Bold Statements
I was invited by the Swiss IPv6 Council to give a talk on this topic yesterday. We had good conversations after the talk – thanks for the invitation!
For those interested the slides can be found here. I will happily discuss the intricacies of DHCPv6 and how to deploy it in complex environments at the upcoming IPv6 Business Conference in Zurich and in my “IPv6 in Enterprise Networks” training in Berlin.
Have a great day everybody
Enno
Continue readingA while a go Dominik and I gave an introductory presentation about SSL at the BASTA.NET conference, a developer-oriented event held in Darmstadt twice a year. At that time there were quite some enthusiastic participants but recently we’ve also gotten some inquiries asking for the relevant materials. Although there’s no recording of the session, we’ve decided to put the slides here for those interested who didn’t make it to the talk.
“Who should have a look at the slides?” you ask, well, if you’ve been wanting to get a sense for what the idea behind SSL is, where it is used, how it is usually leveraged and what problems could arise when poorly employed, you will certainly find the slide-deck interesting. Although the session was meant to slowly get participants up to speed in matters SSL, it’s still likely that more informed folks will still find it interesting, even if just as a refresher about key and certificate formats, PKI 101, SSL stripping, secure cookies, and other topics.
Without further, here’s slide deck.
For the hungry, here are some other interesting resources we suggested to attendees willing to go a bit deeper on the topic after the talk.
– OWASP – SSL für Alle
– OWASP – Transport Layer Protection Cheat Sheet
– Mozilla – Server Side TLS
For those attending to the BASTA.NET next autumm, we’re looking forward to meeting you. But for the time being, that’s going to be pretty much it.
Thanks for reading and let us know what you think.
Continue readingWe just wanted to share some impressions from our car hacking lab:
stay tuned,
The ERNW Car Hacking Team
Continue reading
This year’s PacketWars contest at Troopers was a blast! Under the topic of “Connected Car” the teams faced several different challenges, which we will describe (as a debriefing) here.
Continue reading “Troopers PacketWars 2015 – Write Up”
Continue readingIntroduction
This and the following two posts should serve as a step-by-step guide through the whole process of analyzing a radio frequency black box, demodulate and understand the data transfered and finally modulate our own data in order to e.g. perform a brute force attacks.
Continue reading “Analysis of an Alarm System – Part 1/3”
Continue readingThis post is a short wrap-up of our Troopers talk about the research we did on IBM’s General Parallel File System. If you are interested in all the technical details take a look at our slides or the video recording. We will also give an updated version of this talk at the PHDays conference in Moscow next month.
The IBM General Parallel File System is a distributed file system used in large scale enterprise environments, high performance clusters as well as some of the worlds largest super computers. It is considered by many in the industry to be the most feature rich and production hardened distributed file system currently available. GPFS has a long and really interesting history, going back to the Tiger Shark file system created by IBM 1993.
Of course, this makes it an interesting target for security research. When looking at GPFS from an implementation point of view, the Linux version is made up of three different components: User space utilities and helper scripts, the mmfsd network daemon and multiple Linux kernel modules. We (Florian Grunow and me) spent some time analyzing the internals of these components and discovered critical vulnerabilities in all of them.
Continue reading “General Pr0ken Filesystem – Hacking IBM’s GPFS”
Continue readingOver the past few weeks, multiple news sites have covered some mystical approach to bruteforce PINs on Apple iOS devices. All articles cover a black box called IP Box, the fact that PINs can be broken and that sometimes the automatic wipe after 10 failed tries can be circumvented. Sadly, as often, the what is described but not the how……
This is a guest post from Fernando Gont.
On March 16th, 2015, at the Troopers IPv6 Security Summit, we finally released the SI6 Networks’ IPv6 Toolkit v2.0 (Guille). The aforementioned release is now available at the SI6 IPv6 Toolkit homepage. It is the result of over a year of work, and includes improvements in the following areas:
Continue readingThe purpose of this blog post is to elucidate how and why MLD, an IPv6 protocol we’ve been lately talking quite a bit about, is an unnecessarily complex beast . This article should also serve to summarize a couple of points we’ve mentioned during our talks about MLD but which because of time constraints never make it into the main discussion. We’ve talked about other aspects of MLD in previous posts. So, have a look at those if this is a topic which you find interesting. Without further ado, let’s start for today.
Continue reading “MLD, a tale on Complexity in IPv6”
Continue reading