IMP4GT: IMPersonation Attacks in 4G NeTworks

The researchers who disclosed the aLTEr attack last year (David Rupprecht, Thorsten Holz, and Christina Pöpper), have found new ways to exploit the lack of integrity protection on the 4G/5G user plane in a new attack called Imp4Gt.

Continue reading “IMP4GT: IMPersonation Attacks in 4G NeTworks”

Some thoughts about “Shift Left” security in DevSecOps

A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle.
In a application security context, this refers to the measures implemented to ensure thart security concerns are taken into consideration during the whole application development, rather than at the end of the process.

Continue reading “Some thoughts about “Shift Left” security in DevSecOps”

CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability

Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products.

Continue reading “CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability”