Building

3D-Printers in the Cloud

Dear readers,

with the rise of low-cost 3D-printers in the homes of thousands [1] of enthusiastic tinkerers the word spreads about these magical machines which can produce any mechanical, artsy, useful or useless parts you might come up with. Standing in living rooms worldwide, they don’t seem like a big threat [2] to anybody. But what happens if you connect them to the Internet?

3D-Printers at the TROOPERS12 & TROOPERS13 IT-Security Conference.
3D-printers at the TROOPERS12 & TROOPERS13 IT-Security Conference.

What’s it about? 3D-Printing in a Nutshell.

Continue reading “3D-Printers in the Cloud”

Continue reading
Breaking

Medical Device Security

One of our guiding principles at ERNW is “Make the World a Safer Place”. There could not be a topic that matches this principle more than the security or insecurity of medical devices. This is why we started a research project that is looking at how vulnerable those devices are that might be deployed in hospitals around the world. Recently the U.S. Food and Drug Administration (FDA) has put out a recommendation concerning the security of medical devices. It recommends that “manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks”. We thought that we should take a look at how manufacturers deal with security for these devices. Continue reading “Medical Device Security”

Continue reading
Events

t2’13 Infosec Conference

Hey everybody,

I am little bit late to the party, but I had the pleasure to present a talk about VoIP based toll fraud incidents (more on this in a following blogpost, for the moment my slides can be found here) at the annual t2 security conference in Helsinki. The conference took place from 24th to 25th October in the Radisson Blu Royal hotel. I must say that it was a blast. Tomi (the host) took really good care of all speakers, and I really liked the spirit of the conference, very similar to Troopers. It is not an commercial event, seats are limited to 100 and it is all about delivering a great set of talks to the audience and having a good time during and after the conference. Sure the conference has some sponsors and tickets are sold, but Tomi doesn’t do it to earn money. His only intention is to cover the cost for setting up this great event.

Continue reading “t2’13 Infosec Conference”

Continue reading
Events

Troopers 2014 – First Round of Talks Selected

We’re delighted to provide the first announcement of talks of next year’s Troopers edition. Looks like it’s going to be a great event again 😉
Here we go:

==================

Toby Kohlenberg: Granular Trust – Making it Work

Over the last 5 years the concept of using dynamic or granular trust models to control access to systems, networks and applications has become well known and is now seeing partial adoption in many places. The challenge is how granular and dynamic can you get and the question is whether it is worth it. As the architect of Intel’s trust model Toby can speak to the entire journey from initial idea through current implementation and the likely road ahead. This talk will include the good, bad and ugly parts of designing a trust model and then implementing it in a Fortune 50 company’s production environment. You will learn from his mistakes so you can make different ones.

Bio: Toby is a senior information security technologist with Intel corporation. He focuses on securing new and emerging technologies and threats. He has been doing this for a long time.
===
Florian Grunow: How to Own your Heart – Hacking Medical Devices

In the last few years we have seen an increase of high tech medical devices, including all flavors of communication capabilities. The need of hospitals and patients to transfer data from devices to a central health information system makes the use of a wide range of communication protocols absolutely essential. This results in an increasing complexity of these devices which also increases the attack surface of the equipment. Vendors of medical devices put a lot of effort into safety. This is especially true for devices with feedback to the patient, e.g. medical pumps, diagnostic systems and anesthesia machines.
However, it is often forgotten that the security of these devices is a crucial part in also providing safety. An attacker who is able to gain unauthorized access to these devices may be able to endanger the health of patients.
We decided to take a look at a few devices that are deployed in many major hospitals and probably in hospitals around the world. We focus on the security of these devices and the impact on the patient’s safety. The results will be presented in this talk.

Bio: Florian Grunow holds a Bachelor’s degree in Medical Computer Sciences and a Master’s degree in Software Engineering. He used to work in hospitals and got an inside view on how the daily work of healthcare professionals dealing with IT looks like. He now works as a Security Analyst at ERNW in Heidelberg, Germany, with a focus on application security.

===
Alexander Polyakov & Dimitry Chastuhin: Injecting Evil Code in your SAP J2EE systems – Security of SAP Software Deployment Server

Why break critical systems themselves when we can attack Deployment Server: the core from which all J2EE code spreads into other systems? The core is called SAP Software Deployment Server and consists of many subsystems like SDM, DTR, CMS. They have their own SVN-like subsystem and Build service.
“By offering a single point of entry for all Java development tools and an integration point for all SAP infrastructure components, the SAP NWDS supports you in developing Web Dynpro and J2EE applications. Application developers do not need to switch between different development environments and can develop, build, deploy, and execute applications centrally from the Developer Studio.”
Isn’t it a perfect victim for an attack? Who cares about the security of Deployment Server? That’s why it is full of issues and it is possible to deploy your own code anonymously without having any access to NWDS using architecture flaws. In the end, your evil code will spread to any system you want, giving you the ability to control every business system.
Come and see how we did it in practice and how to prevent the described attacks.
Alexander Polyakov – CTO at ERPScan
Father of ERPScan Security Monitoring Suite for SAP. His expertise covers the security of critical enterprise software like ERP, CRM, SRM, banking and processing software. Manager of EAS-SEC. Well-known expert on the security of enterprise applications, such as SAP and Oracle. Published a significant number of vulnerabilities, frequently receives acknowledgements from SAP. Author of multiple whitepapers and surveys devoted to SAP security research, for example, the award-winning “SAP Security in Figures”. Invited to speak and train at BlackHat, RSA, HITB, and 35 more international conferences around the globe as well as internal workshops for SAP AG and Fortune 500 companies.
Twitter: @sh2kerr

Dimitry Chastuhin — Head of Penetration Testing Department at ERPScan
Dimitry Chastuhin works upon SAP security, particularly upon Web applications and JAVA systems. He has official acknowledgements from SAP for the vulnerabilities found. Dmitriy is also a WEB 2.0 and social network security geek who found several critical bugs in Google, Adobe, Vkontakte, Yandex.ru. He was a speaker at BlackHat, HITB, ZeroNights, Brucon.
===
Ivan Pepelnjak: Security and SDN – A perfect fit or oil-and-water?

Software-defined networks have quickly become one of the most overhyped networking concepts, with vendors promising earth-shattering results … and handwaving over scalability, reliability and security issues.
The presentation will briefly introduce the concepts of SDN and OpenFlow (the tool used to build controller-based networks that require low-level network device control), the security aspects of programmable- and controller-based networks and the potential SDN- and OpenFlow-based security use cases, from scale-out IDS clusters to first-hop network security and user authentication/authorization solutions.

BioIvan Pepelnjak, CCIE#1354 Emeritus, is the chief technology advisor at NIL Data Communications. He has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He’s author of several Cisco Press books , prolific blogger and writer, occasional consultant, and author of a series of highly successful webinars.

 

===
Sebastian Schrittwieser & Peter Frühwirt: Security Through Obscurity, Powered by HTTPS

Applications on modern smartphone operating systems are protected against analysis and modification through a wide range of security measures such as code signing, encryption, and sandboxing. However, for network-enabled applications effective attack vectors can be found in their communication protocols. Most applications developers hide the implementation details of their protocols inside an HTTPS connection. While HTTPS is able to protect data leakage during transmission, it is an inadequate protection against protocol analysis. The concept of SSL interception applied to smartphone applications allows analysis and modification of transport protocols with endless possibilities: getting paid extras for free, cheating in games, finding design flaws in protocols, etc. In this talk, we demonstrate, based on several live demos, how application developers sometimes try to protect insecure protocols by wrapping them inside an HTTPS connection and show that known countermeasures are rarely used in practice.

Bios:
Sebastian Schrittwieser is a lecturer and researcher at the University of Applied Sciences St. Pölten, Austria and PhD candidate at the Vienna University of Technology. His research interests include, among others, digital forensics, software protection, code obfuscation, and mobile security. Sebastian received a Dipl.-Ing. (equivalent to MSc) degree in Business Informatics with focus on IT security from the Vienna University of Technology in 2010.

Peter Frühwirt is a researcher at SBA Research, the Austrian non-profit research institute for IT-Security and lecturer at the Vienna University of Technology. Peter received a Dipl. Ing. (equivalent to MSc) degree in Software Engineering and Internet Computing in 2013. His research interests include mobile security and database forensics.
==================

 

More talks to follow soon, so stay tuned 😉

See you @Troopers & have a great weekend everybody

Enno

Continue reading
Building

IPv6 Scanner

This is a guest post from Antonios Atlasis.

===

Having just finished the second “Advanced Attack Techniques against IPv6 Networks” workshop (some of the course material can be found here), organised and hosted by ERNW and their partner HM Training Solutions, I would like to take this opportunity to release publicly one of my scripting tools, an IPv6 scanner. This tool is based on Scapy (so you have to install Scapy and its prerequisites before using it). It should not be considered as a replacement or a competitor of nmap against IPv6 or of the scanners incorporated into the great IPv6 toolkits already released by Marc Heuse and Fernando Gont, but, instead, as a tool released mainly for educational purposes. Specifically, this scanner, apart from supporting some of the most well known port scanning techniques, from ping scanning to SYN, RESET, ACK, XMAS, etc., etc., TCP or UDP scanning, it also combines, by using the suitable switches, some IDS/IPS evasion techniques. As I have found out up to now, at least two of them, if used “properly”, can be effective against a very popular IDS/IPS software used by many “Fortune 100” companies out there. This means that you can launch actually any type of the supported network-scanning techniques while flying under the radar of this specific IDS software (and perhaps some other too, who knows…). But first of all, as always please check the corresponding README file.

Continue reading “IPv6 Scanner”

Continue reading