The Windows Insight repository currently hosts three articles on the TPM (Trusted Platform Module):
The TPM: Communication Interfaces (Aleksandar Milenkoski): In this work, we discuss how the different components of the Windows 10 operating system deployed in user-land and in kernel-land, use the TPM. We focus on the communication interfaces between Windows 10 and the TPM. In addition, we discuss the construction of TPM usage profiles, that is, information on system entities communicating with the TPM as well as on communication patterns and frequencies;
The TPM: Integrity Measurement (Aleksandar Milenkoski): In this work, we discuss the integrity measurement mechanism of Windows 10 and the role that the TPM plays
as part of it. This mechanism, among other things, implements the production of measurement data. This involves calculation of hashes of relevant executable files or of code sequences at every system startup. It also involves the storage of these hashes and relevant related data in log files for later analysis;
This week Chris and I participated in the RIPE 78 meeting in Reykjavík. Being part of the group was fun as always and we had quite some interesting conversations with peers from (not only) the IPv6 community.
Big thanks to the RIPE NCC team for the smooth organization and for taking care of us!
In this post I’ll provide some notes on talks I found particularly interesting, plus links to our own contributions.
We are glad to announce the Windows Insight repository. The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
Some of the content of this repository has been created in the course of a project named ‘Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10 (SiSyPHuS Win10)’ (ger.) – ‘Study of system design, logging, hardening, and security functions in Windows 10’ (eng.). This project has been contracted by the German Federal Office for Information Security (ger., Bundesamt für Sicherheit in der Informationstechnik – BSI). The work planned as part of the project is conducted by ERNW GmbH, starting in May 2017.
Chris and I will give a tutorial on the above topic at next week’s RIPE Meeting in Reykjavík. In this post (actually this will probably become a small series of posts) I’ll try to summarize some thoughts on IPv6 security in enterprise environments in 2019.
Dominik Phillips and I are taking part in a tour organized by Heise Security – the Heise Security Tour. We give a talk titled “PowerShell: Attack under the radar”. In this talk, we provide an overview of the architecture of PowerShell and show how attackers may use PowerShell for malicious purposes. We demonstrate PowerShell post-exploitation activities implemented as part of publicly available frameworks, such as Empire. We also discuss a security concept for defending against such activities.
You can find the slides of our talk here (in German).
This blogpost contains summaries of talks from this year’s TROOPERS19 Active Directory Security Track.
From Workstation to Domain Admin: Why Secure Administration Isn’t Secure and How to Fix It by Sean Metcalf
Active Directory is probably used in almost every corporation today to administer all kinds of Authorization, Authentication and Privileges. This means they are valuable targets for attackers, because once compromised they could do whatever they want. This would be the worst case scenario, right? Therefore securing AD is important and this year TROOPERS19 featured a whole track solely for AD Security.
Earlier this month I attended the Digital Medical Expertise & Applications (DMEA) 2019. The DMEA fair in Berlin (formerly conhIT) is the central platform for digital health care as it brings together companies of health IT, academic institutions, politics and healthcare delivery organizations in several format such as innovation hubs and talks during congress sessions as a part of the industry fair. I participated in a congress session about IT security in healthcare with a talk about medical device security and common security flaws in medical devices. Some of the aspects have also been covered in my talk at #TR19 .
As a follow-up of the very fruitful discussions between people from the car industry and medical device security folks in the IoT roundtable session from #TR19 I wanted to share my experiences and insights from the DMEA with you.