Insinuator


Some outright rants from a bunch of infosec practitioners.

Apr/15

21

Troopers PacketWars 2015 – Write Up

Hello Hackers!

 

 

This year’s PacketWars contest at Troopers was a blast! Under the topic of “Connected Car” the teams faced several different challenges, which we will describe (as a debriefing) here.

(more…)

, , , , , , , | Post your comment here.

Introduction
This and the following two posts should serve as a step-by-step guide through the whole process of analyzing a radio frequency black box, demodulate and understand the data transfered and finally modulate our own data in order to e.g. perform a brute force attacks.

(more…)

No tags | Post your comment here.

This post is a short wrap-up of our Troopers talk about the research we did on IBM’s General Parallel File System. If you are interested in all the technical details take a look at our slides or the video recording. We will also give an updated version of this talk at the PHDays conference in Moscow next month.

The IBM General Parallel File System is a distributed file system used in large scale enterprise environments, high performance clusters as well as some of the worlds largest super computers. It is considered by many in the industry to be the most feature rich and production hardened distributed file system currently available. GPFS has a long and really interesting history, going back to the Tiger Shark file system created by IBM 1993.

Of course, this makes it an interesting target for security research. When looking at GPFS from an implementation point of view, the Linux version is made up of three different components: User space utilities and helper scripts, the mmfsd network daemon and multiple Linux kernel modules. We (Florian Grunow and me) spent some time analyzing the internals of these components and discovered critical vulnerabilities in all of them.

(more…)

, , | Post your comment here.

Apr/15

7

Apple iOS PIN Bruteforce

Over the past few weeks, multiple news sites have covered some mystical approach to bruteforce PINs on Apple iOS devices. All articles cover a black box called IP Box, the fact that PINs can be broken and that sometimes the automatic wipe after 10 failed tries can be circumvented. Sadly, as often, the what is described but not the how……

(more…)

, , , , , | Post your comment here.

This is a guest post from Fernando Gont.

On March 16th, 2015, at the Troopers IPv6 Security Summit, we finally released the SI6 Networks’ IPv6 Toolkit v2.0 (Guille). The aforementioned release is now available at the SI6 IPv6 Toolkit homepage. It is the result of over a year of work, and includes improvements in the following areas:

(more…)

, , | Post your comment here.

Apr/15

4

MLD, a tale on Complexity in IPv6

The purpose of this blog post is to elucidate how and why MLD, an IPv6 protocol we’ve been lately talking quite a bit about, is an unnecessarily complex beast  . This article should also serve to summarize a couple of points we’ve mentioned during our talks about MLD but which because of time constraints never make it into the main discussion. We’ve talked about other aspects of MLD in previous posts. So, have a look at those if this is a topic which you find interesting. Without further ado, let’s start for today.

(more…)

, | Post your comment here.

Mar/15

31

Troopers 15 Badge

As TROOPERS15 has come to an end, I’ve finally got the time and energy to give you a deeper insight into the TR15 badge. As most of you have probably heard during the conference, this year’s badge was based on the OpenPCD2. The OpenPCD 2 is a 13.56MHz NFC Reader, Writer and Emulator under the GNU GPL v2. As NFC is, yet again, on an uprise, a badge with NFC simply gives you the chance to fiddle around and hack stacks of stuff in the real world. Adding some TROOPERS spirit and a few little secrets we hope we’ve designed a pretty nice badge!
(more…)

No tags | Post your comment here.

Mar/15

31

Syscan 2015

Last week Matthias and I went to Singapore to teach our workshop on Hypervisor Exploitation at SyScan. After a very unpleasant Lufthansa strike (which made us arrive late in Singapore) and two intense workshop days, we were free to attend the “last” SyScan. There are few IT security conferences that have such a great reputation in the community and so we had high expectations, which were definitely not disappointed. This year had a lot of really interesting talks so I will just summarize some of the ones I liked the most.

(more…)

No tags | Post your comment here.

Mar/15

28

Troopers15 Videos Online

We’ve just published the videos from TROOPERS15. The playlist can be found here.
Thanks! again to everybody for joining us in Heidelberg. We had a great time with you ;-)

Have a good weekend,

Enno

 

, , | Post your comment here.

During one of our latest web application code review projects I came across a vulnerability for which I think it is worth to speak about. It is an injection based attack against XML parsers which uses a rarely required feature called external entity expansion. The XML specification allows XML documents to define entities which reference resources external to the document and parsers typically support this feature by default. If an application parses XML input from untrusted sources and the parsing routine is not properly configured this can be exploited by an attacker with a so called XML external entity (XXE) injection. A successful XXE injection attack could allow an attacker to access the file system, cause a DoS attack or inject script code (e.g. Javascript to perform an XSS attack).
(more…)

, , , , , | Post your comment here.

Older posts >>

Contact


Mail | Twitter | Imprint

©2010-2013 ERNW GmbH
To top