Insinuator


Some outright rants from a bunch of infosec practitioners.

Jul/16

25

REcon 2016 – A Quick Recap

Some of us had the pleasure to visit this year’s REcon in Montreal, Canada. Unfortunately, work caught us just when we arrived back in Germany, so I haven’t had time to sit down and write down a few words so far. However, we think that what we’ve experienced at REcon is worth writing about.
(more…)

No tags | Post your comment here.

Jul/16

17

Notes on Hijacking GSM/GPRS Connections

As shown in previous blogposts we regularly work with GSM/GPRS basestations for testing devices with cellular uplinks or to simply run a private network during TROOPERS. Here the core difference between a random TROOPERS attendee and a device we want to hack is the will to join our network, or not! While at the conference we hand out own SIM cards which accept the TROOERPS GSM network as their “home network” some device need to be pushed a little bit.
(more…)

, , , , , , , | Post your comment here.

The moment, when your team leader asks you to cheat at Pokémon GO…everyone knows it, right? No? Well, I do 😉

GPS Spoofing Setup

GPS Spoofing Setup

As I’m not a gamer, the technical part was of much more interest – that’s the real gaming for me.
So, challenge accepted!

(more…)

, , , , , , , , | Post your comment here.

Jenkins Logo

Jenkins is a continuous integration server, widely used in Java environments for building automation and deployment. The project recently disclosed an unauthenticated remote code execution vulnerability discovered by Moritz Bechler. Depending on the development environment, a Jenkins server can be a critical part of the infrastructure: It often creates the application packages that later will be deployed on production application servers. If an attacker can execute arbitrary code, s/he can easily manipulate those packages and inject additional code. Another scenario would be that the attacker stealing credentials, like passwords, private keys that are used for authentication in the deployment process or similar.

(more…)

, , , | Post your comment here.

Jul/16

1

SnoopCon Guest Day

This year I had the pleasure to join the guest day of BT’s SnoopCon. There were quite a number of interesting talks throughout the day such as (more…)

| Post your comment here.

Jun/16

30

Some infos about SAP Security Note 2258786

On the 8th of March SAP released the security note for a vulnerability we reported during an assessment of a SAP landscape. The issue affects the SAP NetWeaver Web Administration Interface.  By knowing a special URL a malicious user can acquire version information about the services enabled in the SAP system as well as the operating system used.  We wanted to share some details on the issue.
(more…)

, , , , | Post your comment here.

Jun/16

24

VoLTE Security Analysis, part 2

In our talk IMSEcure – Attacking VoLTE Brian and me presented some theoretical and practical attacks against IP Multimedia Subsystems (IMS). Some of the attacks already have been introduced in a former blogpost and Ahmad continued with a deeper analysis of the Flooding and targeted DoS scenario. But still, there are some open topics I’d like to continue with now. The methods I am demonstrating here also help to get a better understanding of VoLTE/IMS and how it is implemented on modern smartphones.
(more…)

, | Post your comment here.

Jun/16

18

Area41 Conference 2016

Last Friday, Brian and I were at the  Area41 Security Conference. The conference is a branch of Defcon conference and is more or less a small conference of the Swiss hacker community. Being in a “rock music club”, the speakers presented on a stage where usually the rock stars are performing – which gives the conference a very special flair and an interesting atmosphere. We’ve been at the conference to present our research about VoLTE technology including some attack scenarios we’ve evaluated in the past. More on this later, let’s first talk about the conference itself.
(more…)

, , , , | Post your comment here.

Jun/16

6

SAMLReQuest Burpsuite Extention

Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between a Service Provider (SP) and an  Identification Provider (IdP). SAML is used in many Single Sign-On (SSO) implementations, when a user is authenticated once by IdP to access multiple related SPs. When a user requests to access a SP, it creates a SAML Authentication Request and redirects the user to IdP to be authenticated according to this authentication request. If the user is successfully authenticated, IdP creates a SAML authentication response and sends it back to SP through the user’s browser.

(more…)

, | Post your comment here.

Jun/16

3

The ULIN Story

Some of you might have noticed the articles, or the leaked manual itself, about a tool called ULIN. ULIN is a “bleeding-edge spy tool” for mobile communication networks. According to the manual, it is aimed to be a surveillance software for agencies (or others with enough money) for tracking and intercepting the Voice Calls and SMS of arbitrary phones. They call this “remote recording and geolocation of mobile handsets using 2G/3G/4G networks”.
(more…)

, , | Post your comment here.

<< Latest posts

Older posts >>

Contact


Mail | Twitter | Imprint

©2016 ERNW GmbH
To top