Last year I encountered a slight variation of an internal port scan vulnerability for the CrystalReports component of SAP Business Objects. The original vulnerability was presented and disclosed by rapid7 in the talk “Hacking SAP Business Objects”. The corresponding slides can be found here. Continue reading “Information About SAP Security Note 2336795”
Continue readingTesting RFC 6980 Implementations with Chiron
In the recent post on the IPv6 properties of the latest MS Windows versions I announced another one providing details on the RFC 6980 related testing I had performed. So here we go.
When doing IPv6 security testing there’s mainly four toolkits which can be used: Continue reading “Testing RFC 6980 Implementations with Chiron”
Continue reading31c0n 2017 in Auckland, New Zealand
Last week we gave a talk at the very first 31c0n in Auckland, New Zealand. The talk focused mainly on the methodology that we use to assess security products.
More specifically, this methodology consists of 7 steps Continue reading “31c0n 2017 in Auckland, New Zealand”
Continue readingTroopers17 GSM Network – How about your own SMPP Service?
The event of the events is getting closer and again, we are very optimistic to have a lot of awesome trainings, talks, evening events, and discussions. But we again will also have some “features” and gimmicks for those of you who would like to play with new, old, or just interesting technologies. As you might remember, since some years one of these features is and again will be our own GSM Network. As we are improving our setup from year to year, this time we’d like to give you the chance to actively participate with ideas and your own services. Continue reading “Troopers17 GSM Network – How about your own SMPP Service?”
Continue readingAgile Development & Security
I’m a big fan of Chris Gates’ publications on DevOops and From Low to Pwned. The content reflects a lot of issues that we also experience in many assessments in general and assessments in agile environments in particular. In addition, we were supporting several projects recently that were organized in an agile way. In this post, I want to summarize some thoughts on how security work can/should be integrated into agile projects. Continue reading “Agile Development & Security”
Continue readingCloudflare Incident #Cloudbleed
Exactly one week ago I noticed an “urgent” tweet from Tavis Ormandy to get in contact with the Cloudflare team.
Normally when a tweet like this appears from Tavis, something is horribly broken. Well, today we know the background of this tweet as the bug tracker issue went public and it exposed quite a bug from Cloudflare. Continue reading “Cloudflare Incident #Cloudbleed”
Exploitation of IMS in absence of confidentiality and integrity protection
IP Multimedia Subsystem (IMS) offers many multimedia services to any IP-based access network, such as LTE or DSL. In addition to VoLTE, IMS adds service provider flexibility, better QoS and charging control to the 4th generation of mobile networks. IMS exchanges SIP messages with its users or other IMS and usually these communications are secured by TLS or IPSec. But if an attacker manages to break the confidentiality and the integrity with IMS, he would find it vulnerable to several attacks. Continue reading “Exploitation of IMS in absence of confidentiality and integrity protection”
Continue readingSummary of “Lockpicking in the IoT” at 33C3
“Lockpicking in the IoT, …or why adding BTLE to a device sometimes isn’t smart at all” by Ray was one of my favourite talks, as it beautifully showed many different attack vectors as well as giving a nice guide for getting started in this area. Continue reading “Summary of “Lockpicking in the IoT” at 33C3”
Continue reading33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?
This was one of the few technical talks at 33c3 I managed to see, by that I mean live-stream during an access control shift, by Clémentine Maurice and Moritz Lipp.
The talk gave an overview of some already known possible information leaks by abusing certain x86 instructions(the same concept applies to ARM too though) and demonstrating the various ways an attacker could use them. Continue reading “33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?”
Continue readingWhite Paper on Incident Handling First Steps, Preparation Plans, and Process Models
We just published my Whitepaper about First Steps, Preparation Plans, and Process Models for Incident Handling, that I wrote to pass the time between Christmas and New Year. The whitepaper sums up information that I consider to be useful to prepare for IT security incidents as a conclusion from the incidents in which we supported over the past year. Continue reading “White Paper on Incident Handling First Steps, Preparation Plans, and Process Models”
Continue reading