Attackers are everywhere. They are now on the cloud too! Attacking the most popular cloud provider – AWS, requires the knowledge of how different services are setup, what defences do we need to bypass, what service attributes can be abused, where can information be leaked, how do I escalate privileges, what about monitoring solutions that may be presen

Did you know that in the ever evolving field of Web and Desktop apps, it turns out these can all now be powered with JavaScript? You read that right: JavaScript is now used to power both web apps (Node.js) as well as Desktop apps (Electron). What could possibly go wrong? So, the burning question is: how does this affect Web and Desktop app security? If you w

Our workshop “TLS in the enterprise” was held for the first time at Troopers 2018 and was our special contribution to the IT Security world to increase the usage of TLS and point out the pitfalls, when switching to TLS. But time is changing and TLS is a kind of standard nowadays, at least when looking at HTTPS, but there are still a lot of things

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training! We are going to start with the basics of Docker, Containers and DevO

“If it’s a thing, then there’s an app for it!”…We trust mobile apps to process our bank transactions, handle our private data and set us up on romantic dates. However, few of us care to wonder,”How (in)secure can these apps be?” Well… at Troopers 20, you can learn how to answer this question yourself! In our 2

Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables: in-depth studies of undocumented, or poorly documented, system functionalities; development of performant and compatible software to monitor or exte

We are happy to announce that TROOPERS20 will feature the 5th anniversary of the popular Windows & Linux Binary Exploitation workshop! In this workshop, attendees will learn how to exploit those nasty stack-based buffer overflow vulnerabilities by applying the theoretical methods taught in this course to hands-on exercises. Exercises will be performed fo

Hi there, like in recent years the popular Hacking 101 workshop will take place on TROOPERS20, too! The workshop will give you an insight into the hacking techniques required for penetration testing. These techniques will cover various topics: Information gathering Network scanning Web application hacking Low-level exploitation …and more! During thi

This post by Jeff (@jeffmakes) was delayed due to interferences with other projects but nevertheless, enjoy! This year, it was my great honour to design the hardware for the Troopers19 badge. We wanted to make a wifi-connected MicroPython-powered badge; something that would be fun to take home and hack on. It was a nice opportunity to use a microcontroller p

This is my wrap-up for the 2nd day of “NGI” at TROOPERS. My first choice for today was “Authenticate like a boss” by Pete Herzog. This talk was less technical than expected but interesting. It focussed on a complex problem: Identification. It’s not only relevant for users but for anything (a file, an IP address, an application, …). Pete started by providing

The third day is already over! Today the regular talks were scheduled split in three tracks: offensive, defensive and a specific one dedicated to SAP. The first slot at 09:00 was, as usual, a keynote. Enno Rey presented ten years of TROOPERS. What happened during all those editions? The main ideas behind TROOPERS have always been that everybody must learn so

I’m just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition. This day was a little bit more difficult due to the fatigue and the social event of yesterday. That’s why the wrap-up will be shorter…  The second keynote was presented by Mara Tam: “Magical thinking … and how to thwart it”. Mara is an advisor to execut

I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a pre-conference event called “NGI” for “Next Generation Internet” focusing on two hot topics: IPv6 and IoT. As said on the website: “NGI aims to provide discussion on h

Next week, it’s already the 10th edition of the TROOPERS conference in Heidelberg, Germany. I’ll be present and cover the event via Twitter and daily wrap-ups. It will be my 3rd edition and since the beginning, I was impressed by the quality of the organization from the content point of view but also from a technical point of view. There isn̵

Troopers16 has been over for quite a while now, but because sharing is caring, we would like to give you some more insight and share some gems that happened over the 2 days of us running a small/medium sized enterprise in mid-west Russia as part of the well received FishBowl side story. Technology wise the whole infrastructure of FishBowl, as well as the Cyb