The talk “QNX: 99 Problems but a Microkernel ain’t one!” was part of the Troopers conference in Heidelberg, 16 March 2016. The talk was done by the researchers Alex Plaskett and Georgi Geshev from the MWR Labs. The MWR Labs is the research department of the cyber security consultancy MWR InfoSecurity located in the UK.
The talk provided an overview of the research on the architecture and security systems of the QNX kernel with focus on the Blackberry 10 operating system. The talk was divided into two parts. First Alex Plaskett gave an introduction regarding the general structure of the QNX operation system and introduced the main subsystems. Second Georgi Geshev presented tools and approaches to abuse vulnerabilities in the QNX system.
Continue reading “QNX: 99 Problems but a Microkernel ain’t one!”
Tag: TROOPERS
unrubby: reversing without reversing
The talk “unrubby: reversing without reversing” was part of the Troopers conference in Heidelberg, 16 March 2016. The talk was done by Richo Healey, who is currently working on the security engineering team at the Irish payment company Stripe. Richo Healey is an experienced conference speaker. Amongst other he has spoken at Kiwicon, DEF CON and 44con.
In his talk Richo Healey spoke about reverse engineering of Ruby software. First he talked about existing tools and techniques to regenerate source code from Ruby bytecode. Then he presented a new concept, which is implemented in his tool “unrubby”.
Continue reading “unrubby: reversing without reversing”
Continue readingImma Chargin Mah Lazer-How to protect against (D)DoS attacks
Denial of Service (DoS) attacks aim to make services and systems unavailable to legitimate users . If these attacks are performed by multiple sources at the same time and for the same target, they are called Distributed Denial of Service (DDoS) attacks. This talk “Imma Chargin Mah Lazer” describes different types of (D)DoS attacks that are out in the wild and are seen on a daily basis by different corporations. Furthermore, a multi-layered strategy to mitigate such kinds of attacks has been presented within the talk. The speaker is Dr. Oliver Matula, an IT security researcher at ERNW who holds a PHD degree in physics. He presented the topic in a simple way which eases the delivery of information to audience of different technical levels and backgrounds.
Continue reading “Imma Chargin Mah Lazer-How to protect against (D)DoS attacks”
Continue readingReverse Engineering a Digital Two-Way Radio
In their talk “Reverse Engineering a Digital Two Way Radio” Travis Goodspeed and Christiane Ruetten presented the challenges they faced and overcame while reverse engineering “Tytera MD380”, a handheld transceiver for the Digital Mobile Radio (DMR) protocol.
“Tytera MD380” is based around two chips: STM32F405 CPU with an ARM Cortex M4F core and Readout Device Protection and a HRC5000 baseband processor which implements the actual digital radio. While STM32F405 is fully documented, there is no documentation for HRC5000 publicly available but with the help of the Chinese community they were able to obtain the Chinese documentation.
Continue reading “Reverse Engineering a Digital Two-Way Radio”
Continue readingI Have the Power(View): Offensive Active Directory with PowerShell
In his talk I have the Power(View): Offensive Active Directory with PowerShell Will Schroeder, a researcher and Red teamer in Veris Group´s Adaptive Thread Division, presented offensive Active Directory information gathering technics using his Tool PowerView.
PowerView does not use the built in AD cmdlets to be independent from the Remote Server Administration Tools (RSAT)-AD PowerShell Module which is only compatible with PowerShell 3.0+ and by default only installed on servers that have Active Directory services roles. PowerView, however, is compatible with PowerShell 2.0 and has no outer dependencies. Furthermore, it does not require any installation process.
Continue reading “I Have the Power(View): Offensive Active Directory with PowerShell”
Continue readingMind The Gap – Exploit Free Whitelisting Evasion Tactics
At the Troopers 16 Casey Smith has given a talk about the gap in Application Whitelisting.
Application Whitelisting is a technique that should prevent malware and unauthorized applications from running. Broadly speaking this is implemented by deciding if an application is trusted or not before executing it. Casey’s talk gave an understanding where this whitelisiting fails down.
Continue reading “Mind The Gap – Exploit Free Whitelisting Evasion Tactics”
Continue readingTowards a LangSec-aware SDLC
At the TROOPERS’15 Jacob l. Torrey held a track about LangSec-Aware Software Development Lifecycle. He talked about programming conventions and what tools can be used for enforcing the compliance. There is a lack of metrics to understand what make software more secure or less secure. His main goals was to show that LangSec has far-reaching impacts into software security and to give the audience a framework to transform the theory into practice. A SLDC should help to find bugs sooner in the development process and reduce defect rate in production thereby. A lower defect rate in production does not only improve security it also reduces costs.
Continue reading “Towards a LangSec-aware SDLC”
Continue readingBMC BladeLogic: CVE-2016-1542 and CVE-2016-1543
Hi everyone,
Hope those of you who attended Troopers16 enjoyed it as much as we did! In this post I want to summarize my Troopers16 talk and provide you with some details about freshly assigned CVE-2016-1542 and CVE-2016-1543 related to BMC BladeLogic software.
Continue reading “BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543”
Keynote #1 Troopers 2016
The first Keynote directly after the Opening by Enno Rey was held by Ben Zevenbergen. At the beginning he pointed out that he is not a very technical guy rather he specialized in Information Law and a policy advisor to the European Parliament. Before he started to dive into his Keynote he talked about some rant story’s which happened to him while trying to make his point clear on previous conferences and that he came in peace to Troopers ;).
Continue reading “Keynote #1 Troopers 2016”
Continue readingHow easy to grow robust botnet with low hanging fruits (IoT) – for free
Attila Marosi works as a Senior Threat Research at Sophos Labs in Hungary. His talk focused on vulnerable IoT devices that are exposed to the internet. His approach was to look for vulnerable devices with low cost tools and publicly available data.
He started his talk with the spoiler that he is not going to reveal any new attacks nor new techniques. But newer data are more adequate and we can see the current state of vulnerable devices connected to the internet. This means his approach was to test the state of IoT devices like Routers, NAS and so on with publicly available data. Continue reading “How easy to grow robust botnet with low hanging fruits (IoT) – for free”
Continue reading