Building

Social Coding – Simple Things to Keep in Mind (updated)

The current trend of social coding finally arrived at ERNW! From now on, you will find our public released tools and scripts commonly on https://github.com/ernw. Therefore I would like to share some thoughts/guidelines which you have to keep in mind if you want to be a social coder: Continue reading “Social Coding – Simple Things to Keep in Mind (updated)”

Continue reading
Events

hardwear.io: Applied Physical Attacks on x86 Systems

stolen off the internet

On Monday the 28th of September 2015 a rather rare event occurred. At around 4 a.m. the moon changed its colour into a dim of red, luckily the sky was clear enough to see something.

[ picture stolen from NASA ]

If you missed that event your next chance will be in about 15 years or so.

The reason for being awake this early wasn’t the moon in the first place but what followed afterwards – my trip to the hardwear.io Security Conference in The Hague. Continue reading “hardwear.io: Applied Physical Attacks on x86 Systems”

Continue reading
Building

The Strange Case of $SOME_SOFTWARE Adding an IPv6 Extension Header, and an Internet Router Dropping Them

Last week Christopher and I were the instructors of an IPv6 workshop. In this one we usually build a lab with the participants incl. a variety of routed segments and native IPv6 Internet access. Once the latter part is implemented people start poking around and surfing the Internet from their laptops, not least to find out which sites they can actually reach from an v6-only network (please note that actually there are many).

Continue reading “The Strange Case of $SOME_SOFTWARE Adding an IPv6 Extension Header, and an Internet Router Dropping Them”

Continue reading
Events

Being at VB2015…

I am currently at the 25th Virus Bulletin International Conference in Prague. The VB2015 is hosted by the Virus Bulletin portal and provides three full days of learning opportunities and networking.

VB2015 focuses on the key themes:

  • Malware & botnets

  • Anti-malware tools & techniques

  • Mobile devices

  • Hacking & vulnerabilities

  • Spam & social networks

  • Network security

Continue reading “Being at VB2015…”

Continue reading
Breaking

VMware did it again: vCenter Remote Code Execution

Yesterday 7Elements released the description of a Remote Code Execution vulnerability in VMware vCenter. The information came in at a good point as I’m at the moment drafting a follow-up blogpost for this one which will summarize some of our approaches to virtualization security. The vCenter vulnerability is both quite critical and particularly interesting in several ways:

Continue reading “VMware did it again: vCenter Remote Code Execution”

Continue reading