March 2016 – Insinuator.net

March 31, 2016 by Nina Matysiak

Reverse Engineering a Digital Two-Way Radio

In their talk “Reverse Engineering a Digital Two Way Radio” Travis Goodspeed and Christiane Ruetten presented the challenges they faced and overcame while reverse engineering “Tytera MD380”, a handheld transceiver for the Digital Mobile Radio (DMR) protocol.

“Tytera MD380” is based around two chips: STM32F405 CPU with an ARM Cortex M4F core and Readout Device Protection and a HRC5000 baseband processor which implements the actual digital radio. While STM32F405 is fully documented, there is no documentation for HRC5000 publicly available but with the help of the Chinese community they were able to obtain the Chinese documentation.

Continue reading “Reverse Engineering a Digital Two-Way Radio”

Events

March 31, 2016 by Nina Matysiak

I Have the Power(View): Offensive Active Directory with PowerShell

In his talk I have the Power(View): Offensive Active Directory with PowerShell Will Schroeder, a researcher and Red teamer in Veris Group´s Adaptive Thread Division, presented offensive Active Directory information gathering technics using his Tool PowerView.

PowerView does not use the built in AD cmdlets to be independent from the Remote Server Administration Tools (RSAT)-AD PowerShell Module which is only compatible with PowerShell 3.0+ and by default only installed on servers that have Active Directory services roles. PowerView, however, is compatible with PowerShell 2.0 and has no outer dependencies. Furthermore, it does not require any installation process.

Continue reading “I Have the Power(View): Offensive Active Directory with PowerShell”

Events

March 31, 2016 by Dr. Andreas Dewald

DFRWS EU 2016 Summary

In this article, I want to provide a concise sum-up of the (to me) most interesting talks of this year’s DFRWS EU (http://www.dfrws.org/2016eu/).

Eoghan Casey, one of most famous pioneers in digital forensics, and David-Olivier Jaquet-Chiffelle, professor in police science at University of Lausanne, gave a keynote that emphasized the need for theoretical fundamental basis research in the field of digital forensics, which I fully agreed on, as this was exactly what I addressed in some of my former research.

Michael Cohen and Arkadiusz Socala received the best paper award for their work “Automatic Profile generation for live Linux Memory analysis“, which was indeed very interesting and the article is worth reading.

Continue reading “DFRWS EU 2016 Summary”

Events

March 31, 2016 by Sven Nobis

Mind The Gap – Exploit Free Whitelisting Evasion Tactics

At the Troopers 16 Casey Smith has given a talk about the gap in Application Whitelisting.

Application Whitelisting is a technique that should prevent malware and unauthorized applications from running. Broadly speaking this is implemented by deciding if an application is trusted or not before executing it. Casey’s talk gave an understanding where this whitelisiting fails down.

Continue reading “Mind The Gap – Exploit Free Whitelisting Evasion Tactics”

Events

March 31, 2016 by Sven Nobis

Towards a LangSec-aware SDLC

At the TROOPERS’15 Jacob l. Torrey held a track about LangSec-Aware Software Development Lifecycle. He talked about programming conventions and what tools can be used for enforcing the compliance. There is a lack of metrics to understand what make software more secure or less secure. His main goals was to show that LangSec has far-reaching impacts into software security and to give the audience a framework to transform the theory into practice. A SLDC should help to find bugs sooner in the development process and reduce defect rate in production thereby. A lower defect rate in production does not only improve security it also reduces costs.

Continue reading “Towards a LangSec-aware SDLC”

Events

March 31, 2016 by Olga Yanushkevich

BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543

Hi everyone,

Hope those of you who attended Troopers16 enjoyed it as much as we did! In this post I want to summarize my Troopers16 talk and provide you with some details about freshly assigned CVE-2016-1542 and CVE-2016-1543 related to BMC BladeLogic software.
Continue reading “BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543”

Events

March 31, 2016 by Birk Kauer

Keynote #1 Troopers 2016

The first Keynote directly after the Opening by Enno Rey was held by Ben Zevenbergen. At the beginning he pointed out that he is not a very technical guy rather he specialized in Information Law and a policy advisor to the European Parliament. Before he started to dive into his Keynote he talked about some rant story’s which happened to him while trying to make his point clear on previous conferences and that he came in peace to Troopers ;).

Continue reading “Keynote #1 Troopers 2016”

Events

March 31, 2016 by Niki Vonderwell

How easy to grow robust botnet with low hanging fruits (IoT) – for free

Attila Marosi works as a Senior Threat Research at Sophos Labs in Hungary. His talk focused on vulnerable IoT devices that are exposed to the internet. His approach was to look for vulnerable devices with low cost tools and publicly available data.

He started his talk with the spoiler that he is not going to reveal any new attacks nor new techniques. But newer data are more adequate and we can see the current state of vulnerable devices connected to the internet. This means his approach was to test the state of IoT devices like Routers, NAS and so on with publicly available data. Continue reading “How easy to grow robust botnet with low hanging fruits (IoT) – for free”

Events

March 31, 2016 by Rafael Schaefer

Troopers Netmon

Hi everybody,

Christopher talked already about our WiFi Network during the IPv6 Security Summit and mentioned our monitoring system (we like to call “netmon”). As there were quite some people interested in the detailed setup and configuration, we would like to share the details with you. This year we used a widely known frontend called Grafana and as backend components InfluxDB and collectd. During Troopers the monitoring system was public reachable over IPv6 and provided statistics about Uplink Bandwidth, IP Protocol Distribution, Clients and Wireless Bands.

Continue reading “Troopers Netmon”

Events

March 30, 2016 by Dr. Andreas Dewald

Generic RAID Reassembly using Block-Level Entropy

DFRWS EU 2016 Talk Forensic Raid Recovery

We just presented our Paper “Generic RAID Reassembly using Block-Level Entropy” at the DFRWS EU 2016 digital forensics conference (http://www.dfrws.org/). The article is about a new approach that we developed for forensic RAID recovery. Our technique calculates block-wise entropy all over the disks and uses generic heuristics on those to detect all the relevant RAID parameters such as stripe size, stripe map, disk order, and RAID type, that are needed to reassemble the RAID and make the data accessible again for forensic investigations (or just for data recovery).

We developed an open source implementation of our approach that is freely available at https://www1.cs.fau.de/content/forensic-raid-recovery/. The tool is able to recover RAID 0, RAID 1 and RAID 5 volumes from the single disks or disk images.
It is also able to recover a missing or failed disk in case of RAID 5 systems from the RAID redundancy information.

Continue reading “Generic RAID Reassembly using Block-Level Entropy”