We are thrilled to announce the Blackhoodie event at Troopers 2018 on March 12th and 13th in Heidelberg. This time it is going to be a 2 day workshop with various interesting topics related to reverse engineering. We will make sure that you get some hands on experience with reversing and more.Continue reading
A new ERNW whitepaper was just published. I wrote this whitepaper in the course of my bachelor thesis and it examines multi-factor authentication in Microsoft Windows environments: Continue reading “White Paper on Multi-Factor Authentication in Microsoft Windows Environments”Continue reading
A happy new year to everybody!
At Troopers18 there will be a new special track on Microsoft Active Directory and its security aspects, similar to the SAP security track which we established some years ago. The AD security track will feature, amongst others, the following talks.Continue reading
I am amazed by how this years BlackHoodie unraveled. Three days that included a pre-conference of lightening talks and two parallel tracks with a total of 64 enthusiastic members. The very spirit of BlackHoodie is nothing other than the quest to gain deep knowledge. Reverse engineering is one of the hardest fields in security. It touches on all fields of computing, starting from assembly, programming, file formats, operating systems, networks and what not. This makes it hard but an extremely fulfilling experience to spend time learning it. For me, the very idea of staring at a binary till you understand what it does is a magical feeling.Continue reading
Following my work with the FreeBSD implementation of RFC 6980 I was happy to present my work at last week’s DENOG 9 meeting.
To make it available to anyone who did not meet me there and go into some more detail that would have exceeded the boundaries of the talk, I will cover the topic here.
TROOPERS17 was unlike any TROOPERS we had known before. Everything just seemed bolder, better, and beyond our expectations. From surprise speakers like the grugq (do you have a follow-up talk for #TR18 by the way?) to new speakers who are now TROOPERS family, TROOPERS17 is one for the history books!
If you were there you might be wondering to yourself, how could they possibly top it (and if you were not there check out this video from TR17)? Well, I am not going to lie, it will be a challenge. However, the high quality of talk and training submissions for this year have us feeling pretty positive about making #TR18 the “best year ever”!
With that being said I am happy to introduce the first official 5 talks of TROOPERS18!Continue reading
Looking at IPv6 deployment graphs like this one it becomes clear that IPv6 still is not widely deployed in enterprise space (the reason for the apparent oscillation in that curve is the difference between working days – where people use their office computers – and weekend where they preferably use their smartphones or their home equipment connected by means of broadband networks).Continue reading
From October 17th – 19th I had the chance to attend my first DockerCon Europe 2017.
The conference was very well organized and attendee focused, which could be seen by the many little details found on the conference. For example you never ran out of coffee or beverages, there was a new Hallway Track where you could meet people from all disciplines, discuss about your favorite topics and there was always a place to sit and take a break between all those interesting presentations. I had the chance to speak to very nice people from different industries, most importantly in my case on the topic security. It was nice to see how the Docker community is growing and the adoption rate is increasing, especially in companies. The main focus of the conference (especially seen in talks held by people from Docker Inc.) was the Docker Enterprise Edition.Continue reading
the last post was about a fuse filesystem which provides a read-only access to the proprietary bluecoat filesystem. After some further investigations based on the possibilities this offered us, I started to implement a tool which allows to modify parts of the filesystem.Continue reading
Some time ago, one of our customers contacted us with a special request. For some legitimate reason, they needed to centrally collect certain certificates including their private keys which were distributed across many client systems running Windows and stored in the corresponding user stores. Unfortunately (only in this case, but actually good from a security perspective), the particular private keys were marked non-exportable making a native export in the context of the user impossible. As if this wasn’t enough, the extraction was supposed to be executed in the context of the current user (i.e. without administrative privileges) while not triggering the existing Anti Virus solution at all. Also, the certificates needed to be transferred to some trusted system where they could not be accessed in an unauthorized way. So let’s have a look how we tackled these problems:Continue reading