Bold Statements
Additionally to Wifi, Troopers is also offering a GSM network.
If you want to use it, simply ask your phone to scan for available mobile networks. There you should see the usual T-Mobile D, Vodafone.de, E-Plus, O2-de operators, but also the unusual D 23 or 262 23. Just select this one, and your are done. You also can use the Troopers SIMs which you get on the welcome desk on the ground floor.
Continue reading “GSM@Troopers”
Continue readingAdmitted, we’re a bit late this time, but here we go with the agenda of this year’s TelcoSecDay.
Given the high number of quality contributions overall there’s more talks than in the previous years and we’ll hence start more early (and finish later đ ), so please plan accordingly.
This is the agenda, details for the invididual talks can be found in the respective links:
8:30-9:00 Opening & Intro
9:00-9:45 Luca Bruno: Through the Looking-Glass, and What Eve Found There
9:45-10:30 Dieter Spaar: How to Assess M2M Communication from an Attackerâs Perspective
Break
11:00-11:45 Tobias Engel: Securing the SS7 Interconnect
11:45-12:30 Ravishankar Borgaonkar: TelcoSecurity Mirage: 1G to 5G
12:30-13:00 Hendrik Schmidt: Security Aspects of VoLTE
Lunch
14:00-14:45 Rob Kuiters: On her majesty’s secret service – GRX and a Spy Agency
14:45-15:30 “Watching the Watchers”
Break
16:00-16:45 Markus Vervier: Borrowing Mobile Network Identities â Just Because We Can
16:45-17:15 Shahar Tal: I hunt TR-069 admins – CWMP Insecurity
Refreshment
17:30-18:00 SĂ©bastien Roche (Orange): tba
19:30 Dinner (it will be hosted by us, location & details will be provided during workshop and from @WEareTROOPERS).
See you all there, have a safe trip everybody
Enno
Continue reading
Hello Everyone,
Troopers is right around the corner and as I am responsible for the whole conference network I wanted to make sure that everything is working as expected. I went to the venue on Friday because of two things I wanted/needed to setup. Compared to last yearâs setup we had a couple of changes in regards to the provider connection (resulting in some changes for our network setup). First, we now have a rather big pipe for the uplink and more importantly (well that depends on the point of view ;)) there is a native IPv6 connection. Before that I had to tunnel all IPv6 traffic from the venue to one of our gateways and to forward it out (as native IPv6) from there. As this step isnât necessary anymore, and the staff on the venue isnât that experienced with IPv6, I had in mind to setup and verify that IPv6 is working as desired. The router used over there is a Mikrotek Routerboard. As I havenât worked with these devices before, I was curious whether everything works as it should ;).
After configuring the IPv6 address on the WAN interface I tried to install a default route pointing to the uplink’s Global Unicast Address. But to my surprise, the Mikrotek router kept stating that the next hop was unreachable. This was odd, as the providerâs device was happily answering to pings from the Mikrotek’s command line. Additionally, the Mikrotek router does not install a route when it canât reach the next hop configured (which is actually not that bad as it at least prevents fat fingering the address). It still didnât make any sense. After googling around (I found the Mikrotek documentation a little bit lackluster) and trying some other things it still didnât work. As a last resort, I told myself “screw it and letâs try with the link local address of the provider router”, but how do I get this address as I only was provided with the GUA? Right, looking at the Neighbor Cache of the Mikrotek router I was able to quickly find the link local address of the next hop.
After using this address (together with the interface) as the next hop it started working, by magic. At least I can now sleep better as it is one less thing I have to worry about ;).
Moral of the story: Still in 2015 donât expect a device to behave like it should when it comes to IPv6. Unfortunately, I wasnât able to follow this strange behavior up due to time constraints, but it is working and you can enjoy for the first time native IPv6 in the conference network.
If you want to know more about the general conference setup please stop by for my talk at the IPv6 Security Summit.
See you all in a week!
Best,
Christopher
Continue readingThis is a guest post from Antonios Atlasis.
Last year, during the IPv6 Security Summit of Troopers 14 I had the pleasure to present publicly, for first time, my IPv6 Penetration Testing / Security Assessment framework called Chiron, while later, it was also presented at Brucon 14 as part of the 5×5 project. This year, I am returning back to the place where it all started, to the beautiful city of Heidelberg to give another workshop about Chiron at the IPv6 Security Summit of Troopers 15. But, is it just another workshop with the known Chiron features or has something changed?
I would say a lot :). The most significant enhancements are described below.
Continue reading “A Chiron Workshop at the IPv6 Security Summit of Troopers 15”
Continue readingThis is a guest post from Vladimir Wolstencroft, to provide some details of his upcoming #TR15 talk.
What do you get when you combine a security appliance vendor, a bug bounty program, readily available virtualised machines, a lack of understanding of best security practices and broken crypto?
Ownage, a good story and maybe even that bountyâŠ
Continue reading “Bug Hunting for the Man on the Street”
Continue readingWe have pretty much finalized the agenda for the Troopers TelcoSecDay and here’s another cool talk (the others can be found here, here and here):
Continue reading “Another Talk Added to Troopers15 TelcoSecDay”
Continue readingHi,
in addition to those recently announced and these, weâve identified three more suitable talks for the TelcoSecDay 
.
Continue reading “Troopers TelcoSecDay â Next Talks (II)”
Continue readingHi,
in addition to those recently announced we’ve identified two more suitable talks for the TelcoSecDay đ
Continue reading “Troopers TelcoSecDay â Next Talks”
At Troopers15 there will be another TelcoSecDay, like in the years before (2014, 2013, 2012). Here’s the first three talks (of overall 5-6):
Luca Bruno:Â Through the Looking-Glass, and What Eve Found There
Synopsis:Â Traditionally, network operators have provided some kind of public read-only access to their current view of the BGP routing table, by the means of a “looking glassâ.
In this talk we inspect looking glass instances from a security point of view, showing many shortcomings and flaws which could let a malicious entity take control of critical devices connected to them. In particular, we will highlight how easy it is for a low-skilled attacker to gain access to core routers within multiple ISP infrastructures.
Markus Vervier: Borrowing Mobile Network Identities â  Just Because We Can
Synopsis: This talk features an attack that enables active cloning of mobile identities.
It is shown how to patch a baseband firmware for Android devices to implement a virtual SIM card. Additionally different methods enabling access to the SIM card on unmodified Android devices are presented. Running a mobile network authentication algorithm on a SIM card in a first device and forwarding the result to a patched baseband on a second device allows the second device to retrieve valid authentication tokens. The second device can use these tokens to authenticate to the mobile network without having permanent access to the SIM card.
This results in taking over mobile network identities of others as well as in possibilities to evade surveillance by rapidly changing network identities.
Bio: Markus Vervier is a security researcher from Germany. Having more than 10 years of experience in penetration testing, source code auditing and network security, he was involved in finding vulnerabilities in banking systems as well as operating system features such as BSD Securelevels.
Tobias Engel:Â Securing the SS7 Interconnect
Synopsis: Recent disclosures made public a reality long known to telco network operators: Once an attacker gains access to SS7, there are almost no barriers against spying on subscribers and committing billing fraud. sternraute is currently developing an SS7/MAP application level firewall to be deployed by operators. This talk will look at the different approaches our firewall employs to detect and filter illegitimate traffic and what operators can do beyond that to protect their customers and networks.
Bio: Tobias Engel, born in 1974, is founder and managing partner of Berlin-based sternraute GmbH, which develops security products for mobile networks. As an active member of Germany’s Chaos Computer Club,he repeatedly called attention to security vulnerabilities in ICTsystems. For many years, Engel has been a consultant and software developer for various companies in the IT and telecommunications sector.
===
We’ll finalize the agenda in the upcoming days and publish details as for the other talks then, too. Stay tuned…
Have a good one
Enno
Continue reading
We’ve finalized the agenda for this year’s IPv6 Security Summit. Here’s an overview of the event:
Continue reading “Troopers15 IPv6 Security Summit”
Continue reading