Papers, Presentations, Interviews, Publications
since 2004PRESENTATION
- Title
- QMON: Uncomplicated monitoring for small environments
- Conference
- EuroTcl 2015
- Date
- 21.6.2015
- Abstract
- QMON is a simple open source monitoring application suitable for a small number of hosts and services. It aims to be a quick and secure alternative to nagios with focus on simplicity. After a brief architectural overview the talk covers implementation details of CGI and CLI frontends, database backend and the actual monitoring check execution. Also, in order to provide a usable configuration interface, qmon introduces an enhanced version of ini-style configuration featuring template substitution.
- Slides
PRESENTATION
- Title
- The state of PHP configuration and hardening
- Conference
- IPC2014
- Date
- 27.10.2014
- Abstract
- Can there be anything wrong with empty PHP files? And what happens, if an attacker were to modify .htaccess? During development of the PHP Secure Configuration Checker (PCC) some rarely used INI directives came to mind. This session will explore the possibility of attacking web applications by PHP misconfiguration. The second part will show, that the PHP hardening extension Suhosin is very much alive. We will have the opportunity to discuss recent development and future plans.
- Details
- Abstract
BOOK
- Title
- BeF's Yate Cookbook
- Read
- https://bef.github.io/yate-cookbook/
- Date
- 2014
- Abstract
- This document is a collection of practical solutions and ideas - recipes - related to the Yate telephony engine. Recipes give specific solutions to specific problems encountered in real life. Some recipes were derived from practical experience during the 29th and 30th Chaos Communication Congress in Hamburg, Germany. Other solutions were encountered while setting up and maintaining our public VoIP provider EPVPN (Eventphone Virtual Phone Network). The technical minded person may find a jump start into Yate or use it as a reference guide.
- Source
- https://github.com/bef/yate-cookbook
PRESENTATION
- Title
- SPAM, SPAM, SPAM - SPAM, SPIT und SPOM
- Conference
- SIGINT 2012
- Date
- 18.5.2012
- Abstract
- Warum hat der Anwalt eines Onkels aus Süd-Afrika plötzlich Geld für mich aus der Erbschaft des Vaters seines Schwippschwagers? Warum singen betrunkene Python-Programmierer Lieder von Dosenfleisch? Diese und weitere Fragen werden mit Elan gestellt. Die in Teilen literarisch tiefgründige Auseinandersetzung mit ungewollten Botschaften zeigt sowohl die Historie, als auch mögliche Zukuftsszenarien.
- Details
- Beschreibung + Essay zum Vortrag
PRESENTATION
- Title
- Sicherheitsprobleme in Webanwendungen
- Location
- Lehrveranstaltung "Web Engineering", Prof. Dr. Manfred Kaul, Hochschule Bonn-Rhein-Sieg
- Date
- 20.6.2011
- Co-speaker
- fukami
PRESENTATION
- Title
- Stefan Esser / Ben Fuhrmannek - Security Problems in Web Applications except Injection Vulnerabilities
- Date
- 26.1.2011
- Location
- Ruhr-Uni-Bochum
- Abstract
- Neue Sicherheitsprobleme in Web-Applikationen werden tagtäglich aufgedeckt. In der Regel handelt es sich dabei um Standardprobleme wie Injektionverwundbarkeiten oder aber die Anfälligkeit für CSRF. Zwischen all diesen Problemen schlummern jedoch meist noch viel gefährlichere Sicherheitslücken in Applikationen die auf logischen Fehlern, schlechten Zufallszahlen, schwacher Verschlüsselung oder unüberlegten Sicherheitsfixes beruhen. In diesem Vortrag werden einige solcher Lücken die im letzten Jahr in bekannten (und weniger bekannten) Applikationen aufgedeckt wurden, exemplarisch vorgestellt.
- Slides
PRESENTATION
- Title
- E vs. F
- Subtitle
- Ein Abriss mehr oder weniger esoterischer Programmiersprachen | C vs. D fortgesetzt
- Date
- 12.8.2010
- Conference
- ICMP5
- Details
PAPER
- Title
- Virtual Meta-Scripting
- Subtitle
- Bytecode for PHP and JavaScript
- Author
- Ben Fuhrmannek
- Date
- 31.5.2010
- Abstract
- Both PHP and JavaScript are frequently being targeted for exploiting web applications. This article elaborates on the idea of building a set of virtual machines on top of each programming language. As a result a single type of bytecode can be executed by both VMs. Particular emphasis is put on designing virtual machines to be most suitable for code obfuscation in a post exploitation scenario.
- Links
PRESENTATION
- Title
- Sicherheitsprobleme in Webanwendungen
- Location
- Lehrveranstaltung "OOVA", Prof. Dr. Manfred Kaul, FH Bonn-Rhein-Sieg
- Date
- 18.5.2010
- Co-speaker
- fukami
PRESENTATION
- Title
- C vs. D
- Subtitle
- Ein Abriss mehr oder weniger esoterischer Programmiersprachen
- Date
- 22.5.2010
- Conference
- SIGINT 2010
- Details
- Beschreibung + Vortragsfolien
PRESENTATION
- Title
- von Scannern und Parsern
- Date
- 28.1.2010
- Location
- C4 - OpenChaos Januar
- Links
- Slides + Beispiele
PRESENTATION
- Title
- Zehn Sicherheitsprobleme, die gerne mit dem ZendFramework gebaut werden
- Date
- 2.10.2009
- Meeting
- PHPUG Köln
- Slides
PRESENTATION
- Title
- Warum das WWW sterben muss
- Subtitle
- Ein Rant
- Date
- 5.9.2009
- Conference
- mrmcd0x8
PRESENTATION
- Title
- Warum das WWW sterben muss
- Subtitle
- Ein Rant
- Co-speaker
- fukami
- Date
- 27.6.2009
- Conference
- GPN8
PRESENTATION
- Title
- SWF and the Malware Tragedy
- Subtitle
- Hide and Seek in A Flash
- Co-speaker
- fukami
- Date
- 29.12.2008
- Conference
- 25th Chaos Communication Congress
PAPER
- Title
- SWF and the Malware Tragedy
- Subtitle
- Hide and Seek in a Flash
- Authors
- Ben Fuhrmannek and fukami
- Date
- 13.12.2008
- Links
PRESENTATION
- Title
- SWF and the Malware Tragedy
- Subtitle
- Hide and Seek in A Flash
- Co-speaker
- fukami
- Date
- 14.11.2008
- Conference
- DeepSec IDSC 2008 Europe - Vienna
PRESENTATION
- Title
- SWF and the Malware Tragedy
- Subtitle
- detailed insight into the paper and practical applications
- Co-speaker
- fukami
- Date
- 24.5.2008
- Conference
- ph-neutral 0x7d8
PRESENTATION
- Title
- SWF and the Malware Tragedy
- Subtitle
- a brief introduction to the paper
- Co-speaker
- fukami
- Date
- 22.5.2008
- Conference
- OWASP AppSec Europe 2008, Ghent, Belgium
INTERVIEW
- Title
- Chaosradio Express 82 - Erlang
- Date
- 24.3.2008
- Station
- Chaosradio Express
- Links
- site
PRESENTATION
- Title
- Wissenswertes über Erlang
- Subtitle
- Sehr Praktische Einführung in die moderne Programmiersprache
- Date
- 21.3.2008
- Conference
- EasterHegg 2008
- Links
- slides & examples
PAPER
- Title
- SWF and the Malware Tragedy
- Subtitle
- Detecting Malicious Adobe Flash Files
- Authors
- fukami and Ben Fuhrmannek
- Date
- 9.3.2008
- Links
PRESENTATION
- Title
- Praktische Einführung in Erlang
- Date
- 28.2.2008
- Location
- C4 - OpenChaos Februar
- Links
- slides, examples, all
INTERVIEW
- Title
- VoiP'n stuff
- Date
- 29.12.2007
- Station
- SitesCollide
- Links
- site
PRESENTATION
- Title
- Konzeptionelle Einführung in Erlang
- Date
- 28.12.2007
- Conference
- 24c3
- Co-speaker
- Stefan Strigler
- Links
- paper, slides
PAPER
- Title
- Asterisk
- Subtitle
- A Conceptual Introduction
- Date
- May 2007
- Links
PRESENTATION
- Title
- Anonymität - How to exit the matrix
- Date
- 25.11.2006
- Conference
- BarCamp Cologne
- Co-speaker
- fukami
PRESENTATION
- Title
- eventphone insight
- Date
- 4.8.2006
- Location
- ICMP3
- Co-speaker
- Sascha Ludwig
PRESENTATION
- Title
- eventphone insight
- Subtitle
- Funktionsweise des eventphone Netzes und die Integration der Asterisk OpenSource PBX.
- Date
- 25.6.2006
- Conference
- froscon
- Co-speaker
- Sascha Ludwig
ARTICLE
- Title
- HACKtivitäten in London
- Magazine
- die datenschleuder. #86 / 2005
- Date
- 2005
- Link
- PDF, page 66
PRESENTATION
- Title
- AI - Basic Concepts
- Date
- 5.8.2004
- Location
- ICMP2
- Links
- slides & details