diamond_fulldiamonddiamond_halfdiamond_eurosearch-iconmenuchat-iconclose-iconenvelope-iconsmartphone-call-icon

Themen

attacks

preview-image for Logo of the CacheWarp attack

CacheWarp: Dropping one write to take over AMD-SEV

23. November, 2023 #attacks #news #reverse engineering

On 2023-11-14 the CISPA Helmholtz Center for Information Security published a new Attack on AMD-SEV called CacheWarp (CVE-2023-20592), in which I am one of the original authors. This attack allows a malicious hypervisor to drop memory writes on an encrypted VM using the invd instruction. Due to the difficulty of the setup, a feasible attack should only drop memory once to achieve its goal. In this article, we examine how one memory drop is enough to break openssh and sudo to completely hijack the victim system.

preview-image for Kubescale Title Image

Kubernetes RBAC: Paths for Privilege Escalation

17. Juli, 2023 #kubernetes #cloud #container #attacks

Kubernetes is a widely used open-source container orchestration system that helps to reduce workloads when dealing with container management in distributed systems. Its built-in authorization module is enabled by default and provides authorization mechanisms that prevent unauthorized access to resources. However, certain permissions enable their subject to escalate their privileges to a potentially Cluster compromising extent.

preview-image for Logo

Statistical Modelling of Timing Sidechannels

2. Dezember, 2021 #cryptography #embedded security #attacks

In this blog post we present a Bayesian statistical model to detect cryptographic timing attacks. This model is one of the results of a customer hardware assessment performed by the SCHUTZWERK GmbH. The assessment was performed in a gray box context, i.e., we were able to interact with the encryption hardware, but were not given any internal implementation details.

preview-image for Logo

Attacking a random number generator

12. Oktober, 2020 #cryptography #attacks

In software dealing with security, randomness is often necessary to generate keys or tokens for resetting passwords or identifying sessions. There, randomness is required to be unpredictable for an attacker. However, sometimes developers do not use cryptographically secure pseudo random number generators (CSPRNG) in this scenario. Instead they utilize faster pseudorandom number generators (PRNG). Consequently, the question arises how hard it is to attack a common (not cryptographically secure) random number generator.

preview-image for Logo

Power analysis based software reverse engineering assisted by fuzzing II

3. September, 2020 #embedded security #secforcars #power analysis #reverse engineering #fuzzing #attacks

In the previous post a setup and a technique to extract a representative section of a powertrace of a specific instruction of a STM32F3 processor were described. This section is called a “template”. These templates should later be used to identify instructions via a power sidechannel and reconstruct the flow of an unknown program on a controller that can not be dumped via JTAG. In this part of our poweranalysis series the extracted templates from the previous post will be analyzed to determine whether they are representative enough to reverse engineer entire programs from a powertrace.

preview-image for title

Uncovering a Malware Campaign Targeting the Logistics Industry

2. April, 2020 #phishing #attacks

Recent malware campaigns targeting private individuals and organizations quickly adapted to new spreading methods: Content related to COVID-19 is currently one of the main ways to distribute spam emails and malicious software [1]. This post outlines how opening a malicious Word document enables an attacker to conduct industrial espionage. This specific malware was likely sent to a selected list of potential victims, embedded in a document that was attached to a COVID-19-related phishing email.

preview-image

Power analysis based software reverse engineering assisted by fuzzing I

26. August, 2019 #embedded security #secforcars #power analysis #reverse engineering #fuzzing #attacks

This is the first part of a three part series about power analysis based software reverse engineering. It is part of our work in the SecForCARs project and the bachelor thesis ‘Poweranalyse basiertes Software Reverse Engineering mit Hilfe von Fuzzing’. The results will be summarized in this blogpost series. In this first part the goals of the research and the power analysis template extraction process are presented.

preview-image for it-grc-cwolfert-schutzwerk.png

Vortrag zum Thema "Zielgerichtete Angriffe auf das Unternehmensnetzwerk"

5. Oktober, 2016 #news #talk #event #attacks

Am 15.-16. September 2016 fand zum ersten Mal der IT-GRC Kongress in Berlin statt. SCHUTZWERK war mit dabei. Die Veranstalter “ISACA Germany Chapter e.V.” und die “Quadriga Hochschule Berlin” legten den Themenschwerpunkt zur Premiere auf “Cyber Security & Digitaler Wandel”. Bei dem exclusiven Branchentreffen ging es aber nicht ausschließlich um Governance, Revisions oder Compliance Themen, sondern auch um aktuelle konkrete Bedrohungen im Bereich der IT. Im Rahmen seines Vortrags ging Christoph Wolfert, Senior Security Consultant bei der SCHUTZWERK GmbH, auf die Fragestellung ein, wie zielgerichtete Angriffe auf das Unternehmensnetzwerk aktuell stattfinden.

Kostenfreies Erstgespräch