Given the CfP for Black Hat US in Vegas ends in a few days – and as apparently some people have already started to think about their TR18 submissions – I’ll quickly provide some loose recommendations on how to write a submission here. There’s quite some reasonable advice out there already (the BH CfP site lists this and this which you should both read as well) but some of you might find it useful to get (yet) another perspective. Continue reading “Some Quick Tips for Submitting a Talk to Black Hat or TROOPERS”Continue reading
The event of the events is getting closer and again, we are very optimistic to have a lot of awesome trainings, talks, evening events, and discussions. But we again will also have some “features” and gimmicks for those of you who would like to play with new, old, or just interesting technologies. As you might remember, since some years one of these features is and again will be our own GSM Network. As we are improving our setup from year to year, this time we’d like to give you the chance to actively participate with ideas and your own services. Continue reading “Troopers17 GSM Network – How about your own SMPP Service?”Continue reading
Like in recent years the popular Hacking 101 workshop will take place on TROOPERS17, too! The workshop will give attendees an insight into the hacking techniques required for penetration testing. These techniques will cover various topics:
- information gathering
- network scanning
- web application hacking
- low-level exploitation
…and more!Continue reading
I am looking forward to our newly introduced dedicated Forensic Computing Training at TR17!
We will start the first day with a detailed background briefing about Forensic Computing as a Forensic Science, Digital Evidence, and the Chain of Custody. The rest of the workshop we will follow the Order of Volatility starting with the analysis of persistent storage using file system internals and carving, as well as RAID reassembly with lots of hands-on case studies using open source tools. As a next step, we will smell the smoking gun in live forensics exercises. Depending on your preferences we will then dig a bit into memory forensics and network forensics. Continue reading “First dedicated Forensic Computing Training at TR17”
The 1-day training from last TROOPERS has become a 2-day training, featuring even more real-world attacks and defenses as well as new hands-on sessions! We’ll teach you, step by step, how to spot and exploit crypto vulnerabilities, how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications), and bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto. Continue reading “TR17 Training: Crypto attacks and defenses”Continue reading
Hello and a Happy new Year!
There are only two and a half months left, so I’d like to publish the next two talks for TelcoSecDay 2017, taking place at 21st of March in Heidelberg. Both talks are about the security of an upcoming technology which importance will raise in near future: 5G Networks.
Continue reading “TelcoSecDay 2017 – 2nd Round of Talks”
This is a guest blog written by Hanno Böck who will be running the Fuzzing with American Fuzzy Lop, Address Sanitizer and LibFuzzer at TROOPERS17.
Fuzzing is a very old technique to find bugs and vulnerabilities in software. However it has seen a new push in recent years due to vastly improved tools. The compilers gcc and clang have received Sanitizer tools that allow finding a lot of bugs like use after free errors and out of bounds reads that are otherwise very hard to find.Continue reading
Recently I had the pleasure to join the PowerOfCommunity conference in Seoul. Florian and Felix attended the conference in the past and enjoyed it a lot, so I took the opportunity to join this year. From what I had heard the conference is highly technical, offensive security and community focused (surprise 😉 ). Boy did they deliver!
Located in a hotel next to a nice park and close to the famous Gangnam district in Seoul we came together to feel the power of community. The conference was planned for two days and offered two tracks per day. Several key talks were presented for everyone. Continue reading “PoC Con Seoul 2016”
It is the end of the year and we are hoping it is not too hectic of a time for you all! But if it is, hopefully the announcement of our next round of TROOPERS17 talks is enough to get you in the TROOPERS (if not the holiday) spirit 🙂
Francis Alexander & Bharadwaj Machiraju: How we hacked Distributed Configuration Management Systems
With increase in necessity of distributed applications, coordination and configuration management tools for these classes of applications have popped up. These systems might pop-up occasionally during penetration tests. The major focus of this research was to find ways to abuse these systems as well as use them for getting deeper access to other systems. Continue reading “2nd Rounds of TROOPERS17 Talks!”Continue reading