Another year passed by and it’s time again for the annual DFN-CERT workshop. It’s taking place for the 17th time, and this year, Lutz will talk about emulation based unpacking of runtime packed malware in his (German) talk
“Emulationsbasiertes Entpacken von laufzeitgepackten Schadprogrammen und darüber hinaus”
He’ll show you his project “Pandora’s Bochs”, based on the popular [...]
We’re back from hack.lu and as every year, it was a blast. Very nice and smart attendees from all around the world, good talks and entertaining evening events. Try finding a restaurant for about 50 hackers in the inner city of Luxembourg sometime. It’s fun :).
Much happened this year, apart from the usual exchange of [...]
First of all, please excuse the lack of blog posts in the last weeks. We are currently on a very busy schedule, which is good for business but bad for blog posts and related stuff :). I hope I’ll be able to post more regularly in the next weeks.
On August 22nd, we will present our [...]
We finally released the Whitepaper for our JBoss Application Server talk (the one we held e.g. at the hack.lu 2008 and the 16th DFN-CERT).
The paper gives you a more detailed overview about the JBoss AS internals we used in the attacks, as well as a complete description of the individual exploitation techniques.
The only catch [...]
On June 17th 2009, we will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” (in German) at the IHK Aachen. The event happens together with the Verfassungsschutz NRW (North Rhine-Westphalian office for the protection of the constitution) and the Landesinitiative secure-it.nrw.
The talk focuses on examples from penetration tests and real cases of industrial espionage. [...]
On May 19th 2009, we will give our JBoss talk (in German) at the Center for Computing and Communication of RWTH Aachen University (see their announcement). As we have more time than at the DFN CERT, we will be able to demonstrate all attacks live and generally go into a little bit more detail. You [...]
Tagged jboss, rwth, rz, talkThe 16th DFN-CERT Workshop is over and it was again a very nice event. The talk about JBoss Application Server insecurities we gave seemed to be well received, as we got a lot of positive feedback. The German slides are now online at our publications page, btw.
The other talks were quite interesting, as always. Dr. [...]
On March the 17th, we’ll be delivering a talk at the 16th DFN Workshop “Sicherheit in vernetzten Systemen” (security in networked systems) in Hamburg for the third time in a row. This year, it’ll be the talk “Bridging the gap between the enterprise and you – or – Who’s the JBoss now” which was already [...]
Tagged cert, dfn, slides, talkYesterday, I gave a talk at the Eindhoven Institute for the Protection of Systems and Information (EiPSI) in the context of their seminar with the title “Practical Security and Crypto: Why Mallory Sometimes Doesn’t Care”. The EiPSI is a research institute at the Eindhoven University of Technology.
The talk has real world examples of mistakes made [...]