Insinuator

Google Play Protect is a built-in Android solution that enhances devices’ security. Its main job is to detect and block malware on Android devices. Several malware families were known for bypas...

https://insinuator.net/2024/05/is-google-play-protect-a-reliable-defense-mechanism/

During a customer project, we identified a logic flaw in Jitsi Meet, an open-source video conferencing and messaging platform for secure video conferencing, voice calls, and messaging. The vulner...

https://insinuator.net/2024/05/vulnerability-in-jitsi-meet-meeting-password-disclosure-affecting-meetings-with-lobbies/

Recently, we held a talk at the Winterkongress1 of the Digitale Gesellschaft Schweiz in Winterthur, Switzerland, about our research project on breaking German parcel tracking sites. We could not ...

https://insinuator.net/2024/04/breaking-gls-parcel-tracking/

The German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) has published several papers ERNW created as part of the long-term SiSyPHuS Win10...

https://insinuator.net/2024/04/bsi-publishes-windows-10-sisyphus-reports-application-compatibility-infrastructure-microsoft-defender-antivirus-etw-usage-and-device-setup-manager-service/

Today, we describe our findings at United Parcel Service of America, Inc. (UPS), another German parcel market player, and the corresponding vulnerabilities’ disclosure process. Findings Only a ...

https://insinuator.net/2024/04/breaking-ups-parcel-tracking/

Dennis and I already published blog posts about our research project dealing with vulnerabilities in parcel tracking implementations at DHL and DPD. At the Winterkongress (winter congress) in Win...

https://insinuator.net/2024/04/i-know-what-you-ordered-last-summer-winterkongress-2024/

Hey there! This is the first blog post in a series about issues we think are currently relevant in the field of AI-Security. The intention is not to get full coverage of the topic, but to point o...

https://insinuator.net/2024/02/considerations-on-ai-security-part-i-introduction-and-nondeterminism/

Introduction In 2021, ERNW collaborated with Hochschule Mannheim for their CEP (Cyber Security Entwicklungsprojekt) to build an auditing framework for testing operating system configurations agai...

https://insinuator.net/2023/10/student-project-audit-framework/

Two weeks ago, I was at the c0c0n conference in Cochin (India). This conference is quite special for at least two considerations. At first, this is – to the best of my knowledge – one of the ...

https://insinuator.net/2023/10/c0c0n-2023-a-short-retrospective/

I was writing some challenges for PacketWars at TROOPERS22. One was intended to be a JWT key confusion challenge where the public key from an RSA JWT should be recovered and used to sign a symmet...

https://insinuator.net/2023/10/lua-resty-jwt-authentication-bypass/