HackDig : Dig high-quality web security articles for hackers

TROOPERS20 Training Teaser: Attack And Defence In AWS: Chaining Vulnerabilities To Go Beyond The OWASP Top 10

Attackers are everywhere. They are now on the cloud too! Attacking the most popular cloud provider – AWS, requires the knowledge of how different services are setup, what defences do we need to bypass, what service attributes can be abused, where can information be leaked, how do I escalate privileges, what about monitoring solutions that may be presen
Publish At:2020-02-27 17:57 | Read:516 | Comments:0 | Tags:Events AWS TROOPERS TROOPERS20

TROOPERS20 Training Teaser: Hacking Node.js & Electron apps, shells, injections and fun!

Did you know that in the ever evolving field of Web and Desktop apps, it turns out these can all now be powered with JavaScript? You read that right: JavaScript is now used to power both web apps (Node.js) as well as Desktop apps (Electron). What could possibly go wrong? So, the burning question is: how does this affect Web and Desktop app security? If you w
Publish At:2020-02-06 12:15 | Read:427 | Comments:0 | Tags:Events JavaScript TROOPERS TROOPERS20

TROOPERS20 Training Teaser: TLS in the Enterprise – Post Quantum Security

Our workshop “TLS in the enterprise” was held for the first time at Troopers 2018 and was our special contribution to the IT Security world to increase the usage of TLS and point out the pitfalls, when switching to TLS. But time is changing and TLS is a kind of standard nowadays, at least when looking at HTTPS, but there are still a lot of things
Publish At:2019-12-09 17:15 | Read:674 | Comments:0 | Tags:Events TLS TROOPERS

TROOPERS20 Training Teaser: Swim with the whales – Docker, DevOps & Security in Enterprise Environments

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training! We are going to start with the basics of Docker, Containers and DevO
Publish At:2019-12-02 05:15 | Read:1275 | Comments:0 | Tags:Misc DevOps Docker K8 kubernetes TROOPERS TROOPERS20

TROOPERS20 teaser: Hacking mobile apps

“If it’s a thing, then there’s an app for it!”…We trust mobile apps to process our bank transactions, handle our private data and set us up on romantic dates. However, few of us care to wonder,”How (in)secure can these apps be?” Well… at Troopers 20, you can learn how to answer this question yourself! In our 2
Publish At:2019-11-30 12:15 | Read:1108 | Comments:0 | Tags:Events TROOPERS

TROOPERS20 Training Teaser: Insight Into Windows Internals

Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables: in-depth studies of undocumented, or poorly documented, system functionalities; development of performant and compatible software to monitor or exte
Publish At:2019-11-25 12:15 | Read:704 | Comments:0 | Tags:Events TROOPERS TROOPERS20 Windows

TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation

We are happy to announce that TROOPERS20 will feature the 5th anniversary of the popular Windows & Linux Binary Exploitation workshop! In this workshop, attendees will learn how to exploit those nasty stack-based buffer overflow vulnerabilities by applying the theoretical methods taught in this course to hands-on exercises. Exercises will be performed fo
Publish At:2019-11-12 00:15 | Read:927 | Comments:0 | Tags:Events TROOPERS exploit

TROOPERS20 Training Teaser: Hacking 101

Hi there, like in recent years the popular Hacking 101 workshop will take place on TROOPERS20, too! The workshop will give you an insight into the hacking techniques required for penetration testing. These techniques will cover various topics: Information gathering Network scanning Web application hacking Low-level exploitation …and more! During thi
Publish At:2019-11-12 00:15 | Read:1179 | Comments:0 | Tags:Events TROOPERS

Troopers 19 – Badge Hardware

This post by Jeff (@jeffmakes) was delayed due to interferences with other projects but nevertheless, enjoy! This year, it was my great honour to design the hardware for the Troopers19 badge. We wanted to make a wifi-connected MicroPython-powered badge; something that would be fun to take home and hack on. It was a nice opportunity to use a microcontroller p
Publish At:2019-09-19 17:15 | Read:859 | Comments:0 | Tags:Building Badge TROOPERS

TROOPERS 2017 Day #2 Wrap-Up

This is my wrap-up for the 2nd day of “NGI” at TROOPERS. My first choice for today was “Authenticate like a boss” by Pete Herzog. This talk was less technical than expected but interesting. It focussed on a complex problem: Identification. It’s not only relevant for users but for anything (a file, an IP address, an application, …). Pete started by providing
Publish At:2017-03-24 02:00 | Read:4184 | Comments:0 | Tags:Event Security Conference Germany Troopers

TROOPERS 2017 Day #3 Wrap-Up

The third day is already over! Today the regular talks were scheduled split in three tracks: offensive, defensive and a specific one dedicated to SAP. The first slot at 09:00 was, as usual, a keynote. Enno Rey presented ten years of TROOPERS. What happened during all those editions? The main ideas behind TROOPERS have always been that everybody must learn so
Publish At:2017-03-24 02:00 | Read:4638 | Comments:0 | Tags:Event Security Conference Germany Troopers

TROOPERS 2017 Day #4 Wrap-Up

I’m just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition. This day was a little bit more difficult due to the fatigue and the social event of yesterday. That’s why the wrap-up will be shorter…  The second keynote was presented by Mara Tam: “Magical thinking … and how to thwart it”. Mara is an advisor to execut
Publish At:2017-03-24 02:00 | Read:4349 | Comments:0 | Tags:Event Security Conference Germany Troopers

TROOPERS 2017 Day #1 Wrap-Up

I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a pre-conference event called “NGI” for “Next Generation Internet” focusing on two hot topics: IPv6 and IoT. As said on the website: “NGI aims to provide discussion on h
Publish At:2017-03-21 00:20 | Read:5463 | Comments:0 | Tags:Event Security Conference Germany Troopers

TROOPER 10 Ahead!

Next week, it’s already the 10th edition of the TROOPERS conference in Heidelberg, Germany. I’ll be present and cover the event via Twitter and daily wrap-ups. It will be my 3rd edition and since the beginning, I was impressed by the quality of the organization from the content point of view but also from a technical point of view. There isn̵
Publish At:2017-03-15 14:55 | Read:4067 | Comments:0 | Tags:Event Conference Security Troopers

Because of Cyber – A Recap

Troopers16 has been over for quite a while now, but because sharing is caring, we would like to give you some more insight and share some gems that happened over the 2 days of us running a small/medium sized enterprise in mid-west Russia as part of the well received FishBowl side story. Technology wise the whole infrastructure of FishBowl, as well as the Cyb
Publish At:2016-05-11 22:10 | Read:2904 | Comments:0 | Tags:Conferences TROOPERS conference TROOPERS16


Share high-quality web security related articles with you:)