Some outright rants from a bunch of infosec practitioners.

TAG | conferences



Area41 Conference 2016

Last Friday, Brian and I were at the  Area41 Security Conference. The conference is a branch of Defcon conference and is more or less a small conference of the Swiss hacker community. Being in a “rock music club”, the speakers presented on a stage where usually the rock stars are performing – which gives the conference a very special flair and an interesting atmosphere. We’ve been at the conference to present our research about VoLTE technology including some attack scenarios we’ve evaluated in the past. More on this later, let’s first talk about the conference itself.

, , , , | Post your comment here.



Summary GI Sicherheit

This is a short summary of selected talks (i.e. those that I found the most interesting of those I was able to personally attend) of the GI Sicherheit 2016.

First of all, congratulations to Dr. Fabian Yamaguchi, who received an award (the GI Promotionspreis) for his PhD thesis “Pattern-Based Vulnerability Discovery“!
His work presents an “approach for identifying vulnerabilities which combines techniques from static analysis, machine learning, and graph mining to augment the analyst’s abilities rather than trying to replace her” by identifying and highlighting patterns of potential vulnerabilities in source code.

| Post your comment here.

The first talk after the keynote on day 2 of TROOPERS was from Christopher Truncer about passive intelligence gathering and the analytics of that. Christopher Truncer (@ChrisTruncer) is a red teamer with Mandiant. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. (more…)

, , , , | Post your comment here.



Multiple Address Family OSPFv3

Dear Readers,

today I want to talk about OSPFv3. I won’t cover the glory details of OSPFv3, there are smarter guys than me out there who did that already 😉 and there are great resources to familiarize yourself with the protocol. However, it should be noted that OSPFv3 is not only OSPF for IPv6, OSPFv3 brought some major enhancements compared to OSPFv2. Wouldn’t it be cool to benefit from the enhancements in the IPv4 world as well? (more…)

, , , , | Post your comment here.



Welcome to Brazil!

Welcome to Brazil!

“Welcome to Brazil”, I think, turned to being the most used statement during the past Hackers to Hackers Conference in Sao Paulo. It was used as the main reaction to every speech taking moment, and there were a lot of those! To honor the moments and give you a quick insight into was what going on in Sao Paulo, here is a quick summary of the overall event and our own contribution.


, , , | Post your comment here.



Miner’s Canary Revival in IT Security


What is a Miner’s Canary?

Well, it’s a canary (these cute yellow songbirds some people have as a pet), and its main feature is that it dies before you will.

What the hack [pun intended]? And by the way… what has this to do with IT Security? Well… let me first quote Wikipedia on the birds:


, , , , , | Post your comment here.




Greetings everyone,

On Saturday last week I had the pleasure of delivering a workshop on IPv6 networking at the MRMCD2015 conference in Darmstadt, Germany. It goes without saying that the atmosphere was quite amicable; as usual at CCC-related events. What definitely impressed me the most was the diversity of the audience. There were around thirty attendees representing several age groups and all with seemingly differing backgrounds.


, | Post your comment here.




I recently had the pleasure to join the 64th NANOG (North American Network Operators’ Group) meeting in San Francisco, which can be understood as one of the largest Internet engineering conferences at all. It takes place three times a year at different locations in North America.

What I personally like about NANOG is its strong collaborative and cooperative character. It is not about single persons and also not too much about spectacular projects but more about discussing technologies, ideas, challenges and numbers. Every talk has a comparatively large time slot reserved for discussion, which is often more than fully used. Discussion is typically actively focused and is more time-consuming (and even more relevant) than the talk itself. Which often is intended by the community. The climate of discussion is almost always impressively polite and constructive, even for controversially discussed topics.


, , | Post your comment here.



ERNW @PHDays V in Moscow

Здравствуйте Insinuator Followers,

End of May eight ERNW members were travelling to Moscow (Russia) to visit the PHDays V conference. It was a very nice trip because we met a lot of gentle people, ate some great food and had quite some fun in this exciting and history-charged metropole, and we were able to get around using hands and feet (and Google translate ;-)).

The remainder of this post contains summaries of some of the most interesting talks at PHD V:


, , | Post your comment here.


I’m back from London where I gave a talk about security evaluation of proprietary network protocols. I had a great time at InfoSecurity Intelligent Defence and BSides London, many thanks for inviting me and giving me the opportunity to speak to so much nice people.

Find the abstract and the download link to the slides after the break.


, | Post your comment here.

Older posts >>


Mail | Twitter | Imprint

©2016 ERNW GmbH
To top