Insinuator.net – Page 17 – Bold Statements

December 3, 2018 by Michael Thumann

DirectoryRanger 1.1.0 Introduces Informational Audit Checks

With version 1.1.0 our tool DirectoryRanger introduces a new feature: informational audit checks. These checks do not have a severity rating because they are just “for your information” and the included information might or might not contain security issues, depending on other facts. But these checks can help to reduce your Active Directory attack surface by pointing you to some aspects which need your attention and at least require to be discussed and documented (and they might also imply governance measures like a risk acceptance).

Continue reading “DirectoryRanger 1.1.0 Introduces Informational Audit Checks”

Events

November 29, 2018 by Rachelle Boissard

First Talks of TROOPERS19 Accepted!

TROOPERS18 was the best year ever (did you check our archives?) and it will be challenging to do better… However, we accept the challenge!

The trainings and talks were from high quality and choices were difficult to make… We hope you will enjoy reading these little teasers!

Follow us on Twitter (@WEareTROOPERS) for more information and do not hesitate to use our hashtag #TR19 when you have questions or remarks about TROOPERS19!

With that being said, we are excited to introduce the first official five talks of TROOPERS19! Continue reading “First Talks of TROOPERS19 Accepted!”

Breaking

November 29, 2018 by Benjamin Schwendemann

On the insecurity of math.random and it’s siblings

During code reviews we often see developers using weak RNGs like math.random() to generate cryptographic secrets. We think it is commonly known that weak random number generators (RNG) must not be used for any kind of secret and recommend using secure alternatives. I explicitly did not state a specific language yet, because basically every language offers both weak and strong RNGs.

So I asked myself: What if I use a weak RNG to generate a secret? Is it possible to recover the secret from some derived value, like a hash?

Continue reading “On the insecurity of math.random and it’s siblings”

Breaking

November 23, 2018 by Florian Grunow

Plume Twitter Client URL Spoofing

It is possible to spoof the URLs that Plume will open to arbitrary locations because of how Plume parses URLs. The preview of an URL in a tweet will show the complete (at least the host name and the first few chars of the URL) but shortened URL. However, if the URL contains a semicolon (;) the URL that will be opened is the part after the semicolon. Continue reading “Plume Twitter Client URL Spoofing”

Events

November 19, 2018 by SadProcessor

The Dog Whisperer’s Handbook

Generally speaking, I’m more of a Cat type of guy, but I have to say I really love BloodHound. And if you do too, you are in for a treat…
Last week, the ERNW Insight Active Directory Security Summit took place in Heidelberg. (More Info)
For this occasion, @Enno_Insinuator asked me if I would like to deliver a BloodHound Workshop, and of course I accepted the challenge…

Continue reading “The Dog Whisperer’s Handbook”

Breaking

November 19, 2018 by Niklaus Schiess

Pidgin, Word Documents, my Clipboard and I

Lately, I’ve experienced some weird Pidgin crashes when I was copy&pasting into chat windows. The strange part was: I didn’t even know what triggered the crash because I actually didn’t know what was in my clipboard at this exact point. This is a quick write-up of how I investigated the issue and some interesting properties I found out about clipboards.

Continue reading “Pidgin, Word Documents, my Clipboard and I”

Events

November 16, 2018 by Friedwart Kuhn

Active Directory Security Summit 2018 – Slides Online

on Tuesday, 13.th of November we realized our second AD security summit with the title: “Active Directory Security: On-Prem-Security, Secure Extension into the Cloud & Secure Operations” in Heidelberg. First, we had three talks: the first one about “Active Directory Core Security Principles & Best Practices” covering hybrid AD and AD Trusts as well (by Friedwart Kuhn & Heinrich Wiederkehr from ERNW), the second one a case study about the implementation of an ESAE Forest in a big insurance company (by Fabian Böhm from Teal Technology Consulting) and the third one about a case study with respect to the (security) challenges of a hybrid AD (by Raphael Rojas from STIHL). Continue reading “Active Directory Security Summit 2018 – Slides Online”

Breaking

November 16, 2018 by Niklaus Schiess

Dumping Decrypted Documents from a North Korean PDF Reader

This is a write-up about how to use Frida to dump documents from a process after they have been loaded and decrypted. It’s a generic and very effective approach demonstrated on a piece of software from North Korea.

Continue reading “Dumping Decrypted Documents from a North Korean PDF Reader”

Breaking

November 14, 2018 by Tillmann Oßwald

Multiple Vulnerabilities in Nexus Repository Manager

Recently, we identified security issues in the Nexus Repository Manager software developed by Sonatype. The tested versions were OSS 3.12.1-01 and OSS 3.13.1-01.

The following issues could be identified:

Multiple Cross-Site Scripting (CVE-2018-16619)
Missing Access Controls (CVE-2018-16620)
Java Expression Language Injection (CVE-2018-16621)

Continue reading “Multiple Vulnerabilities in Nexus Repository Manager”

Events

November 13, 2018 by Tobias Kopf

Hack.lu 2018: Back and forth with the ERNW Crew

If a conference feels like a great vacation, then the organizers are doing it absolutely right! Hack.lu took place for the 14th time in Luxembourg. From the 16th – 18th October, the Alvisse Parc Hotel hosted the Hack.lu conference. Those three days were full of talks, workshops and “discussions about computer security, privacy, information technology and its cultural/technical implication on society“. Some members of the ERNW crew had the chance to attend Hack.lu this year and we all enjoyed it a lot!

Continue reading “Hack.lu 2018: Back and forth with the ERNW Crew”