Bold Statements
Trooper!
You passed Hacking 1on1 with flying colors?
You evade web application firewalls as they would be opened doors?
You have successfully exploitated CVE-2015-8769?
Then it’s time for the next challenge! Follow us down the rabbit hole to the not so well known attacks against modern web applications.
Continue reading “Web Hacking Special Ops Workshop @ TR16”
This year’s Hacking 101 workshop at TROOPERS16 will give attendees an insight into the hacking techniques required for penetration testing. These techniques will cover various topics like information gathering, network mapping, vulnerability scanning, web application hacking, low-level exploitation and more.
During this workshop you will learn, step by step, a testing methodology that is applicable to the majority of scenarios. So imagine you have to assess the security of a system running on the Internet. How would you start? First, you need a good understanding about the target, including running services or related systems. Just scanning an IP will most likely not reveal a lot of information about the system. The gathered information may help you to identify communication relations of services that could include vulnerabilities. A brief understanding of the target and it’s related systems/services/applications will make scanning and identifying vulnerabilities a lot easier and more effective. Then, the last step will be the exploitation of the identified vulnerabilities, with the ultimate aim to get access to the target system and pivot to other, probably internal, systems and resources.
So if you are interested in learning these techniques and methodologies, join us at the TROOPERS16 Hacking 101 training! Attendees should have a brief understanding of TCP/IP networking and should be familiar with command lines on Linux systems. Also, being familiar with a programming/scripting language is considered useful.
Continue reading
Dear all,
This year the TelcoSecDay will take place on March 15th. For those of you who does not know about: the TelcoSecDay it is a sub-event of Troopers bringing together researchers, vendors and practitioners from the telecommunication / mobile security field.
Continue reading “TelcoSecDay – First Round of Talks”
Hello everybody and welcome to the second part of our 32C3 recap!
In case you didn’t see the first part, make sure to check it out 😉
Continue reading “32C3 Recap – Part 2”
Happy 2016 everyone! We are exactly 2 months away from the start of TROOPERS16!! Speakers and Trainers across the globe are polishing (or in some cases creating) their PowerPoints to use while delivering their highly technical and entertaining talks. While we here at TR HQ are busy tweaking orders, creating challenges to boggle the mind and test your skills, and of course working on some top secret fun. 😉
#BestWeekEver
Your TROOPERS Team
Continue reading “5th Round of TROOPERS16 Talks Accepted”
Continue readingHi,
today I’m going to suspend the “Developing an Enterprise IPv6 Security Strategy” series for a moment and discuss some other aspects of IPv6 deployment.
We’ve been involved in a number of IPv6 projects in large organizations in the past few years and in many of those there was a planning phase in which several documents were created (often these include a road map, an address concept/plan and a security concept).
Point is: at some point it’s getting real ;-), read: IPv6 is actually enabled on some systems. Pretty much all enterprise customers we know start(ed) their IPv6 deployment “at the perimeter”, enabling IPv6 (usually in dual-stack mode) on some systems/services facing the Internet and/or external parties.
Unfortunately there’s a number of (seemingly small) things that can go wrong in this phase and “little errors” made today are probably meant to stay for a long time (in German we have the nice phrase “Nichts ist so dauerhaft wie ein Provisorium”, and I’m sure people with an IT operations background will understand this even without a translator…).
In this post I will hence lay out some things to consider when you enable IPv6 on perimeter elements for the first time. Continue reading “Things to Consider When Starting Your IPv6 Deployment”
Every year a group of us are happy to use the holidays to travel to Hamburg to meet other people and learn something new at the 32C3.
In this small series we’ll present you recaps of some talks we found most interesting, but you also should make sure to watch the recording of them. 😉
Continue reading “32C3 Recap – Part1”
Continue readingAs you know we (as in ERNW) are quite involved when it comes to vulnerability disclosure and we’ve tried to contribute to a discussion at several occasions, such as Reflections on Vulnerability Disclosure and ERNW Newsletter 50 Vulnerability Disclosure Reflections Case Study.
In this post I want to add (yet) another perspective, motivated by a disclosure procedure which just happened recently. Continue reading “Another Perspective in Vulnerability Disclosure”
Continue readingHello everybody,
this time I’d like to share some thoughts and results about our telco research last year. We gathered a lot of information out of some projects we’d like to share and discuss with you. The following sections also provide an idea of the upcoming Telecommunication Security Workshop I will give with Kevin Redon at Troopers (click). The workshop will be about Radio Network Security (covered by Kevin) and security aspects of the Core Network (covered by myself), mainly focusing on Voice over LTE (VoLTE). That’s also the topic of today’s post.
Continue reading “Security Analysis of VoLTE, Part 1”
In the previous parts of this series (part 1, part 2, part 3, part 4) we covered several aspects of IPv6 security, mainly on the infrastructure level. In today’s post I will follow up by briefly discussing so-called First Hop Security features.
Continue reading