it_sicherheit   33

Operational Telegram – the grugq – Medium
Telegram, the encrypted messaging app loved by terrorists, has been in the news lately. Terrorists have long used existing commercial and public communications infrastructure to send commands and plan operations. This is nothing new. What is causing so much distress is that Telegram provides a secret chat feature that is end to end encrypted.
opsec  telegram  it_sicherheit 
11 weeks ago by grenzreiter
Tor and its Discontents – the grugq – Medium
This post deals with problems related to Tor usage that are not technical. I try to look at the human side of things, and I’m quite concerned by the meme of Tor as “panacea solution to arbitrary infosec problems.” I don’t particularly want to fight the privacy activist cult that has developed around Tor, but I feel compelled to state my concerns. (Also, I got triggered by Dan Guido who is writing on the same topic.)
tor  browser  it_sicherheit 
11 weeks ago by grenzreiter
Signals, Intelligence – the grugq – Medium
Signal, by Open Whisper Systems, is the gold standard for secure instant messengers. It uses the well reviewed axolotl ratchet, an improved and modernized version of Off The Record, itself is a much studied protocol.
opsec  signal  it_sicherheit 
11 weeks ago by grenzreiter
Operational WhatsApp (on iOS) – the grugq – Medium
Recently WhatsApp completed their roll out of the end to end encrypted Signal Protocol (previously known as Axolotl.) This is great news because now there is an easy to use secure messaging app used by millions of people. While WhatsApp provides strong end to end encryption for data in motion, the app itself has a number of issues that prevent it from being the ultimate secure messenger.
opsec  whatsapp  it_sicherheit 
11 weeks ago by grenzreiter
Twitter Activist Security – the grugq – Medium
Many people are starting to get politically active in ways they fear might have negative repercussions for their job, career or life. It is important to realise that these fears are real, but that public overt resistance is critical for political legitimacy. This guide hopes to help reduce the personal risks to individuals while empowering their ability to act safely.

I am not an activist, and I almost certainly don’t live in your country. These guidelines are generic with the hope that they will be useful for a larger number of people.
twitter  it_sicherheit  opsec 
11 weeks ago by grenzreiter
| bohops | – A blog about red teaming, penetration testing, and security research
Greetings! Thank you for visiting this security blog. Topics will focus on offensive security (red teaming, pen testing, vulnerability analysis, etc.), defense, community, and trends.

I will do my best to keep this blog up-to-date and will send out notifications through social media when a new topic is posted.
blog  it_sicherheit 
july 2018 by grenzreiter
Mind Maps
Information Security related Mind Maps
hacking  it_sicherheit 
may 2018 by grenzreiter
Mind Maps
A collection of awesome mind maps on infosec topics
mindmap  infosec  security  hacking  exploits  pentest  Archive  ctf  cybersecurity  it_sicherheit  from twitter_favs
may 2018 by gyaresu
PGP und S/MIME: So funktioniert Efail | heise Security
Die Angriffe auf verschlüsselte E-Mails mit S/MIME und OpenPGP lassen sich eigentlich ganz einfach erklären. Wenn man sie einmal verstanden hat, weiß man auch, warum das mit dem Fixen nicht ganz so einfach ist.
verschlüsselung  it_sicherheit  mail 
may 2018 by grenzreiter
Set up your own malware analysis lab with VirtualBox, INetSim and Burp - Christophe Tafani-Dereeper
In this post we will set up a virtual lab for malware analysis. We’ll create an isolated virtual network separated from the host OS and from the Internet, in which we’ll setup two victim virtual machines (Ubuntu and Windows 7) as well as an analysis server to mimic common Internet services like HTTP or DNS. Then, we’ll be able to log and analyze the network communications of any Linux or Windows malware, which will unknowingly connect to our server instead of the Internet. We demonstrate the setup with a real life use case where we analyze the traffic of the infamous TeslaCrypt ransomware, a now defunct ransomware which infected a large number of systems from 2015 to mid-2016.
virtual_machine  it_sicherheit  hacking  homelab 
may 2018 by grenzreiter
Evolution of 3GPP over-the-air security
I have written this page to have a centralized view of the radio interface security inside 3GPP technologies, from 2G to 5G. Getting a clear view of what is going on can be confusing and discouraging as it often requires to browse through dozens of 3GPP documents at the same time.

The most important security functions are listed for each technology: authentication, confidentiality and integrity. I have tried to keep this as short as possible while keeping the most revelant information, such as which radio layers are involved and links to the specifications.
may 2018 by grenzreiter
How the Twitter and GitHub Password Logging Issues Could Happen · System Overlord
There have recently been a couple of highly-publicized (at least in the security community) issues with two tech giants logging passwords in plaintext. First, GitHub found they were logging plaintext passwords on password reset. Then, Twitter found they were logging all plaintext passwords. Let me begin by saying that I have no insider knowledge of either bug, and I have never worked at either Twitter or GitHub, but I enjoy randomly speculating on the internet, so I thought I would speculate on this. (Especially since the /r/netsec thread on the Twitter article is amazingly full of misconceptions.)
passwort  it_sicherheit 
may 2018 by grenzreiter
Preparing for Penetration Testing with Kali Linux · System Overlord
If you spend any time at all on Reddit or forums for information security students, you’ll find dozens of questions about preparing for the Penetration Testing with Kali Linux (PWK, aka OSCP) class from Offensive Security. Likewise, I’ve been asked by a number of people I know personally about moving into the security realm. I figured I’d put together some notes on how to prepare and the knowledge that I believe is necessary to succeed with the PWK class. Additionally, all of the skills listed here are skills I would expect even the most junior of penetration testers to possess.
linux  it_sicherheit  hacking 
april 2018 by grenzreiter
Building a Home Lab for Offensive Security & Security Research · System Overlord
When I wrote my “getting started” post on offensive security, I promised I’d write about building a lab you can use to practice your skillset. It’s taken a little while for me to get to it, but I’m finally trying to deliver.
homelab  it_sicherheit 
april 2018 by grenzreiter
Breaking the Security Model of Subgraph OS | Micah Lee's Blog
I recently traveled to Amsterdam to attend a meeting with Tor Project staff, volunteers, and other members of the wider Tor community. Before trips like this, I prepare a separate travel computer, only bringing with me data and credentials that I might need during my trip. My primary laptop runs Qubes, but this time I decided to install Subgraph OS on my travel laptop. I had only briefly messed with it before, and there’s no better way to learn about a new operating system than by forcing yourself to actually use it for a few days.
linux  it_sicherheit  subgrapgh_os 
april 2018 by grenzreiter
So, you want to work in security?
Every once in a while, I’ll get an email from an eager stranger asking for advice on how to have a career in security (computer, information, cyber… whatever). This is great! We need more passionate, creative, hard-working people that want to work on making technology safer to use. It also turns out to be a pretty financially stable way to make a living.
it_sicherheit  karriere 
april 2018 by grenzreiter
So you want to be a security engineer? – Niru Ragupathy – Medium
Security engineering is different from traditional computer engineering: it requires a different mindset and viewpoint. I can spend hours going into the nuances of why and how, but instead I will point you to this eloquent essay by Parisa Tabriz. I strongly recommend reading it before continuing with the rest of this article. If you are not one for long essays then check out TL;DR by Michal Zalewski (@lcamtuf)
it_sicherheit  karriere 
march 2018 by grenzreiter
Hacker OPSEC with The Grugq
The Grugq is a world renowned information security researcher with 15 years of industry experience. Grugq started his career at a Fortune 100 company, before transitioning to @stake, where he was forced to resign for publishing a Phrack article on anti-forensics. Since then the Grugq has presented on anti-forensics at dozens of international security conferences, as well as talks on numerous other security topics. As an independent information security consultant the Grugq has performed engagements for a wide range of customers, from startups to enterprises and the public sector. He has worked as a professional penetration tester, a developer, and a full time security researcher. The Grugq’s research has always been heavily biased towards counterintelligence aspects of information security. His research has been referenced in books, papers, magazines, and newspapers. Currently an independent researcher, the grugq is actively engaged in exploring the intersection of traditional tradecraft and the hacker skillset, learning the techniques that covert organisations use to operate clandestinely and applying them to the Internet. You can follow him on Twitter @thegrugq.
march 2018 by grenzreiter
A forum for reverse engineering, OS internals and malware analysis
it_sicherheit  forum  hacking 
march 2018 by grenzreiter

related tags

android  archive  blog  botnetz  bots  browser  ctf  cybersecurity  exploits  forum  hacker  hacking  heartbleed  homelab  infosec  internet  internetsicherheit  karriere  kryptographie  linux  mail  mathematik  mindmap  netzwerktechnik  opsec  passwort  pentest  security  signal  subgrapgh_os  tech  telegram  tor  twitter  verschlüsselung  virtual_machine  whatsapp 

Copy this bookmark: