Events

New Methods for Exploiting ORM Injections in Java Applications (HITB16)

The HITBSecConf or “Hack In The Box” in Amsterdam is a well known security conference in Europe. We also attended this year too, and there were quite some interesting talks at the HITBSecConf16 conference. One of the talks was about “New Methods for Exploiting ORM Injections in Java Applications” by the security researchers Mikhail Egorov and Sergey Soldatov.

Continue reading “New Methods for Exploiting ORM Injections in Java Applications (HITB16)”

Continue reading
Events

ERNW@HAXPO/HITB 2015

Last week we enjoyed quite a wonderful HAXPO exhibition and HITB conference in Amsterdam. A number of great talks could be heard at the main HITB conference such as “Bootkit via SMS: 4G Access Level Security Assessment” or “Stegosploit: Hacking with Pictures“. And not only that: there were also several engaging hands-on workshops.

Apart from the main conference, there was the HAXPO – a hacker exhibition. At this exhibition you could connect with people from different companies, get a lot of merchandise, and also listen to several briefings on security and its philosophy. Fortunately, we had the pleasure to present two of these briefings and maybe you tested your web application skills at the ERNW booth.

Continue reading “ERNW@HAXPO/HITB 2015”

Continue reading
Events

ERNW @ HAXPO 2015

There are lots of interesting places to visit in Amsterdam, but if you are there between the 26th and the 29th of May, then our booth at HAXPO exhibition should be your main destination.

HAXPO is a great exhibition, where you can become up-to-date with the latest security technologies, attend various workshops and get in touch with more than 35 IT and information security companies. It will take place in the beautiful historical building “Beurs van Berlage” in the center of Amsterdam. As usual, ERNW will take part in HAXPO. We will be waiting for you in the Community Village section (booth NL-018). Come visit and get to know more about us. You are invited to take our hacking challenges, where the levels of complexity vary from beginners to advanced. Furthermore, we will bring our KNX hacking suitcase!

In addition to the exhibition, HAXPO offers a very interesting track of must-see briefings about security and cutting-edge innovations. Don’t miss the talks held by ERNW members! On May 29th, you will see Oliver Matula and Christopher Scheuring with their talk “When You Stare into the Sandbox, It Stares Back at You: Evaluating the APT Armor”. On the same day Rafael Schaefer and Jason Salazar will lead you through “Pentesting in the Age of IPv6”.

See you there!

Olga & Ahmad

Continue reading
Events

HackInTheBox and Haxpo – 2014

Haxpo Overview 2014
Haxpo Overview 2014

Past month we (which is me and a group of other ERNW students, supported by some of the “old” guys — I hope my team lead won’t yell at me for this 😉 ) attended the Haxpo and Hack in the Box in Amsterdam. Starting from 28. May, we had three days at this great conference (HITB) and exposition (Haxpo). The two events took place in the former building of the stock exchange in Amsterdam, called: “Beurs van Berlage”. Upon entering the building for the first time we were given details on where our booth was and where the talks would take place — setting up our booth and planning the shifts was just another thing to do before exploring the Haxpo area:

From left to right: Sebastian, Burak and Heinrich at the ERNW booth
From left to right: Sebastian, Burak and Heinrich at the ERNW booth

Continue reading “HackInTheBox and Haxpo – 2014”

Continue reading
Events

Summary of Talks Held at HITB 2013 – Day 2

This is a short summary of some selected talks from the second day of this year’s Hack in the Box conference in Amsterdam.

 
Rethinking the Front Lines by Bob Lord

Bob Lord is currently the Director of Information Security at Twitter. He has worked at numerous companies in the area of security and software engineering.

In his keynote for the second day of HITB13AMS he tackled a topic that has raised a lot of discussions in the past months. His talk was a summary of what twitter does internally to ensure the security of the company and a plea to implement so called security awareness trainings for employees in a sustainable way. Continue reading “Summary of Talks Held at HITB 2013 – Day 2”

Continue reading
Events

Summary of Talks Held at HITB 2013 – Day 1

This is a short summary of some selected talks from the first day of this year’s Hack in the Box conference in Amsterdam.

 
Abusing Twitter’s API and OAuth Implementation by Nicolas Seriot

Nicolas Seriot (https://twitter.com/nst021) is an iOS Cocoa developer with an interest in privacy and security. He is currently a mobile applications developer and project manager in Switzerland. Nicolas focused his talk on the extraction of consumer tokens that are needed for OAuth to authenticate a consumer to a service provider. These tokens can then be used by rogue applications to gain access to a victims twitter account. Continue reading “Summary of Talks Held at HITB 2013 – Day 1”

Continue reading
Breaking, Events

VMDK Has Left the Building – Slides available

A quick update on the workshop we’ve just finished at Hack in the Box 2012 Amsterdam:
Due to popular demand we decided to bring the slides online without wasting any more time. The official website of the conference is currently experiencing some problems due to high interest in all the stuff what was released in the last two days. Great conference!

Here you go: HITB2012AMS ERNW VMDK Has Left the Building [PDF, 6MB, link fixed]

Enjoy and feel free to express your thoughts in the comments.

Best greetings from Amsterdam,
Florian & the crew

Continue reading
Events

HITB Aftermath

Hi,
didn’t find the time so far to post a short blog about HITB Amsterdam so far… but here we go.

Unfortunately I couldn’t arrive in AMS earlier than Thursday evening so I missed the first day (and – from what I heard – some great talks). However we went out for dinner that night with the likes of Andreas (Wiegenstein), Jim (Geovedi), Raoul (Chiesa), Travis (Goodspeed), Claudio (Criscione) and some more guys and I had some quite good conversations, both on technical matters and on Intra-European cultural differences ;-). Btw: thanks again to Martijn for taking care of the restaurant.

On Friday I listened to Travis’ talk on “Building a Promiscuous nRF24L01+ Packet Sniffer” (cool & scary stuff) and a part of this talk on iPhone data protection (well delivered as well). In the afternoon Daniel and I gave an updated version of the “Attacking 3G and 4G Telecommunication Networks ” presentation (the HITB version can be found here). Overall I can say that HITB was an excellently organized event with a great speaker line-up (not sure if we contributed to that one ;-)) and some innovative ideas (inviting a bunch of local hacker spaces among those). Dhillon is a fabulous host and I already regard HITB as one of the major European security events (next to Troopers, of course ;-)).
Have a great weekend everybody

Enno

Continue reading