HackDig : Dig high-quality web security articles for hackers

How can data from fitness trackers be obtained and analyzed with a forensic approach?

The use of Internet of Things devices is continuously increasing: People buy devices, such as smart assistants, to make their lives more comfortable or fitness trackers to assess sports activities. According to the Pew Research Center [1], every fifth American wears a device to track their fitness. In Germany, the number increases likewise. The increasing nu
Publish At:2020-09-10 05:44 | Read:176 | Comments:0 | Tags:Building Misc forensics medical tool

Puppet Assessment Techniques

Hardening guides for different systems that can be managed by Puppet are easy to find, but not the guides for hardening Puppet itself. The enterprise software configuration management (SCM) tool Puppet is valued by many SysAdmins and DevOps, e.g. at Google, for scalable, continuous and secure deployment of application server configuration files across large
Publish At:2020-09-09 10:10 | Read:87 | Comments:0 | Tags:Misc Puppet

Java Buffer Overflow with ByteBuffer (CVE-2020-2803) and Mutable MethodType (CVE-2020-2805) Sandbox Escapes

Years ago, Java could be used on websites trough applets. To make these applets secure and not let them access files or do other dangerous stuff, Java introduced the SecurityManager. Before some action was performed, the SecurityManager was asked if the code is privileged to perform this action. However, since the SecurityManager lives in the same running pr
Publish At:2020-09-02 04:10 | Read:252 | Comments:0 | Tags:Misc

Security Advisories for Nagios XI

In June 2020 we reported three vulnerabilities in Nagios XI 5.7.1 to the vendor. The following CVE IDs were assigned to the issues :  CVE-2020-15901: Command Injection in Nagios XI web interface (RCE)  CVE-2020-15902: Cross Site Scripting (XSS)  CVE-2020-15903: Reserved, details will be given on vendor fix CVE-2020-15901 and CVE-2020-15902 have meanwhile b
Publish At:2020-07-30 16:29 | Read:189 | Comments:0 | Tags:Misc IOS

QEMU, Unicorn, Zelos, and AFL

I should start by telling you that this post does not contain anything fundamentally new. Hence, if you already know the tools mentioned in the title, this post may probably not be for you. However, if you are not too familiar with these tools and want to understand a little bit more on how they work together, you should keep on reading. First, let us get a
Publish At:2020-07-15 09:43 | Read:212 | Comments:0 | Tags:Misc

Security Advisories for Ivanti DSM Suite

From the end of 2019 on, we reported two critical vulnerabilities in the Ivanti DSM Suite to the vendor. The following CVE IDs were assigned to the issues (but note that they have a status of RESERVED, i.e. titles and descriptions may change in the future): CVE-2020-12441: Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 CVE-2020-13
Publish At:2020-06-24 07:58 | Read:226 | Comments:0 | Tags:Misc

ERNW SecTools, Active Directory Security and the Corona Pandemic

SARS-CoV-2 and Covid-19 changed a lot in our actual life and it challenges us all from different perspectives like health, economical and social ones. We also believe that live will change persistently in the future due to the Corona pandemic, it will affect the way we work, the way we meet in the business world and how we will prepare for these kind of cris
Publish At:2020-03-30 14:08 | Read:491 | Comments:0 | Tags:Misc

Dog Whisperer Update

With the current situation, it’s not easy to find the right angle to start this blog post, so I won’t even try… but with Troopers cancelled, my Bloodhound workshop went down the drain, and I didn’t get a chance to meet or catch up with all of you and share my latest BloodHound adventures. So I decided to write a quick post to share al
Publish At:2020-03-26 11:29 | Read:396 | Comments:0 | Tags:Misc Acitve Directory BloodHound

VMware NSX-T Distributed Firewall can be bypassed by default

We recently came across an issue when playing around with VMware NSX-T which not anyone might be aware of when getting started with it. Because many of our customers start with transitioning to NSX-T, we want to share this with you. In short, the Distributed Firewall (DFW) of NSX-T can be easily bypassed in the default configuration because it only works eff
Publish At:2020-03-23 03:50 | Read:745 | Comments:0 | Tags:Misc Bypass Distributed Firewall NSX-T SwitchGuard VMware

Windows Insight: The Windows Telemetry ETW Monitor

The Windows Insight repository now hosts the Windows Telemetry ETW Monitor framework. The framework monitors and reports on Windows Telemetry ETW (Event Tracing for Windows) activities – ETW activities for providing data to Windows Telemetry. It consists of two components: the Windbg Framework: a set of scripts for monitoring Windows Telemetry ETW act
Publish At:2020-01-14 12:20 | Read:603 | Comments:0 | Tags:Misc Windows

TROOPERS20 Training Teaser: Swim with the whales – Docker, DevOps & Security in Enterprise Environments

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training! We are going to start with the basics of Docker, Containers and DevO
Publish At:2019-12-02 05:15 | Read:1532 | Comments:0 | Tags:Misc DevOps Docker K8 kubernetes TROOPERS TROOPERS20

Windows Insight: Code integrity and WDAC

The Windows Insight repository now hosts three articles on Windows code integrity and WDAC (Windows Defender Application Control): Device Guard Image Integrity: Architecture Overview (Aleksandar Milenkoski, Dominik Phillips): In this work, we present the high-level architecture of the code integrity mechanism implemented as part of Windows 10. Windows Defen
Publish At:2019-11-12 00:15 | Read:1180 | Comments:0 | Tags:Misc Windows

Dissection of an Incident – Part 2

After our last blogpost regarding Emotet and several other Emotet and Ransomware samples that we encountered, we recently stumbled across a variant belonging to the Gozi, ISFB, Dreambot respectively Ursnif family. In this blogpost, we want to share our insights from the analysis of this malware, whose malware family is mainly known for being a banking trojan
Publish At:2019-11-12 00:15 | Read:1267 | Comments:0 | Tags:Misc forensics incident incident analysis malware

Medical Device Security Summit 2019, 19th of November of 2019

*This event will be held in German* Inspiriert durch die erfolgreichen Round-Table-Diskussionen der TROOPERS-Konferenz freuen wir uns, Ihnen heute mit dem Medical Device Security Summit 2019, eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen. Die Veranstaltung beginnt am Morgen mit einem Eröffnungsvortrag vo
Publish At:2019-10-09 12:15 | Read:1096 | Comments:0 | Tags:Misc

Emotet at Heise, Emotet there, Emotet everywhere – Dissection of an Incident

After the Emotet Incident at Heise, where ERNW has been consulted for Incident Response, we decided to start a blogpost series, in which we want to regularly report on current attacks that we observe. In particular we want to provide details about the utilized pieces of malware, different stages, and techniques used for the initial infection and lateral move
Publish At:2019-09-19 17:15 | Read:1065 | Comments:0 | Tags:Misc emotet heise incident incident analysis malware

Tools

Tag Cloud