Following our belief that knowledge must be shared, ERNW Insight focuses on finding and developing the best ways to make ERNW knowledge accessible to all (e.g. by hosting ERNW’s TROOPERS conference).
Lately, I’ve experienced some weird Pidgin crashes when I was copy&pasting into chat windows. The strange part was: I didn’t even know what triggered the crash because I actually didn’t know what was in my clipboard at this exact point. This is a quick write-up of how I investigated the issue and some interesting properties […]
Hi, on Tuesday, 13.th of November we realized our second AD security summit with the title: “Active Directory Security: On-Prem-Security, Secure Extension into the Cloud & Secure Operations” in Heidelberg. First, we had three talks: the first one about “Active Directory Core Security Principles & Best Practices” covering hybrid AD and AD Trusts as well […]
This is a write-up about how to use Frida to dump documents from a process after they have been loaded and decrypted. It’s a generic and very effective approach demonstrated on a piece of software from North Korea.
Recently, we identified security issues in the Nexus Repository Manager software developed by Sonatype. The tested versions were OSS 3.12.1-01 and OSS 3.13.1-01. The following issues could be identified: Multiple Cross-Site Scripting (CVE-2018-16619) Missing Access Controls (CVE-2018-16620) Java Expression Language Injection (CVE-2018-16621)
If a conference feels like a great vacation, then the organizers are doing it absolutely right! Hack.lu took place for the 14th time in Luxembourg. From the 16th – 18th October, the Alvisse Parc Hotel hosted the Hack.lu conference. Those three days were full of talks, workshops and “discussions about computer security, privacy, information technology […]