Events

First dedicated Forensic Computing Training at TR17

I am looking forward to our newly introduced dedicated Forensic Computing Training at TR17!
We will start the first day with a detailed background briefing about Forensic Computing as a Forensic Science, Digital Evidence, and the Chain of Custody. The rest of the workshop we will follow the Order of Volatility starting with the analysis of persistent storage using file system internals and carving, as well as RAID reassembly with lots of hands-on case studies using open source tools. As a next step, we will smell the smoking gun in live forensics exercises. Depending on your preferences we will then dig a bit into memory forensics and network forensics.

The goal of our training is to provide the basic knowledge that is required whenever an incident has to be analyzed in a forensically sound manner and covers the techniques needed to cope with the majority of incidents.

You should bring your Laptop with administrative privileges and VirtualBox installed.
No deep knowledge in digital forensics is necessary, but as we are dealing with open source Linux command line tools to allow everybody to directly make use of the techniques we show, you should definitely be familiar with Linux and the shell 😉

Best,
Andreas

Continue reading
Events

TR17 Training: Crypto attacks and defenses

This is a guest blog written by Jean-Philippe AumassonPhilipp Jovanovic about their upcoming TROOPERS17 training: Crypto attacks and defenses. 

The 1-day training from last TROOPERS has become a 2-day training, featuring even more real-world attacks and defenses as well as new hands-on sessions! We’ll teach you, step by step, how to spot and exploit crypto vulnerabilities, how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications), and bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto. Continue reading “TR17 Training: Crypto attacks and defenses”

Continue reading
Events

TR17 Training: Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer

This is a guest blog written by Hanno Böck who will be running the Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer at TROOPERS17.

Fuzzing is a very old technique to find bugs and vulnerabilities in software. However it has seen a new push in recent years due to vastly improved tools. The compilers gcc and clang have received Sanitizer tools that allow finding a lot of bugs like use after free errors and out of bounds reads that are otherwise very hard to find.

Continue reading “TR17 Training: Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer”

Continue reading
Events

PoC Con Seoul 2016

Recently I had the pleasure to join the PowerOfCommunity conference in Seoul. Florian and Felix attended the conference in the past and enjoyed it a lot, so I took the opportunity to join this year. From what I had heard the conference is highly technical, offensive security and community focused (surprise 😉 ). Boy did they deliver!
Located in a hotel next to a nice park and close to the famous Gangnam district in Seoul we came together to feel the power of community. The conference was planned for two days and offered two tracks per day. Several key talks were presented for everyone. Continue reading “PoC Con Seoul 2016”

Continue reading
Events

2nd Rounds of TROOPERS17 Talks!

It is the end of the year and we are hoping it is not too hectic of a time for you all! But if it is, hopefully the announcement of our next round of TROOPERS17 talks is enough to get you in the TROOPERS (if not the holiday) spirit 🙂


Francis Alexander & Bharadwaj Machiraju: How we hacked Distributed Configuration Management Systems

With increase in necessity of distributed applications, coordination and configuration management tools for these classes of applications have popped up. These systems might pop-up occasionally during penetration tests. The major focus of this research was to find ways to abuse these systems as well as use them for getting deeper access to other systems. Continue reading “2nd Rounds of TROOPERS17 Talks!”

Continue reading
Events

TelcoSecDay 2017 – First Talks Published

Even if the CFP for TelcoSecDay 2017 is officially closed, I am still getting mails in. First of all: thank you for all your great feedback! As the TelcoSecDay is a complimentary and non-public event with highly specialized topics, it only works by sharing knowledge with each other. But please keep in mind that the speaker-slots are limited and I have to make a decision at some point of time.
Anyhow, I am looking forward for a great event and I am proud to publish the first accepted talks:
Continue reading “TelcoSecDay 2017 – First Talks Published”

Continue reading
Events

Announcing the first 5 talks of TROOPERS17!!!!

TROOPERS16 was packed with epic talks from around the world, an unknown evil twin brother appearing, hands-on trainings, and a legendary year for our TROOPERS Charity efforts! If you were there you might be wondering to yourself how could they possibly top it? Well, I am going to let you in on a little secret: Next year is the 10th edition of TROOPERS. One DECADE of TROOPERS, and we are pulling out all the stops! Starting with the announcement of the first 5 talks!

Continue reading “Announcing the first 5 talks of TROOPERS17!!!!”

Continue reading
Events

TelcoSecDay 2017 – CFP Opens

For the 6th year in a row, the next TelcoSecDay will take place in 2017 on March 21th. Again, it will be held one day before Troopers IT-Security Conference as an invitation-only event. For those of you who don’t know the TSD, it is organized by ERNW and is aimed at bringing researchers and people from the telecommunication industry together to discuss about current security weaknesses, challenges and strategies. To do so, various topics will be presented during the talks and there will surely be enough time to follow-up in extensive discussions.
To give you an idea, here’s the TSD 2016 agenda, and here’s the one of 2015.
Continue reading “TelcoSecDay 2017 – CFP Opens”

Continue reading