Bold Statements
Hi there,
like in recent years the popular Hacking 101 workshop will take place on TROOPERS19, too! The workshop will give you an insight into the hacking techniques required for penetration testing. These techniques will cover various topics:
…and more!
Continue reading “TROOPERS19 Training Teaser: Hacking 101”
Continue readingOnce again Troopers will have its Windows & Linux Binary Exploitation workshop. Its main focus are the ever-present stack-based buffer overflows still found in software today (e.g. CVE-2018-5002, CVE-2018-1459, and CVE-2018-12897) and their differences with regard to exploitation on Windows and Linux systems. If you ever wanted to know the details of the exploit development process for these systems then this workshop is for you. Continue reading “TROOPERS19 Training Teaser: Windows & Linux Binary Exploitation”
Continue reading“Credential Theft” or “Credential Reuse” attack techniques are the biggest known threats to Active Directory environments. This can be attributed to significant advances in and broad distribution of attack and reconnaissance tools such as mimikatz or Bloodhound. This means that after the first system in an environment is compromised it often takes less than 48 hours for a complete compromise of an Active Directory but unfortunately typically 8 to 9 months until the attack is discovered. Continue reading “TROOPERS19 Training Teaser: Hardening Microsoft Environments”
Continue readingAt first a very happy new year to everybody!
While thinking about the agenda of the upcoming Troopers NGI IPv6 Track I realized that quite a lot of IPv6-related topics have been covered in the last years by various IPv6 practitioners (like my colleague Christopher Werny) or researchers (like my friend Antonios Atlasis). In a kind of shameless self plug I then decided to put together of list of IPv6 talks I myself gave at several occasions and of publications I (co-) authored. Please find this list below (sorted by years); you can click on the titles to access the respective documents/sources.
I hope some of this can be of help for one or the other among you in the course of your own IPv6 efforts.
Cheers,
Enno
Continue reading “IPv6 Talks & Publications”
Continue readingDue to the new release of macOS Mojave in September we updated the El Capitan hardening guide.
Continue reading “macOS Mojave Hardening Guide”
Continue readingIn the last couple of months we participated in an increasing count of customer projects following current trends of agile software development approaches and corresponding toolstacks. Especially the terms Continuous Integration and Continuous Delivery kept (and still keep) popping up on every corner. The frameworks and processes behind those two hypes aid developing software at higher quality in shorter release cycles. This is especially relevant since end consumers nowadays expect fast releases including the newest features. If companies neglect this demand, competitors might take advantage of their better time-to-market which might result in increased market share and -dominance. A lot of changes are happening in the space of CI/CD. Existing tools become more mature, gaining increased attention, and new ones are appearing every month including better ways of integrating them into existing or new processes. Companies benefit from more choices, increased flexibility, and faster integration into existing company policies.
Continue reading “Secure CI/CD Pipelines @Troopers ’19”
Continue readingHello fellow Troopers and Happy new Year!
35C3 is over, and the recordings are available so in case you did not have the chance or the time to watch the live streams during the holidays or overwhelmed with the number of talks, see in the following a list of recommended talks to fill your evenings or weekends. Apart from the broad coverage of topics in different areas (Ethics, Society & Politics, Hardware & Making, Resilience, Art and Culture, Security, Science, Resilience), foundation talks were aiming for the very basics following this year’s motto “Refreshing Memories.”
Continue reading “35C3: Refreshing Memories”
Continue readingDocker has become the go-to technology in enterprise- and DevOps contexts. Yet, before mastering a skill, there is the thumb rule: one must learn the basics to have solid fundament before building a house on top. Continue reading “Catching fire with Docker, DevOps & Security in Enterprise Environments”
Continue readingWe are going to have a Blackhoodie event at Troopers 2019 on March 18th and 19th in Heidelberg. With a very exciting event last year, we have decided to roll it once again during Troopers.
Continue reading “Blackhoodie at TROOPERS19”
Continue readingToday I am proud to announce that another paper of my former colleagues from Heilbronn University and me was published in one of the journals with the highest impact factor for Medical Informatics research called JMIR mHealth and uHealth. There is a reason why we published in this journal besides its informatics focus. The journal is an open access journal. That means that readers are not charged on a pay-per-view basis or other business models to access the full text of the paper. In return, the authors need to pay publication fees. In my opinion restricting access to academic research is not a way to go. I think this isn’t a thing we see in the security community often anyway. But this is and was the standard in academia for years.
Continue reading