Bold Statements
As you probably know we perform research on a regular base at ERNW.
We – Olga and Rafael – started with a research project about Bluetooth. Our first goal was to gain some knowledge about the tools used by most Linux systems to communicate with Bluetooth hardware, such as BlueZ. A good help for that was the amazing Bluetooth hacking workshop we had before (check the link in our blog!)
Continue reading “Research Diary: Bluetooth”
Continue readingThis is the 3rd part of this loose series on considerations of (operating) DMZs in 2016 (part 1 on the role of a DMZ is can be found here, part 2 on reverse proxies here).
Again, I dare to deviate a bit from the plan & order I initially had in mind – today I will cover one process whose maturity may significantly influence the overall security posture of a DMZ environment: firewall rule management.
Dear Readers,
just recently i bought a wireless plug on Amazon with the main use of controlling my coffee machine with an app. The installation of the wireless plug was quite easy and only requires me to set my Wifi SSID and my passphrase – that’s it. But what happened behind the scenes? I visited the control interface of my router and saw that along with the other devices there was a new one with the network name HF-LPB100 and a local IP address in my case 192.168.0.235. First of all i wondered about the name itself, but ignored that and kept on looking for open ports.
Continue reading “IoT the S is for Secure – Unknown Administration Interface in Wireless Plug”
Continue readingThis year’s BlackHoodie workshop rolled out with 28 amazing women from all parts of the world. It was a very vibrant group with students, professionals, engineers, researchers, physicists and what not. This is the second year that Marion Marschalek is running this reverse engineering workshop exclusively for women. There were a variety of topics that were covered. This includes anti emulation tricks, anti debuggers, packers, obfuscation, encryption/decryption functions, and a lot of fun with IDA.
Continue reading “BlackHoodie 2016”
Continue readingI am Andrei Costin (at http://firmware.re project), and this is the first post from a series of guest postings courtesy of ERNW.
Between 24th and 28th October, I had the pleasure and the great opportunity to attend ACM CCS 2016 in Vienna, Austria, where I also presented at the TrustED’16 workshop my paper titled “Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations”.
My attendance throughout the entire ACM CCS 2016 week and my presentation at TrustED was possible thanks to generous support from Enno Rey and ERNW, and I thank them again for this opportunity!
In these guest postings I am going to summarize the talks I have attended, and will try to make you interested in exploring more on each of the mentioned papers. Continue reading “Introduction & CCS’16 – Day 1 – 24th October 2016”
Continue readingHow to provide updates to IoT devices – yes, I’m aware this might be a overly broad generalization for many different devices – has been the topic of many discussions in the last years (for those interested the papers from the “Internet of Things Software Update Workshop (IoTSU)” might be a good starting point).
Given Matthias and I will moderate the respective session at tomorrow’s IoT Insight Summit I started writing down some points that we consider relevant in this context.
Continue reading “(Securely) Updating Smart Devices / Some Considerations”
Continue readingToday Kevin and I had the pleasure to to present at the German 15. Cyber-Sicherheits-Tag in Berlin which is organized by the Alliance for Cyber Security. This iteration covered security aspects of the Internet of Things and we enjoyed some great conversations. The presentations were limited to ten slides and can be found here:
Continue reading “15. Cyber-Sicherheits-Tag”
Continue readingLast Friday I gave a talk at the ITSeCX in St. Pölten, Austria. The conference, hosted by the local University of Applied Sciences, has already taken place ten times. I don’t know how many people attended this time, 2014 there were about 600; I read somewhere on the net. There were four tracks and some workshops from 4pm to the conference’s end at midnight. Continue reading “ITSeCX 2016: Pulling an all-nighter in Austria”
Continue readingTROOPERS16 was packed with epic talks from around the world, an unknown evil twin brother appearing, hands-on trainings, and a legendary year for our TROOPERS Charity efforts! If you were there you might be wondering to yourself how could they possibly top it? Well, I am going to let you in on a little secret: Next year is the 10th edition of TROOPERS. One DECADE of TROOPERS, and we are pulling out all the stops! Starting with the announcement of the first 5 talks!
Continue reading “Announcing the first 5 talks of TROOPERS17!!!!”
Continue readingAs we all know an IPv6 enabled host can have multiple addresses. In order to select a source address for a to-be established outbound connection, operating systems implement a source address selection mechanism that evaluates multiple source address candidates and selects the (potentially) best candidate. Criteria for this selection are defined in RFC6724 (which obsoletes RFC 3484).
Continue reading “IPv6 Source Address Selection”
Continue reading