Events

TROOPERS20 Training Teaser: TLS in the Enterprise – Post Quantum Security

Our workshop “TLS in the enterprise” was held for the first time at Troopers 2018 and was our special contribution to the IT Security world to increase the usage of TLS and point out the pitfalls, when switching to TLS.

But time is changing and TLS is a kind of standard nowadays, at least when looking at HTTPS, but there are still a lot of things to do regarding other protocols like

  • Jabber
  • LDAP
  • Telnet
  • SMTP, POP3 and IMAP
  • SIP and RTP
  • MySQL
  • Postgres
  • SSL based VPNs

just to name a few ;-). We will cover that in our training too, but the most important new stuff will be Post Quantum Security and how it will affect the future of encryption. We will talk about crypto algorithms and which of them can still be used in the future, we will talk about timelines and preparation (including the actual state of technology) like develop your master plan and we will try to clear up the myths regarding quantum computers to get your enterprise ready for the post quantum era :-).

Become aware that quantum computers will likely break most traditional public key crypto and every secret it protects. Examples for affected crypto: RSA, DH, ECC, ElGamal, PKI, digital certificates, digital signatures, VPNs, WiFi protection, smartcards, HSMs, crypto currencies, two factor authentication which relies on digital certificates (e.g. FIDO keys, Google security keys, etc.) and of course TLS.

And the quantum computers are not that far away, as the following timeline proves:

  • 1998: first working quantum computer
  • 2016: Google develops quantum computer
  • 2017: D-Waves announces the commercial availability of the D-Wave 2000Q™ quantum computer
  • 2017: IBM and Microsoft announces quantum computers
  • 2018: several quantum microprocessors available
  • 2019: likely over 100 quantum computers available

hmm, you are afraid now? No ;-)! You are curious? You got the point, it’s time to get prepared. The early bird catches the worm (which btw. is also true for getting your Troopers ticket and workshop seat 😉 ) the NSA said, and it moved to post-quantum in January 2016.

So to satisfy your curiosity, see you at our workshop “TLS in the enterprise” at Troopers 2020.

Cheers

Frieder and Michael

Continue reading
Events

TROOPERS20 Training Teaser: Swim with the whales – Docker, DevOps & Security in Enterprise Environments

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training!

We are going to start with the basics of Docker, Containers and DevOps, but soon you’ll end up with your own applications running inside containers with the images residing in your own registry. Of course, following the microservices approach, and the second day hasn’t even started.After the fundamental topics of containerization are understood, you’re going to create and operate your own Kubernetes cluster. A lot of fun and challenging exercises lie ahead, to give you hands-on experience with all the technologies.

We at ERNW have not only security written on our banner, it is a mindset we share. Therefore, be prepared to get knee deep into security in regards of the discussed technologies. We will tackle the security aspects from the bottom-up, what Containerization tools can offer and how all these can be enforced and enhanced with Kubernetes to secure your clusters. From there on you are ready for the final challenge. You will jump into the role of an attacker who did compromise a Container in the cluster and escalate your privileges to Cluster Admin.

Attendees who absolved the training will have a solid understanding of container technology, especially with Docker and Kubernetes and of course the security challenges those technologies bring to the table.

So, if you’re up to a challenging training and want to get not only your feet wet with Docker and Kubernetes, you can reserve your spot for the training right here.

 

Thanks and kind regards,
Jan and Simon

Continue reading
Events

TROOPERS20 Training Teaser: Insight Into Windows Internals

Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables:

  • in-depth studies of undocumented, or poorly documented, system functionalities;
  • development of performant and compatible software to monitor or extend the activities of the operating system itself; and
  • analysis of security-related issues, such as persistent malware.

Continue reading “TROOPERS20 Training Teaser: Insight Into Windows Internals”

Continue reading
Events

TROOPERS20 Training Teaser: Hacking 101

Hi there,
like in recent years the popular Hacking 101 workshop will take place on TROOPERS20, too! The workshop will give you an insight into the hacking techniques required for penetration testing. These techniques will cover various topics:

  • Information gathering
  • Network scanning
  • Web application hacking
  • Low-level exploitation

…and more!

Continue reading “TROOPERS20 Training Teaser: Hacking 101”

Continue reading
Events

TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation

We are happy to announce that TROOPERS20 will feature the 5th anniversary of the popular Windows & Linux Binary Exploitation workshop!

In this workshop, attendees will learn how to exploit those nasty stack-based buffer overflow vulnerabilities by applying the theoretical methods taught in this course to hands-on exercises. Exercises will be performed for real world (32-bit) software such as the Foxit Reader Plugin for Firefox, Wireshark, and nginx.

Continue reading “TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation”

Continue reading
Events

TelcoSecDay 2020 CFP is open

We are back again with another TelcoSecDay 2020 (TSD20) which is going to happen on March 16th, 2020 as an additional event to TROOPERS. This year, it is going to be on Monday of the TROOPERS week. We are delighted to inform that the event is happening for the 9th year in a row. The CFP is open now. If you have an interesting topic related to the field of Telco Security, please make a submission. The deadline is November 17, 2019. The final notification for TSD submission is December 20, 2019.

Continue reading “TelcoSecDay 2020 CFP is open”

Continue reading
Building

Troopers 19 – Badge Hardware

This post by Jeff (@jeffmakes) was delayed due to interferences with other projects but nevertheless, enjoy!

This year, it was my great honour to design the hardware for the Troopers19 badge.

We wanted to make a wifi-connected MicroPython-powered badge; something that would be fun to take home and hack on. It was a nice opportunity to use a microcontroller platform that I hadn’t tried before. I also used the project as a chance to finally migrate my PCB workflow from Eagle to Kicad. Inevitably it was a painful transition, which resulted in quite some delay to the project as I floundered around in the new tool, but it does mean the design files are in an open format which I hope will benefit the community of Troopers attendees and future badge designers!

Continue reading “Troopers 19 – Badge Hardware”

Continue reading
Events

#TR19 Next Generation Internet (NGI) Summaries

This blogpost contains summaries of talks from this year’s TROOPERS19 Active Directory Security Track.

Microsoft IT (Secure) Journey to IPv6-Only

Veronika McKillop, Network Architect, Cloud and Connectivity Engineering (CCE)

The speaker, Veronika McKillop, working at Microsofts network infrastructure services, has given a talk about the process of switching a company network from IPv4 to IPv6-only. Continue reading “#TR19 Next Generation Internet (NGI) Summaries”

Continue reading
Events

#TR19 Active Directory Security Summaries

This blogpost contains summaries of talks from this year’s TROOPERS19 Active Directory Security Track.

From Workstation to Domain Admin: Why Secure Administration Isn’t Secure and How to Fix It by Sean Metcalf

Active Directory is probably used in almost every corporation today to administer all kinds of Authorization, Authentication and Privileges. This means they are valuable targets for attackers, because once compromised they could do whatever they want. This would be the worst case scenario, right? Therefore securing AD is important and this year TROOPERS19 featured a whole track solely for AD Security.

Continue reading “#TR19 Active Directory Security Summaries”

Continue reading