Even if the CFP for TelcoSecDay 2017 is officially closed, I am still getting mails in. First of all: thank you for all your great feedback! As the TelcoSecDay is a complimentary and non-public event with highly specialized topics, it only works by sharing knowledge with each other. But please keep in mind that the speaker-slots are limited and I have to make a decision at some point of time.
Anyhow, I am looking forward for a great event and I am proud to publish the first accepted talks:
Continue reading “TelcoSecDay 2017 – First Talks Published”
A short Addendum on the Mirai Botnet Blog Post
While doing heap research on Linux processes (results are going to be published soon), I came across the bot from the Mirai Botnet. As already mentioned in the blog post by Brian, the Mirai bot uses obfuscated configuration data which contains e.g. the CnC server. When now confronted only with a bot (e.g. in the context of a running task or the ELF binary), but without the according source code, the decryption of this configuration data for e.g. incident analysis purposes might not be easily possible (with the python script from the blog post), if the key has been changed.
But in this case that is not a problem at all, because Continue reading “A short Addendum on the Mirai Botnet Blog Post”
Research Diary: Bluetooth. Part 2
Recently we posted first part of our Bluetooth research diary. Today, we want to continue on that topic and tell you about Bluetooth proxying and packet replay with a new tool.
This time we had a new gadget to play with: our colleague Florian Grunow shared with us a curious IoT device – Bluetooth socks… real socks that you control with an app to heat your feet. The future is here… đ Continue reading “Research Diary: Bluetooth. Part 2”
Continue readingAnalyzing yet another Smart Home device
As you have probably already recognized, some of us here at ERNW are doing research in the area of smart home technologies e.g. KNX. Recently, we took a deeper look into a device which is used to control a smart home system produced by the vendor BAB TECHNOLOGIE GmbH called âeibPortâ. This device can be used to control smart home systems based on different technologies e.g. EnoCean or KNX depending on the version of the device. Continue reading “Analyzing yet another Smart Home device”
Continue readingResearch Diary: Blue Coat
As a part of our research time here at ERNW, last week we had an interesting time looking at one of the widespread and commonly adopted proxy appliance by many organizations Blue Coat Secure Gateway.
Continue reading “Research Diary: Blue Coat”
Continue readingSome Notes from the Lab – BlackNurse in the IPv6 Era
Since BlackNurse was released on 10th of November, we asked ourselves whether this problem does also apply to ICMPv6 traffic. To answer this question, Christian Tanck (one of our students) build a lab with several firewall appliances. Kudos to him for testing and the following blog post.
Continue reading “Some Notes from the Lab – BlackNurse in the IPv6 Era”
Continue readingResearch Diary: IP-Cameras Part 2
Hi everybody,
This is the second entry in our research diary on IP cameras. If you havenât done so yet, you should read the first entry in advance. This time we focused more on analysis and exploitation.
Another entry vector
After running a vulnerability scan on both devices, it was revealed that the M1033 has multiple buffer overflow vulnerabilities (CVE-2012-5958 to CVE-2012-5965), which are readily exploitable via Metasploit. This gave us another shell (in addition to the root shell mentioned in the last post), though this time it was not a root shell. By using the find command, we searched for executables having the setuid or setgid bit set. We hoped to use one of those to escalate privileges. To do so yourself add the parameter -perm -4000 to find and it will search for files having the setuid bit set. If you try that on your own unix-like device, for example it should yield /bin/passwd which is perfectly reasonable as youâre able to change your password without being root.
Continue reading “Research Diary: IP-Cameras Part 2”
Continue readingDefending Democracy
I recently had the pleasure to attend two events organized by the Digital Society Institute, one was a workshop on software vulnerabilities and one was their annual conference. For both events I delivered input on the security of security products and their evaluation (slides can be found here). The DSI did a great job of assembling people from various areas (e.g. industry, academia, politics, and research) so there was a lot of input which is not covered by conferences I usually attend. The workshop I attended also resulted in a short policy recommendation when it comes to the security of security products which can be found here.
Thanks & so long,
Matthias
Continue readingCCS’16 â Day 2 â 25th October 2016
Hello again.
Andrei Costin (at http://firmware.re project) is here, and this is the second post from a series of guest postings courtesy of ERNW (thanks Niki and Enno!).
Few days ago, the first CCS’16 summarization post went online:Â https://insinuator.net/2016/11/introduction-ccs16-day-1-24th-october-2016/
It summarized five presentations of the 6th Annual Workshop on Security and Privacy in Smartphones (SPSM’16). In short, it contained presentations on: over-the-top and phone number abuse, smartphone fingerprinting, apps privacy increase and protection/security, and apps privacy ranking. Continue reading “CCS’16 â Day 2 â 25th October 2016”
Continue readingResearch Diary: IP-Cameras
As you probably know we perform research on a regular basis at ERNW. This post is the first entry on our â Benjaminâs and Pascalâs – research diary. You might already have seen Oliver’s post on setting up an research environment or Brian’s posts on IoT botnets (here and here). With that in mind we want to take a look at one of the market leaders for network camera equipment: AXIS.
Continue reading “Research Diary: IP-Cameras”
Continue reading