For the 6th year in a row, the next TelcoSecDay will take place in 2017 on March 21th. Again, it will be held one day before Troopers IT-Security Conference as an invitation-only event. For those of you who don’t know the TSD, it is organized by ERNW and is aimed at bringing researchers and people from the telecommunication industry together to discuss about current security weaknesses, challenges and strategies. To do so, various topics will be presented during the talks and there will surely be enough time to follow-up in extensive discussions.
To give you an idea, here’s the TSD 2016 agenda, and here’s the one of 2015.
Continue reading “TelcoSecDay 2017 – CFP Opens”
Month: October 2016
Day-Con X Recap
Just a few days ago I had the pleasure of visiting Day-Con X. I listened to some great talks in the closed and public sessions. Since the first day was the security summit (closed session) I will just name a few titles with some brief words.
Continue reading “Day-Con X Recap”
Continue readingIoT Insight Summit November 15, 2016
The newest addition to ERNW, ERNW Insight which now hosts TROOPERS, is launching a new concept this year. Based on the successful TROOPERS Roundtable sessions, ERNW Insight will host a series events every year covering current and relevant topics in the field of IT Security. While the style of the events may vary the in-depth knowledge sharing that you have come to know from TROOPERS will not!
Continue reading “IoT Insight Summit November 15, 2016”
Reverse Engineering With Radare2 – Part 3
Sorry about the larger delay between the previous post and this one, but I was very busy the last weeks.
(And the technology I wanted to show wasn’t completely implemented in radare2, which means that I had to implement it on my own 😉 ). In case you’re new to this series, you’ll find the previous posts here.
As you may already know, we’ll deal with the third challenge today. The purpose for this one is to introduce
some constructs which are often used in real programs.
Continue reading “Reverse Engineering With Radare2 – Part 3”
Continue readingA Journey Into the Depths of VoWiFi Security
T-mobile pioneered with the native seamless support for WiFi calling technology embedded within the smartphones. This integrated WiFi calling feature is adopted by most major providers as well as many smartphones today. T-mobile introduced VoWiFi in Germany in May 2016. You can make voice calls that allows to switch between LTE and WiFi networks seamlessly. This post is going to be about security analysis of Voice over WiFi (VoWiFi), another name for WiFi calling, from the user end. Before we get started, let me warn you in advance. If you are not familiar with telecommunication network protocols, then you might get lost in the heavy usage of acronyms and abbreviations. I am sorry about that. But trust me, after a while, you get used to it 🙂 . Continue reading “A Journey Into the Depths of VoWiFi Security”
Continue readingA Quick Insight Into the Mirai Botnet
As you might have read, I recently had a closer look at how easy it actually is to become part of an IoT Botnet. To start a further discussion and share some of my findings I gave a quick overview at the recent Dayton Security Summit. The Mirai Botnet was supposed to be one of the case studies here. But the way things go if one starts diving into code…I eventually gave an overview of how the Mirai Bot actually works and what it does. As such: Here a quick summary of the Mirai Botnet bot.
Continue reading “A Quick Insight Into the Mirai Botnet”
Setting up a Research Environment for IP Cameras
Embedded devices often serve as an entry point for an attack on a private or corporate network. The infamous attack on HackingTeam, for example, followed exactly this path as was revealed here. Although the attack may have been for the greater good (refer also to this great keynote), such incidents demonstrate that it is important to properly secure your embedded devices. In a recent blog post, Niklaus presented how he analyzed the security posture of a MAX! Cube LAN Gateway. Moreover, Brian reported a few weeks ago on the security posture of IoT devices (and in particular on one of his cameras). With this post I would like to share my experiences with analyzing another embedded device: the IC-3116W IP camera by Edimax. Continue reading “Setting up a Research Environment for IP Cameras”
Continue readingLinq Injection – From Attacking Filters to Code Execution
Some of you (especially the .Net guys) might have heard of the query language Linq (Language Integrated Query) used by Microsoft .Net applications and web sites. It’s used to access data from various sources like databases, files and internal lists. It can internally transform the accessed data in application objects and provides filter mechanisms similar to SQL. As it is used directly inside the application source code, it will be processed at compile time and not interpreted at runtime. While this provides a great type safety and almost no attack surface for injection attacks (except from possible handling problems in the different backends), it is extremely difficult to implement a dynamic filter system (e.g. for datatables which should allow users to select the column to filter on). That’s probably the reason why Scott Guthrie (Executive Vice President of the Cloud and Enterprise group in Microsoft, also one of the founders of the .Net project) presented the System.Linq.Dynamic package as part of the VS-2008 samples in 2008. This library allows to build Linq queries at runtime and therefore simplify dynamic filters. But as you may know, dynamic interpretation of languages based on user input is most of the time not the best option….
Continue reading “Linq Injection – From Attacking Filters to Code Execution”
Continue readingWelcome to Insinuator.net 2.0
It’s almost exactly seven years since Enno published the very first blog post on Insinuator.net. Meanwhile, quite a few things changed. It’s not only the ERNW Universe which grew significantly, but also Insinuator’s place within this universe was slightly adjusted. What started as an almost independent IT-Security blog became more and more the major publication medium of ERNW.
Continue reading “Welcome to Insinuator.net 2.0”
Continue readingBlack Hat 2016 Summary Part 2.1
A few months ago I had the opportunity to visit this year’s Black Hat in Las Vegas. Due to a few weeks of vacation following the conference here are my delayed 2 cents (part 1)
Abusing Bleeding Edge Web Standards For AppSec Glory – Bryant Zadegan & Ryan Lester (Slides)
Bryant and Ryan talked about new web standards which are already implemented in parts of the current browser jungle. Namely these standard were:
Continue reading “Black Hat 2016 Summary Part 2.1”
Continue reading