As mentioned in my last blogpost, I had the pleasure to participate in this years DFRWS USA and present our paper. The paper and presentation can be freely viewed and downloaded here or here. Note that there is also an extended version of the paper, which can be downloaded here.
The keepassx, zsh and heap analysis plugins are now also part of the Rekall release candidate 1.7.0RC1, so it’s easier to get started.
The 11th USENIX Workshop on Offensive Technologies (WOOT17) took place the last two days in Vancouver. Some colleagues and I had the chance to attend and enjoy the presentations of all accepted papers of this rather small, single-track co-located USENIX event. Unfortunately, the talks have not been recorded. However, all the papers should be available on the website. It’s worth taking a look at all of the papers, but these are some presentations that we’ve enjoyed: Continue reading “11th USENIX Workshop on Offensive Technologies (WOOT17)”
Some of the ERNW Crew hit up Black Hat USA and DEFCON. Our own Omar Eissa even gave his first BH and DEFCON talks! See which talk we liked and what inspiration we took home.
This blogpost will be about my first steps with coreboot and libreboot and a life with as few proprietary firmware blobs as possible. My main motivation were the latest headlines about fancy firmware things like Intel ME, Computrace and UEFI backdoors. This post is not intended to be about a as much as possible hardened system or about coreboot/libreboot being more secure, but rather to be able to look into every part of software running on that system if you want to.
I first got curious about coreboot and libreboot at the 33C3 (Bootstraping a slightly more secure laptop). Then I searched for some old retired hardware at ERNW which I could flash coreboot to and found an old Thinkpad X61. Finding the X60 as officially supported hardware on the libreboot homepage, I have read through the libreboot and coreboot manuals to learn about the main coreboot part and it’s several payloads. Continue reading “A Life Without Vendors Binary Blobs”
As you may know, we published a whitepaper discussing the behavior of different operating systems once they receive IPv6 configuration parameters from different sources two years ago. At that time, the results were quite a mess. We were curious whether the situation is still so “dire” like two years ago. We fired up the lab, updated the tested operating systems and performed the tests again. Continue reading “IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited”
I’m happy to announce the release of several Glibc heap analysis plugins (for Linux), resp. plugins to gather information from keepassx and zsh, which are now included in the Rekall Memory Forensic Framework. This blogpost will demonstrate these plugins and explain how they can be used. More detailed information, including real world scenarios, will be released after the talk at this years DFRWS USA.
Just recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).
27 April 2016 marked a turning point for a lot of countries as well as a lot businesses worldwide: EU regulation 2016/679 (going by it’s more widely known name General Data Protection Regulation and abbreviated GDPR) was adopted by the European Parliament, the Council as well as the Commission [1]. Especially readers from countries outside of the EU might ask “Why should this be of interest for me?”. Continue reading “GDPR and Pseudonymisation – Easing the Pain of Regulation”
Over one of the recent long weekends I attended the 17th “Gulaschprogrammiernacht”, or “GPN17” for short, in Karlsruhe, the largest CCC Event after the Chaos Communication Congress with roughly a thousand attendees. The name literally translates to “goulash programming night”, which makes about as much sense as the German version. Despite the name it lasted from Thursday to Sunday, had a much wider scope than just coding and offered various other (incl. vegan) dishes besides goulash. As an active member of the CCC community I planned on attending it anyway, but submitted my talk about Automated Binary Analysis in case there was interest. I didn’t anticipate that much interest given that it was a fairly theoretical IT-Security topic at an event that was not focused on IT-Security, but nonetheless the hall was filled with people from various backgrounds like math, formal verification and software optimization. The talk was an improved version of the one I gave at Bsides Ljubljana, incorporating feedback I received and new things I had learned since then. The English slides are available here, the recording of the talk in German can be found here.