will feature the 5th anniversary of the popular Windows & Linux Binary Exploitation workshop!

In this workshop, attendees will learn how to exploit those nasty stack-based buffer overflow vulnerabilities by applying the theoretical methods taught in this course to hands-on exercises. Exercises will be performed for real world (32-bit) software such as the Foxit Reader Plugin for Firefox, Wireshark, and nginx.

Continue reading “TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation”

Continue reading
Misc
by Frank Block

Dissection of an Incident – Part 2

After our last blogpost regarding Emotet and several other Emotet and Ransomware samples that we encountered, we recently stumbled across a variant belonging to the Gozi, ISFB, Dreambot respectively Ursnif family. In this blogpost, we want to share our insights from the analysis of this malware, whose malware family is mainly known for being a banking trojan that typically tries to infect browser sessions and sniff/redirect data. In particular, we are going to provide details about the first stage Word Document, the embedded JavaScript/XSL document, an in-depth runtime analysis of the downloaded executable, and some details regarding detection.

Also, with this blog post, we are releasing a Rekall plugin called pointerdetector that enumerates all exported functions from all DLLs and searches the memory for any pointer to them (essentially a search for dynamically resolved APIs). This plugin can assist in identifying dynamically resolved APIs and especially memory regions containing DLLs loaded with techniques such as reflective DLL injection. This blog post will contain some examples illustrating the usage of this plugin, as well.

If you are interested in a hands-on analysis of Incidents and malicious files, we are giving another round of our Incident Analysis workshop at Troopers20.

Continue reading “Dissection of an Incident – Part 2”

Continue reading
Misc
by Aleksandar Milenkoski

Windows Insight: Code integrity and WDAC

The Windows Insight repository now hosts three articles on Windows code integrity and WDAC (Windows Defender Application Control):

  • Device Guard Image Integrity: Architecture Overview (Aleksandar Milenkoski, Dominik Phillips): In this work, we present the high-level architecture of the code integrity mechanism implemented as part of Windows 10.
  • Windows Defender Application Control: Initialization (Dominik Phillips, Aleksandar Milenkoski): This work describes the process for initializing WDAC performed by the Windows loader and the kernel when Windows 10 is booted.
  • Windows Defender Application Control: Image verification (Aleksandar Milenkoski): This work discusses the workflow of WDAC for verifying images.

– Aleksandar Milenkoski

Continue reading
Events
by Rachelle Boissard

Medical Device Security Summit 2019, 19th of November of 2019

*This event will be held in German*

Inspiriert durch die erfolgreichen Round-Table-Diskussionen der TROOPERS-Konferenz freuen wir uns, Ihnen heute mit dem Medical Device Security Summit 2019, eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.

Continue reading “Medical Device Security Summit 2019, 19th of November of 2019”

Continue reading