Insinuator


Some outright rants from a bunch of infosec practitioners.

TAG | TROOPERS

Jan/15

20

Troopers15 IPv6 Security Summit

We’ve finalized the agenda for this year’s IPv6 Security Summit. Here’s an overview of the event:

(more…)

, , | Post your comment here.

Happy new year and all the best for 2015 to everybody!
Here’s the next round of Troopers15 talks (all the others can be found here):

(more…)

, , | Post your comment here.

As we promised some days ago here’s the fourth round of Troopers15 talks (the first three can be found here). We really can’t wait for the con ourselves ;-) !

(more…)

, , | Post your comment here.

As we promised some days ago here’s the third round of Troopers15 speakers (first one here, second here). It’s going to be awesome!

(more…)

, , | Post your comment here.

As we promised some days ago when we published the first round, here we go with the second:

(more…)

, , | Post your comment here.

We’re delighted to provide the first announcement of talks of next year’s Troopers edition. Looks like it’s going to be a great event again ;-).
Here we go:

(more…)

, , | Post your comment here.

This is a guest post from Antonios Atlasis.

Last week I had the pleasure to give you my impressions regarding my experience about hacking for b33r at Ghent, that is, my participation at BruCON 2014 hacking conference. As I said among else, the reason that I was there was to present Chiron, my IPv6 penetration testing/security assessment framework, which was supported by the Brucon 5×5 program. The first version of Chiron had been presented at Troopers 14, during the IPv6 Security Summit.

(more…)

, , | Post your comment here.

This is a guest post from Vladimir Wolstencroft from our friends of aura information security
=
=================================================================

Mobile messaging applications have been occupying people’s attention and it seems to be all the latest news. Perhaps I should have called my presentation the 19 Billion dollar app but at the time of writing and research I thought the proposed 3 Billion dollar amount for SnapChat was a little ludicrous, who could have known that would have been just a drop in the ocean.

Upon starting, I decided to compare two mobile messaging applications that shared a relatively unique capability, self-destructing messaging. However the applications execute this in two very different ways. Looking at SnapChat with it’s millions of users and supposedly secure ephemeral messaging seemed like a good start. I also wanted something a little more secure, we have all heard and seen “snaps” leaked and displayed online so I had inkling that there might have been some serious holes within the application.

(more…)

| Post your comment here.

This is a guest post from Antonios Atlasis
==============================

 

Hi,

my name is Antonios and I am an independent IT Security Researcher from Greece. One of my latest “hobbies” is IPv6 and its potential insecurities so, please let me talk to you about my latest experience on this.

This week, I had the opportunity to work together with the ERNW guys at their premises. They had built an IPv6 lab that included several commercial IPv6 security devices (firewalls, IDS/IPS and some high-end switches) and they kindly offered their lab to me to play with (thank you guys :) – I always liked …expensive toys). The goal of this co-operation was two-fold: First, to test my new (not yet released) IPv6 pen-testing tool and secondly, to try to find out any IPv6-related security or operational issues on these devices (after all, they all claim that they are “IPv6-Ready”, right?).

(more…)

, | Post your comment here.

This is a guest post from Jose Miguel Esparza (@EternalTodo)

 

There are already some good blog posts talking about this exploit, but I think this is a really good example to show how peepdf works and what you can learn if you attend the workshop “Squeezing Exploit Kits and PDF Exploits” at Troopers14.  The mentioned exploit was using the Adobe Reader ToolButton Use-After-Free vulnerability to execute code in the victim’s machine and then the Windows privilege escalation 0day to bypass the Adobe sandbox and execute a new payload without restrictions.

(more…)

, | Post your comment here.

Older posts >>

Contact


Mail | Twitter | Imprint

©2010-2013 ERNW GmbH
To top