Insinuator.net – Page 43 – Bold Statements

February 10, 2016 by Christopher Werny

Multiple Address Family OSPFv3

Dear Readers,

today I want to talk about OSPFv3. I won’t cover the glory details of OSPFv3, there are smarter guys than me out there who did that already 😉 and there are great resources to familiarize yourself with the protocol. However, it should be noted that OSPFv3 is not only OSPF for IPv6, OSPFv3 brought some major enhancements compared to OSPFv2. Wouldn’t it be cool to benefit from the enhancements in the IPv4 world as well? Continue reading “Multiple Address Family OSPFv3”

Events

February 9, 2016 by Christopher Werny

#TR16 IPv6 Security Summit Teaser: First-Hop-Security on HP Network Devices

Hello Everybody,

Today I want to give you a little teaser about my upcoming talk at the IPv6 Security Summit about First-Hop-Security on HP devices. In the past I presented on about First-Hop-Security in the Cisco realm and in virtualized environments. Until recently, Cisco was mostly the only vendor who had a sufficient implementation of various IPv6 security features on their access-layer switches, but HP closed the gap considerably and it’s time to have an in-depth look at their implementation of those features.

Continue reading “#TR16 IPv6 Security Summit Teaser: First-Hop-Security on HP Network Devices”

Events

February 8, 2016 by Christopher Werny

#TR16 IPv6 Security Summit Teaser: Building a Reliable and Secure IPv6 WiFi Network

Hi everyone,

some of you may have seen my last blog post about the preparation of the Troopers network. Today I want to give you a little teaser on what to expect for the talk I will present during the IPv6 Security Summit. As the title implies, it’s not only about building a secure IPv6 WiFi, but also a reliable one. One might think that there aren’t many differences in comparison to IPv4, but the heavy reliance on multicast of IPv6 does have implications for Wi-Fi networks in general. Continue reading “#TR16 IPv6 Security Summit Teaser: Building a Reliable and Secure IPv6 WiFi Network”

Events

February 6, 2016 by Christopher Werny

DHCPv6 Option 52 on Cisco DHCPv6 Server

Hi,

I am currently preparing the Troopers network in a lab environment to ensure that we all will have a smooth Wi-Fi experience during Troopers. I wanted to spice things up a little bit for the Wi-Fi deployment (more on that in a following blogpost) and get rid of IPv4 wherever possible. Our Wi-Fi infrastructure consists of typical Cisco Access Points (1602) and a 2504 Wireless LAN Controller. Beginning with WLC image 8.0 it is finally supported to establish the CAPWAP tunnel between the AP and the WLC over IPv6, which is awesome and I wanted to implement it right away. Continue reading “DHCPv6 Option 52 on Cisco DHCPv6 Server”

Breaking

February 3, 2016 by Ahmad Abolhadid

Denial of Service attacks on VoLTE

Some weeks ago Hendrik explained in his blogpost Security Analysis of VoLTE, Part 1 some attack vectors for Voice over LTE (VoLTE). One attack vector introduced was Denial of Service (DoS), which I also discussed in my Masterthesis “Evaluation of IMS security and Developing penetration tests of IMS”.

In general, DoS attacks aim to prevent a system or a network from efficiently providing its service to legitimate users . The impact of such attacks can vary from a big degradation of quality to total blockage. DoS can occur on users level, where a user or a group of users cannot use the service. But the common conception of DoS is on the service level, where the whole service is broken, unstable or totally down. This blog post is about targeting DoS of the whole VoLTE service by attacking IMS.
Continue reading “Denial of Service attacks on VoLTE”

Events

February 3, 2016 by Hendrik Schmidt

TelcoSecDay 2016 – Second Round of Talks

I am very happy to announce the second round of talks for the TelcoSecDay 2016. As mentioned in my previous post it will take place on March 15th. All invitations should be out by now; if you think you can contribute to the group and you are willing to join us – please let me know (hschmidt@ernw.de).

Still, not all talks are confirmed but the newly published talks will provide an idea about TSD 2016 and its discussions.
Continue reading “TelcoSecDay 2016 – Second Round of Talks”

Events

February 2, 2016 by Niki Vonderwell

Pentesting with Metasploit #TR16 Training

In this year’s MSF training we will guide you through the typical steps of the pentest cycle: information gathering, attacking and looting your targets. For each step, demos and exercises will help you deepen and test your newly acquired knowledge. In addition to the typical penetration-test scenarios you will also learn several advanced aspects of the framework such as: how writing your own metasploit modules works, how to export payloads and make them undetected. With a final exercise each day you can finally challenge yourself and apply what you have learned!

Be prepared with a Virtualbox installation and a notebook. If you prefer, you can install MSF on your laptop beforehand and make yourself familiar with it. As a special bonus, MSF is typically one of the tools always summoned during the infamous PacketWars!

See you there!
Benedikt

Building

February 2, 2016 by Enno Rey

Developing an Enterprise IPv6 Security Strategy / Part 6: Controls on the Host Level

In this part of the series (for the other parts see [1], [2], [3], [4], [5]) we’ll discuss approaches to implement security measures suited to protect from IPv6-related threats on the host level.

Continue reading “Developing an Enterprise IPv6 Security Strategy / Part 6: Controls on the Host Level”

Breaking

January 30, 2016 by Brian Butterly

Damn Vulnerable Safe

A while back Stefan and I held a little crash course/orientation run on hardware hacking at a German Fachhochschule. Planning to use something “real” we went for a simple electronic safe with a bunch of different vulnerabilities. I guess most security guys who spend a fair amount of time in hotels will understand this choice. As we needed something we could rely on would break, we stripped the device and swapped the original electronics for our own. The result was the “Damn Vulnerable Safe”.

Continue reading “Damn Vulnerable Safe”

Breaking

January 28, 2016 by Birk Kauer

Dynamic IDA Enrichment (aka. DIE)

Last year on the Hex-rays plugin Contest the Dynamic IDA Enrichment (DIE) plugin won first place, so we decided to have a look and play around with it.

DIE extends IDA to add Dynamic Data to the static analysis. So after the installation, we are able to perform the static analysis using a lot of supporting information from the actual execution of the binary under assessment.

Since DIE is purely written in Python you will need at least Python 2.7 and IDA Versions prior to 6.8 won´t work. In the current version DIE will only work on Windows which will hopefully soon be available cross-platform.

To setup the environment for DIE just use pip install –r requirements.txt (requirements.txt are shipped with DIE).
Copy die_proxy.py to the IDA Plugin directory and add an environment Variable named DIEDIR including the path to the DIE directory. Continue reading “Dynamic IDA Enrichment (aka. DIE)”