Last week (25th – 27th April), I attended the “Sicherheit 2018” in Konstanz which is the annual meeting of the security community of the Gesellschaft für Informatik e.V. (GI) in Germany. The conference is in equal proportions attended by researchers and people of the industry working in security-related disciplines which lead to lively and pleasant discussions conversations. Continue reading “GI Sicherheit 2018 Conference”
Continue readingReversing and Patching .NET Binaries with Embedded References
Lately I’ve been analyzing a .NET binary that was quite interesting. It was a portable binary that shipped without any third-party dependencies. I started looking at the .NET assembly with ILSpy and noticed that there was not that much code that ILSpy found and there were a lot of references to classes/methods that were neither in the classes identified by ILSpy nor were they part of the .NET framework.
Continue reading “Reversing and Patching .NET Binaries with Embedded References”
Continue readingprintf(“Hello World!”) Part 2
As our journey to the new product continues we are facing the typical challenges of phase 2 in the software development life cycle, the design phase (see part 1 for the overview of the phases):
Continue reading “printf(“Hello World!”) Part 2″
Continue readingIndustrial IoT Overview & Case Studies
Stefan and I had the pleasure of joining a one-day closed workshop on Industrial IoT Security. As always, we ended up with plenty of new research ideas and great contacts. We hope of course to post on follow-up research, but in this short post we quickly want to publish our slides which contain our input for the workshop. We mainly presented on IT security challenges for modern IIoT environments and presented some case studies for successful hardening/protection of IIoT environments as well as security in IIoT product development.
You can find our slides here.
Continue readingYet Another Information Disclosure?
Hey there, for those of you that roll your eyes when writing the nth Information Disclosure Finding in a report, here is a short story of how such information helped compromising a system.
Continue reading “Yet Another Information Disclosure?”
Continue readingSecurity Advisory for VMware vRealize Automation Center
During a recent customer project we identified several vulnerabilities in the VMware vRealize Automation Center such as a DOM-based cross-site scripting and a missing renewal of session tokens during the login. The vulnerabilities have been disclosed to VMware on November 20th, 2017. A security advisory for the vulnerabilities has been made available here on April 12th, 2018. Continue reading “Security Advisory for VMware vRealize Automation Center”
Continue reading#TR18 Defense & Management Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 Defense & Management Track.
Continue reading “#TR18 Defense & Management Summaries”
Continue reading#TR18 Attack & Research Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 Attack & Research Track.
Continue reading “#TR18 Attack & Research Summaries”
Continue reading#TR18 SAP Security Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 SAP Security Track.
Continue reading “#TR18 SAP Security Summaries”
Continue reading#TR18 Next Generation Internet (NGI) Summaries
This blogpost contains summaries of talks from this year’s TROOPERS18 Next Generation Internet Event.
Continue reading “#TR18 Next Generation Internet (NGI) Summaries”
Continue reading