http://secdocs.lonerunners.net Latest security documents RSS feed for author Enno Rey en-us <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/867-enno-rey">Enno Rey</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/64-mpls">MPLS</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/96-black-hat-eu-2006">Black Hat EU 2006</a> <br/> Mon, 16 Jan 2012 06:31:21 +0100 http://secdocs.lonerunners.net/documents/details/4745-mpls-and-vpls-security http://secdocs.lonerunners.net/documents/details/4745-mpls-and-vpls-security <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/546-daniel-mende">Daniel Mende</a> <a href="http://secdocs.lonerunners.net/authors/details/867-enno-rey">Enno Rey</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/24-network">network</a> <a href="http://secdocs.lonerunners.net/tags/details/25-routing">routing</a> <a href="http://secdocs.lonerunners.net/tags/details/83-exploiting">exploiting</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/71-black-hat-usa-2010">Black Hat USA 2010</a> <br/><b>Abstract</b>: I personally remember the release of Yersinia at Black Hat Europe 2005. It was a ground breaking experience: a number of Layer 2 attacks regarded purely theoretical until then, was suddenly available in a mostly automated way. And those guys even showed some forays completely unbeknownst to me at the time. We plan to do the same in Vegas, with a new tool called Loki (after the giant from Norse mythology associated with cunning, trickery and evil). It's a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others. After outlining Loki's inner architecture we'll give insight into several modules and discuss some particularly interesting attacks in the routing protocol space (e.g. cracking OSPF MD5 keys, injection of routes into OSPF and EIGRP environments etc.). Furthermore we'll describe vulnerabilities in lesser known protocols like VRRP. Every attack we mention will be shown in a practical demo and - of course - Loki will be released right after our talk. Wed, 21 Sep 2011 20:39:50 +0200 http://secdocs.lonerunners.net/documents/details/4039-burning-asgard---what-happens-when-loki-breaks-free http://secdocs.lonerunners.net/documents/details/4039-burning-asgard---what-happens-when-loki-breaks-free <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/546-daniel-mende">Daniel Mende</a> <a href="http://secdocs.lonerunners.net/authors/details/867-enno-rey">Enno Rey</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/24-network">network</a> <a href="http://secdocs.lonerunners.net/tags/details/25-routing">routing</a> <a href="http://secdocs.lonerunners.net/tags/details/83-exploiting">exploiting</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/71-black-hat-usa-2010">Black Hat USA 2010</a> <br/><b>Abstract</b>: I personally remember the release of Yersinia at Black Hat Europe 2005. It was a ground breaking experience: a number of Layer 2 attacks regarded purely theoretical until then, was suddenly available in a mostly automated way. And those guys even showed some forays completely unbeknownst to me at the time. We plan to do the same in Vegas, with a new tool called Loki (after the giant from Norse mythology associated with cunning, trickery and evil). It's a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others. After outlining Loki's inner architecture we'll give insight into several modules and discuss some particularly interesting attacks in the routing protocol space (e.g. cracking OSPF MD5 keys, injection of routes into OSPF and EIGRP environments etc.). Furthermore we'll describe vulnerabilities in lesser known protocols like VRRP. Every attack we mention will be shown in a practical demo and - of course - Loki will be released right after our talk. Wed, 21 Sep 2011 20:39:34 +0200 http://secdocs.lonerunners.net/documents/details/4038-burning-asgard---what-happens-when-loki-breaks-free http://secdocs.lonerunners.net/documents/details/4038-burning-asgard---what-happens-when-loki-breaks-free <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/867-enno-rey">Enno Rey</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/64-mpls">MPLS</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/53-layerone-2006">LayerOne 2006</a> <br/> Wed, 03 Nov 2010 12:10:05 +0100 http://secdocs.lonerunners.net/documents/details/3076-mpls--vpls-security http://secdocs.lonerunners.net/documents/details/3076-mpls--vpls-security <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/867-enno-rey">Enno Rey</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/64-mpls">MPLS</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/53-layerone-2006">LayerOne 2006</a> <br/> Wed, 03 Nov 2010 12:05:49 +0100 http://secdocs.lonerunners.net/documents/details/3075-mpls--vpls-security http://secdocs.lonerunners.net/documents/details/3075-mpls--vpls-security <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/546-daniel-mende">Daniel Mende</a> <a href="http://secdocs.lonerunners.net/authors/details/867-enno-rey">Enno Rey</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/24-network">network</a> <a href="http://secdocs.lonerunners.net/tags/details/107-cisco">Cisco</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/41-black-hat-eu-2010">Black Hat EU 2010</a> <br/><b>Abstract</b>: The world of "Enterprise WLAN solutions" is full of obscure and "non-standard" elements and technologies. Cisco's solutions, from the early Structured Wireless-Aware Network (SWAN) to the current Cisco Wireless Unified Networking (CUWN) architectures, only partly differ here. In this talk we describe the inner workings of these solutions, dissect the vulnerable parts and discuss theoretical and practical attacks, with some nice demos. A new tool automating a number of attacks (incl. taking over the WDS master role, extracting WPA pairwise master keys from intra-AP communication etc) will be released at Black Hat Europe. Mon, 21 Jun 2010 02:12:19 +0200 http://secdocs.lonerunners.net/documents/details/2565-hacking-cisco-enterprise-wlans http://secdocs.lonerunners.net/documents/details/2565-hacking-cisco-enterprise-wlans <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/546-daniel-mende">Daniel Mende</a> <a href="http://secdocs.lonerunners.net/authors/details/867-enno-rey">Enno Rey</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/24-network">network</a> <a href="http://secdocs.lonerunners.net/tags/details/107-cisco">Cisco</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/41-black-hat-eu-2010">Black Hat EU 2010</a> <br/><b>Abstract</b>: The world of "Enterprise WLAN solutions" is full of obscure and "non-standard" elements and technologies. Cisco's solutions, from the early Structured Wireless-Aware Network (SWAN) to the current Cisco Wireless Unified Networking (CUWN) architectures, only partly differ here. In this talk we describe the inner workings of these solutions, dissect the vulnerable parts and discuss theoretical and practical attacks, with some nice demos. A new tool automating a number of attacks (incl. taking over the WDS master role, extracting WPA pairwise master keys from intra-AP communication etc) will be released at Black Hat Europe. Mon, 21 Jun 2010 02:12:18 +0200 http://secdocs.lonerunners.net/documents/details/2564-hacking-cisco-enterprise-wlans http://secdocs.lonerunners.net/documents/details/2564-hacking-cisco-enterprise-wlans