In the previous parts of this series (part 1, part 2, part 3, part 4) we covered several aspects of IPv6 security, mainly on the infrastructure level. In today’s post I will follow up by briefly discussing so-called First Hop Security features.
Continue readingMonth: December 2015
DPRK’s RedStar OS on 32c3
Niklaus and me had the chance to talk about our research on RedStar OS on the 32nd Chaos Communication Congress in Hamburg this year. You can see the talk online at media.ccc.de or on Youtube.
We talked about the details of the watermarking mechanism that we found in July and additional features of RedStar OS like it’s “Virus Scanner” and the system architecture. During the days after our talk we were able to find watermarks applied by RedStar OS in the wild on some sites on the Internet. We can confirm at least 7 different instances of RedStar OS that have applied watermarks to JPGs. Cleaning up the data is work in progress and we will get back to you with the results! Niklaus has put our presentation and additional resources in the git. Feel free to join us in our research and make the world a safer place!
32c3 was amazing, as every time! Big thanks to all the volunteers who made this possible. Niklaus and I enjoyed every second! 🙂
Hope to see some of you at Troopers 16 in March 2016!
Cheers,
Florian
Continue reading#TR16 IPv6 Security Summit – New Talks Added
In the interim we’ve worked on the agenda of next year’s IPv6 Security Summit (for those not familiar with the event, here’s the 2015 edition and here the one of 2014), and some new talks have been added.
Continue reading “#TR16 IPv6 Security Summit – New Talks Added”
Continue reading4th Round of TROOPERS16 Talks Accepted
As we come to the end of the year we can’t help but take a moment to thank all of your who made TROOPERS15 special! It just makes us all the more pumped to kick it up a notch for TROOPERS16!! #BestWeekEver
Happy Holiday and much Joy to you in the New Year!
Your TROOPERS Team
Continue reading “4th Round of TROOPERS16 Talks Accepted”
Continue readingDeveloping an Enterprise IPv6 Security Strategy / Part 4: Traffic Filtering in IPv6 Networks (II)
In this part of our little series (part 1, part 2, part 3) we continue discussing IPv6 specific filtering of network traffic, namely at intersection points.
As stated in the 1st part, a number of potential security problems in IPv6 networks are related to Extension Headers of IPv6, in particular when combined with fragmentation. At the same time, as of today (December 2015) there is no Internet service or application that actually needs those headers.
Continue readingTeaser on the TROOPERS16 Incident Analysis Workshop: Analyzing the current Spam Flood
As we are giving another round of our Incident Analysis workshop at Troopers16, we wanted to give a little sample taste what you can expect.
Continue reading “Teaser on the TROOPERS16 Incident Analysis Workshop: Analyzing the current Spam Flood”
Xen XSA 155: Double fetches in paravirtualized devices
As part of my research on the security of paravirtualized devices, I reported a number of vulnerabilities to the Xen security team, which were patched today. All of them are double fetch vulnerabilities affecting the different backend components used for paravirtualized devices. While the severity and impact of these bugs varies heavily and is dependent on a lot of external factors, I would recommend patching them as soon as possible. In the rest of this blog post I’ll give a short teaser about my research with full details coming out in the first quarter of 2016 .
Continue reading “Xen XSA 155: Double fetches in paravirtualized devices”
Continue reading3rd Round of TROOPERS16 Talks Accepted
Here at TROOPERS HQ we are well into the Holiday (read TROOPERS) Spirit so we thought we would publish another round of talks! The current agenda can be found here.
Happy Holidays!
Your TROOPERS Team
Continue reading “3rd Round of TROOPERS16 Talks Accepted”
Continue readingDeveloping an Enterprise IPv6 Security Strategy / Part 3: Traffic Filtering in IPv6 Networks (I)
So this is the third part of our little series on securing IPv6 in enterprise environments. In the first part we tried to develop an understanding of threats in IPv4 networks as a kind-of baseline while analyzing the main differences induced by IPv6 and in the second part we laid out protection strategies on the infrastructure level, focusing on network isolation on the routing layer. Today I’ll dive into discussing IPv6-specific filtering of network traffic.
Continue readingInvestigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement
In this blogpost we will briefly explain a well known Syscall hooking technique (a more detailed explanation can be gathered from e.g.  http://resources.infosecinstitute.com/hooking-system-service-dispatch-table-ssdt/) used by multiple malware samples (like the laqma trojan) and right after discuss how some memory analysis tools have trouble in the analysis and/or reporting of these.
Continue reading “Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement”