"ManiMed: Ypsomed AG – mylife YpsoPump System Vulnerabilities" by Julian Suleder

Manipulating Medical Devices The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devic…

, , ,

insinuator.net/2021/07/manimed

"Analysis of HSTS Caches of Different Browsers" by Florian Bausch

The Reason I recently stumbled upon a strange behavior in my Firefox: I visited an HTTPS-enabled website that I had visited before and saw that my Firefox connected insecurely via HTTP. I found that strange because nowadays, most websites set the HSTS header, which is supposed to force the browser to connect via HTTPS. I […]…

, , , , , ,

insinuator.net/2021/05/analysi

"Attack llvmpipe Graphics Driver from Chromium" by Jan Ruge

In this post, we are discussing a bug we came across in Mesas llvmpipe Gallium3D graphics driver. This bug was accessible through Chromium’s WebGL implementation and can provide control of the program counter (pc) within Chromium’s GPU process if llvmpipe is used. Llvmpipe is a software rasterizer that is used on Linux if no hardware […]…

,

insinuator.net/2021/05/attack-

"DogWhisperer’s SharpHound Cheat Sheet" by SadProcessor

BloodHound data collection, aka Sharphound, is quite a complex beast. When giving BloodHound workshops, the part where I get the most questions is always data collection. How is the BloodHound data collected? What methods do what? Who am I talking to? How do I fly under the radar? These are all very relevant questions when […]…

, ,

insinuator.net/2021/05/dogwhis

"BSI veröffentlicht Hardening Guide, Protokollierungs-Empfehlung und zugehörige GPOs für Windows 10 im Rahmen der SiSyPHuS-Studie" by Friedwart Kuhn

Wir freuen uns, dass das Bundesamt für Sicherheit in der Informationstechnik (BSI) im Rahmen des gemeinsam mit ERNW durchgeführten SiSyPHuS Win10-Projekts (Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10) heute (ca. 10 Uhr) die nächsten drei Arbeitspakete veröffentlicht: …

insinuator.net/2021/05/bsi-ver

"Of Corona, Buggy Audio Drivers and Industrial Espionage" by Florian Bausch

The Situation Last year, the CISO of a customer sent me a laptop for analysis. The reason was that he feared the company could have been victim of industrial espionage. Starting in spring 2020, the IT help desk got several employee laptops with full hard drives, caused by a huge amount of audio recordings. The […]…

, analysis

insinuator.net/2021/04/of-coro

"Summary of “Software-Defined Radio applied to security assessments” at Troopers21" by Max Kunzelmann

The training Software-Defined Radio applied to security assessments was held by Sébastien Dudek at Troopers21 and was remotely organized – like most other events – due to Covid-19. Once we were all caffeinated, we had an exciting journey through basically all things radio. We started with the technical and physical basics in radio technology, …

, ,

insinuator.net/2021/04/summary

"fpicker: Fuzzing with Frida" by Dennis Heinze

Introduction In this post, I will introduce fpicker. Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida. In practice, this means that fpicker enables fuzzing binary-only targets with AFL++ on potentially a…

, , , , ,

insinuator.net/2021/03/fpicker

"ManiMed: Hamilton Medical AG – HAMILTON-T1 Ventilator Vulnerabilities" by Julian Suleder

Manipulating Medical Devices The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medi…

, , ,

insinuator.net/2021/02/manimed

"ManiMed: B. Braun Melsungen AG – Space System Vulnerabilities" by Julian Suleder

Manipulating Medical Devices The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devi…

, , ,

insinuator.net/2021/02/manimed

"ManiMed: Innokas Yhtymä Oy – VC150 Patient Monitor Vulnerabilities" by Julian Suleder

Manipulating Medical Devices The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical…

, , ,

insinuator.net/2021/02/manimed

heidel.berg.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!