I recently got in contact with Intel AMT for the first time. Surely I had heard about it, knew it was “dangerous”, it was kind of exploitable and had to be deactivated. But I hadn’t actually seen it myself. Well, now I have, and I simply love it and you will probably, too (and don’t forget: love and hate are very very close to each other đ )
The following blogpost will be a set of features and instructions on how to own a device with an unconfigured copy of Intel AMT without using any complicated hacks or the famous magic! Continue reading “How to use Intel AMT and have some fun with Mainboards”
The Three Billion Dollar App – Some Notes on My Upcoming Troopers Talk
This is a guest post from Vladimir Wolstencroft from our friends of aura information security
==================================================================
Mobile messaging applications have been occupying people’s attention and it seems to be all the latest news. Perhaps I should have called my presentation the 19 Billion dollar app but at the time of writing and research I thought the proposed 3 Billion dollar amount for SnapChat was a little ludicrous, who could have known that would have been just a drop in the ocean.
Upon starting, I decided to compare two mobile messaging applications that shared a relatively unique capability, self-destructing messaging. However the applications execute this in two very different ways. Looking at SnapChat with it’s millions of users and supposedly secure ephemeral messaging seemed like a good start. I also wanted something a little more secure, we have all heard and seen “snaps” leaked and displayed online so I had inkling that there might have been some serious holes within the application.
Continue reading “The Three Billion Dollar App – Some Notes on My Upcoming Troopers Talk”
Continue readingA Short Teaser on My New IPv6 Testing Framework
This is a guest post from Antonios Atlasis
==============================
Hi,
my name is Antonios and I am an independent IT Security Researcher from Greece. One of my latest “hobbies” is IPv6 and its potential insecurities so, please let me talk to you about my latest experience on this.
This week, I had the opportunity to work together with the ERNW guys at their premises. They had built an IPv6 lab that included several commercial IPv6 security devices (firewalls, IDS/IPS and some high-end switches) and they kindly offered their lab to me to play with (thank you guys đ – I always liked …expensive toys). The goal of this co-operation was two-fold: First, to test my new (not yet released) IPv6 pen-testing tool and secondly, to try to find out any IPv6-related security or operational issues on these devices (after all, they all claim that they are “IPv6-Ready”, right?).
Continue reading “A Short Teaser on My New IPv6 Testing Framework”
Continue readingFresh Meat From the Coding Front
Within the last months I had some time to work on my code and today I’m releasing some of that: a new version of dizzy as well as two new loki modules.
Continue reading “Fresh Meat From the Coding Front”
Continue readingAnalyzing a CVE-2013-3346/CVE-2013-5065 Exploit with peepdf
This is a guest post from Jose Miguel Esparza (@EternalTodo)
There are already some good blog posts talking about this exploit, but I think this is a really good example to show how peepdf works and what you can learn if you attend the workshop âSqueezing Exploit Kits and PDF Exploitsâ at Troopers14. The mentioned exploit was using the Adobe Reader ToolButton Use-After-Free vulnerability to execute code in the victim’s machine and then the Windows privilege escalation 0day to bypass the Adobe sandbox and execute a new payload without restrictions.
Continue reading “Analyzing a CVE-2013-3346/CVE-2013-5065 Exploit with peepdf”
Continue readingPreliminary Agenda for Troopers 2014 Telco Sec Day
Given we’ve received a number of inquiries as for the agenda of this year’s TelcoSecDay here’s a first preliminary agenda. To get an idea of the event’s character you might have a look at the agenda of the 2012 edition or the 2013 edition. Pls note that there might be changes/additions to the following outline as we’re currently discussing potential contributions with two European operators. Here we go, for today:
9:00: Opening Remarks & Introduction
9:15: Ravi Borgaonkor – Evolution of SIM Card Security
10:15: Break
10:45: Adrian Dabrowski
11:45: Collin Mulliner – PatchDroid – Third Party Security Patches for Android
12:30: Lunch
13:45: Philippe Langlois
14:45: Break
15:15: Haya Shulman – The Illusion of Challenge-Response Authentication
16:00: Christian Sielaff & Daniel Hauenstein – Breaking Network Monitoring Tools Used in Telco Space
16:30: Closing Remarks
19:00: Joint dinner (hosted by ERNW) in Heidelberg Altstadt for those interested and/or staying for the main conference
Continue reading “Preliminary Agenda for Troopers 2014 Telco Sec Day”
Continue readingConfiguring IPv6 Snooping and DHCPv6 Guard on Cisco IOS
Hi everyone,
Some of you may already know (the ones who are following Enno on Twitter) that Enno and I had our lab day in preparation for the IPv6 Security Summit at Troopers. We had a brand new and shiny Cat4948E as our lab device to do some testing of the current generation of Ciscoâs IPv6 First Hop Security (FHS) mechanisms. The Catalyst was running the latest image available (15.1(2)SG3).
In this small blog post, we will take a look at the configuration and behavior of IPv6 Snooping and DHCPv6 Guard. So letâs start with IPv6 Snooping:
Continue reading “Configuring IPv6 Snooping and DHCPv6 Guard on Cisco IOS”
Continue readingLTE@ShmooCon, a Summary
Hey guys,
as some of you may have noticed, just recently at ShmooCon we gave our talk âLTE vs. Darwinâ (Slides here). There we presented some results of our research in 4G telco network security. Some of those originate from our research contribution to ASMONIA, but we expanded the scope and also took a look at the air interface. Both the air interface and the backend links & protocols must be secured appropriately; otherwise communication may be eavesdropped or sensitive information may be compromised. In the following we want to provide an overview of LTE main components and potential attack vectors.
Continue reading “LTE@ShmooCon, a Summary”
ShmooCon 2014
Last weekend, from 17 to 19 January, ShmooCon was held in Washington, DC. A number of different topics was covered in great talks and we want to give you a short overview of the conference. In the following our favorite talks are briefly summarized.
Continue reading “ShmooCon 2014”
Continue readingXSS in SAP Netweaver
We just got credits for a flaw we found in SAP Netweaver. The issue is a reflected Cross-Site Scripting (XSS). It can be triggered in the administrative interface for the Internet Communication Manager (ICM) and Web Dispatcher. This means that the targets for this XSS will definitely be users with administrative privileges. This makes it especially juicy for an attacker. Continue reading “XSS in SAP Netweaver”
Continue reading