Insinuator


Some outright rants from a bunch of infosec practitioners.

Apr/16

15

Infiltrate and Syscan 360

Hi everyone,

I spent the last weeks traveling to Singapore and Miami to present my Xenpwn research about double fetch vulnerabilities in paravirtualized devices at Infiltrate and Syscan360. You can find my slides here. Both conferences had great organization, very technical talks and a cool audience. In the following I want to give a short recap of some of the talks I liked the most:

(more…)

No tags | Post your comment here.

Apr/16

15

Defense & Management Day 2

TROOPERS16 offered many different speakers from around the globe. Below are three different talks from the afternoon of Day 2’s Defense and Management Track.  (more…)

, | Post your comment here.

Apr/16

11

Discover the Unknown: Analyzing an IoT Device

This blog post will give a brief overview about how a simple IoT device can be assessed. It will show a basic methodology, what tools can be used for different tasks and how to solve problems that may arise during analyses. It is aimed at readers that are interested in how such a device can be assessed, those with general interest in reverse engineering or the ones who just want to see how to technically approach an unknown device.

This post will most likely not cover any vulnerabilities per se. However, it outlines weaknesses which affect a wide range of IoT devices so various aspects are applicable to other devices and scenarios.

(more…)

, , , , , , | Post your comment here.

Apr/16

8

Summary GI Sicherheit

This is a short summary of selected talks (i.e. those that I found the most interesting of those I was able to personally attend) of the GI Sicherheit 2016.

First of all, congratulations to Dr. Fabian Yamaguchi, who received an award (the GI Promotionspreis) for his PhD thesis “Pattern-Based Vulnerability Discovery“!
His work presents an “approach for identifying vulnerabilities which combines techniques from static analysis, machine learning, and graph mining to augment the analyst’s abilities rather than trying to replace her” by identifying and highlighting patterns of potential vulnerabilities in source code.
(more…)

| Post your comment here.

Apr/16

7

TSD 2016 – Follow Up

Thanks again for all the great talks and fruitful discussions @TSD 2016! I hope everybody had a safe trip home and enjoyed Troopers as we did. In the meantime I contacted all speakers to talk about publication of their slidesets. Some of them agreed (or already published them on their own) so I’d like to share these with you:
(more…)

, | Post your comment here.

TL;DR: Marie Moe talked about security issues of medical devices, especially implantable devices like pacemakers, but not in overwhelming technological depth. She wanted to point out the necessity of intensified security research in the field of medical devices as vendors and medical personnel seem to be lacking necessary awareness of security of devices, interfaces, services, and even data privacy.”Get involved, join the cavalry” was her core message. (more…)

, | Post your comment here.

Apr/16

6

Security Assessment of Microsoft DirectAccess

A talk about DirectAccess (an IPv6-only VPN solution) was given by our colleague Ali Hardudi during IPv6 summit. Ali has recently finished his master thesis on this topic.
(more…)

, | Post your comment here.

The first talk after the keynote on day 2 of TROOPERS was from Christopher Truncer about passive intelligence gathering and the analytics of that. Christopher Truncer (@ChrisTruncer) is a red teamer with Mandiant. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. (more…)

, , , , | Post your comment here.

Apr/16

5

The Kings in your Castle

At the second day of the TROOPERS16 conference an interesting talk about Advanced Persistent Threats took place from Marion Marschalek and Raphaël Vinot. Marion Marschalek is a Security Researcher, focusing on the analysis of emerging threats and exploring novel methods of threat detection. Marion started her career within the anti-virus industry and also worked on advanced threat protection systems where she built a thorough understanding of how threats and protection systems work and how both occasionally fail. (more…)

, , , | Post your comment here.

Apr/16

5

Anonymization IPv6 in PCAPs – Challenges and Wins

Jasper Bongertz is a Senior Technical Consultant at Airbus Defence and Space CyberSecurity. He is focusing on IT security, Incident Response and Network Forensics.
During the IPv6 summit on Troopers16 he had given a talk on anonymization IPv6 in PCAPs and presented his new tool.
(more…)

, , | Post your comment here.

<< Latest posts

Older posts >>

Contact


Mail | Twitter | Imprint

©2016 ERNW GmbH
To top