Insinuator


Some outright rants from a bunch of infosec practitioners.

TAG | conferences

Jun/15

26

NANOG64

I recently had the pleasure to join the 64th NANOG (North American Network Operators’ Group) meeting in San Francisco, which can be understood as one of the largest Internet engineering conferences at all. It takes place three times a year at different locations in North America.

What I personally like about NANOG is its strong collaborative and cooperative character. It is not about single persons and also not too much about spectacular projects but more about discussing technologies, ideas, challenges and numbers. Every talk has a comparatively large time slot reserved for discussion, which is often more than fully used. Discussion is typically actively focused and is more time-consuming (and even more relevant) than the talk itself. Which often is intended by the community. The climate of discussion is almost always impressively polite and constructive, even for controversially discussed topics.

(more…)

, , | Post your comment here.

Jun/15

9

ERNW @PHDays V in Moscow

Здравствуйте Insinuator Followers,

End of May eight ERNW members were travelling to Moscow (Russia) to visit the PHDays V conference. It was a very nice trip because we met a lot of gentle people, ate some great food and had quite some fun in this exciting and history-charged metropole, and we were able to get around using hands and feet (and Google translate ;-)).

The remainder of this post contains summaries of some of the most interesting talks at PHD V:

(more…)

, , | Post your comment here.

Hi,

I’m back from London where I gave a talk about security evaluation of proprietary network protocols. I had a great time at InfoSecurity Intelligent Defence and BSides London, many thanks for inviting me and giving me the opportunity to speak to so much nice people.

Find the abstract and the download link to the slides after the break.

(more…)

, | Post your comment here.

Jun/15

3

ERNW@HAXPO/HITB 2015

Last week we enjoyed quite a wonderful HAXPO exhibition and HITB conference in Amsterdam. A number of great talks could be heard at the main HITB conference such as “Bootkit via SMS: 4G Access Level Security Assessment” or “Stegosploit: Hacking with Pictures“. And not only that: there were also several engaging hands-on workshops.

Apart from the main conference, there was the HAXPO – a hacker exhibition. At this exhibition you could connect with people from different companies, get a lot of merchandise, and also listen to several briefings on security and its philosophy. Fortunately, we had the pleasure to present two of these briefings and maybe you tested your web application skills at the ERNW booth.

(more…)

, | Post your comment here.

Blog4

We hope you are enjoying the ride as we continue our journey through IPv6. Below we have a great mix of talks, slides, and videos in this area posted below. We look forward to hosting more IPv6 (March 14th & 15th) talks next year at TROOPERS16!

(more…)

, , , | Post your comment here.

May/15

5

Hek.si 2015

Hey!

I attended this really nice conference in Slovenia on April 16th. It was a smaller conference, but very memorable for the people (students, IT sec professionals and managers alike) who attended.
I also had the pleasure to present on How secure am I with EMET? and Evaluating the APT armor and wanted to share the slides with you — feel free to approach me for any kind of feedback or discussion.

I’m looking forward to go to Ljubljana again! 😉

Greetings,
Benedikt

| Post your comment here.

Apr/15

29

SSL Tidbits at the BASTA.NET

A while a go Dominik and I gave an introductory presentation about SSL at the BASTA.NET conference, a developer-oriented event held in Darmstadt twice a year. At that time there were quite some enthusiastic participants but recently we’ve also gotten some inquiries asking for the relevant materials. Although there’s no recording of the session, we’ve decided to put the slides here for those interested who didn’t make it to the talk.

“Who should have a look at the slides?” you ask, well, if you’ve been wanting to get a sense for what the idea behind SSL is, where it is used, how it is usually leveraged and what problems could arise when poorly employed, you will certainly find the slide-deck interesting. Although the session was meant to slowly get participants up to speed in matters SSL, it’s still likely that more informed folks will still find it interesting, even if just as a refresher about key and certificate formats, PKI 101, SSL stripping, secure cookies, and other topics.

Without further, here’s slide deck.

For the hungry, here are some other interesting resources we suggested to attendees willing to go a bit deeper on the topic after the talk.

OWASP – SSL für Alle
OWASP – Transport Layer Protection Cheat Sheet
Mozilla – Server Side TLS

For those attending to the BASTA.NET next autumm, we’re looking forward to meeting you. But for the time being, that’s going to be pretty much it.

Thanks for reading and let us know what you think.

, | Post your comment here.

Nov/14

13

Protocol Properties & Attack Vectors

Next week, at DeepSec, we’re going to give a talk about Multicast Listener Discovery (MLD), a component of IPv6 which is realized by means of ICMPv6 messages. There are two versions of MLD (mainly specified in RFC 2710 and RFC 3810 respectively) and while MLD is technically implemented by ICMPv6 exchanges, these specifications describe a whole set of rules and communication formats, hence we can safely talk about “the MLD protocol”.

Now, you might ask: how does one tackle the task of examining the security “of a protocol”?

(more…)

, , | Post your comment here.

Nov/14

13

Power of Community 2014

I had the pleasure to participate in this year’s Power of Community and was invited to talk about the insecurity of medical devices. The conference is based in Seoul, Korea and started in 2006. It has a strong technical focus and it is a community driven event. For me it was great to participate as mostly hackers from Asia were there and I got the chance to talk to a lot of nice folks that I wouldn’t be able to meet otherwise. This is especially true for the host, vangelis.

(more…)

| Post your comment here.

Hello Everybody and greetings from Sao Paulo,

 
We’re currently enjoying the Brazilian sunshine, waiting for H2H2 11’s closing remarks and decided to give you a few details on the past three days. The conference was opened by a short welcome by our fellow Trooper Rodrigo Rubira Branco and stuffed with loads of great talks. This year’s keynotes came from Daniel J. Bernstein and Halvar Flake and gave yet another insight into the ever changing world of InfoSec. The international lineup also included Travis Goodspeed, Sergej Bratus and Fernando Gont. H2HC was a great chance for us to talk to various Hackers from around the world and share our opinions and knowledge. (more…)

, , | Post your comment here.

Older posts >>

Contact


Mail | Twitter | Imprint

©2010-2013 ERNW GmbH
To top