During a recent customer project we identified several vulnerabilities in the VMware vRealize Automation Center such as a DOM-based cross-site scripting and a missing renewal of session tokens during the login. The vulnerabilities have been disclosed to VMware on November 20th, 2017. A security advisory for the vulnerabilities has been made available here on April 12th, 2018. Continue reading “Security Advisory for VMware vRealize Automation Center”
Continue reading#TR18 Defense & Management Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 Defense & Management Track.
Continue reading “#TR18 Defense & Management Summaries”
Continue reading#TR18 Attack & Research Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 Attack & Research Track.
Continue reading “#TR18 Attack & Research Summaries”
Continue reading#TR18 SAP Security Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 SAP Security Track.
Continue reading “#TR18 SAP Security Summaries”
Continue reading#TR18 Next Generation Internet (NGI) Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 Next Generation Internet Event.
Continue reading “#TR18 Next Generation Internet (NGI) Summaries”
Continue reading#TR18 Active Directory Security Track, Part 1
This is the first post discussing talks of the Active Directory Security Track of this year’s Troopers which took place last week in Heidelberg (like in the last nine years ;-). It featured, amongst others, a new track focused on Microsoft AD and its security properties & implications. This was the agenda.
Continue reading “#TR18 Active Directory Security Track, Part 1”
Continue readingSquirrelmail Full Disclosure – TROOPERS18
Birk an me basically fully disclosed a 0day in Squirrelmail yesterday. This is a short Q&A to answer the most common questions about the issue to calm you all down a little bit. 😉
Continue reading “Squirrelmail Full Disclosure – TROOPERS18”
Continue readingThe Hackers‘ Sanctuary City
TROOPERS has a long history of theming the conference every year. Usually we pick a surreal topic, a fun story which we think is worth to pick up on. Some of it starts as a crazy thought, others have been the result of long discussions. Most of them are online, only our master piece from 2016 is securely stored in the company’s vaults.
Continue reading “The Hackers‘ Sanctuary City”
Continue readingAuditing AWS Environments
Introduction
Related to our new TROOPERS workshop “Jump-Starting Public Cloud Security”, this post is going to describe some relevant components which need to be taken care of when constructing and auditing an Amazon Web Services (AWS) cloud environment. Those include amongst others the general AWS account structure, Identity and Access Management (IAM), Auditing and Logging (CloudTrail and CloudWatch), Virtual Private Cloud (VPC) networks, as well as S3 buckets.
Continue reading “Auditing AWS Environments”
Continue readingTelcoSecDay 2018 – Talks Part2
We have the next set of selected talks being announced here. I am super excited about the variety of applications we had this year. Here are some of the talks we will have.
Title: From LoRa technology to deployment within Orange affiliates
Continue reading “TelcoSecDay 2018 – Talks Part2”
Continue reading