We had the joy of being part of the beautiful #TROOPERS25 security conference in June this year.
The recording of our talk "SBOMs the right way" is now available.
Check it out here youtu.be/ecr_ar8o8R8?...
@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube.
"Finding Entra ID CA Bypasses - the structured way" @wearetroopers.bsky.social
youtu.be/yYQBeDFEkps
The recording of my #TROOPERS25 talk about the #DHL Packstation has finally been published 🎉 https://youtu.be/WEGVL9Wttsc?si=LIIN6Fq9YSaVL2Zq
Great news for today ... you can grab our SBOM/EMBArk slides from our talk at #troopers25 here troopers.de/troopers25/t...
♻️ srlabs: Unveiled at #TROOPERS25 - Hexagon fuzzing unlocked
Hexagon is the architecture in Qualcomm basebands - they power most of the world's leading smartphones.
Until now, this baseband was out of reach.
We released the first open-source toolchain for system-mode… https://infosec.exchange…
#Troopers25 was a most inspiring and uplifting event in my last three dull and bogging down years. Thank you for the therapy.
One of the results of the joined research with @dirkjanm.io is entrascopes.com
Basically the yellow pages for Microsoft first party apps.
#TROOPERS25
Today at #TROOPERS25 I released a reimplementation of a set of protocols used to interact with a DHL #Packstation without using the official app: https://github.com/frereit/pydhl
It's more of a proof of concept than an actual utility, but maybe it's interesting for some.
High-resolution photo of Compass Security’s IoT and industrial penetration-testing workspace: on a light wooden workbench a large-lens, black surveillance camera sits half-disassembled beside its white Synology® housing, revealing the internal printed-circuit board, image sensor and ribbon connectors targeted during firmware extraction and vulnerability analysis. A chaotic web of multicolored diagnostic leads, Ethernet patch cables, alligator clips, UART/serial breakout wires and power adapters snakes across the table, illustrating real-world hardware hacking, fault-injection and secure-boot bypass techniques used in red-team assessments of networked CCTV, smart-factory and critical OT devices. The blue pentagonal TROOPERS25 shield logo occupies the upper-right corner, signalling that this lab scene supports Compass Security’s conference presentation on Pwn2Own-grade research into surveillance-camera exploits, remote-code-execution vectors and zero-day discovery. The image underscores expert penetration-testing methodology—threat modeling, reverse engineering, embedded Linux analysis, secure-element probing and API fuzzing.
Thrilled for #TROOPERS25 Thursday! Emanuele & @yvesbieri.bsky.social share #Pwn2Own wins on #surveillance cams. Method, #exploit, lessons. Drop in, trade war-stories!
Talk: troopers.de/troopers25/t...
Compass pentest: www.compass-security.com/en/services/... #cybersecurity #iot #hw #fw #ot
EMBArk v0.3 - we are #TROOPERS25 edition is available with enhanced enterprise support. Check it out ... SBOM and firmware analysis to the max github.com/e-m-b-a/emba...
Catch our second talk at #TROOPERS25:
🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection
Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click
A photo taken from an airplane of the. There are small white fluffy clouds scattered below and a slightly hazy blue sky with white wisps above them.
On the way to #TROOPERS25. The short flight is down… just waiting for the long one to Frankfurt.
Looking forward to talking about #nOAuth with #Entra… sadly it’s still a thing 😑
#EntraID #infosec @wearetroopers.bsky.social
🎤 Catch us at #TelcoSecDay tomorrow at #Troopers in Heidelberg!
Jimmy Billaud will present:
“Security risk of International IP-based SIP network and effectiveness of SIP IDS”
Come say hi!
#VoIP #TelecomSecurity #MobileNetworkSecurity #troopers25
Title: Scriptless Attacks: Why CSS is My Favorite Programming Language Speaker: Paul Gerste, Vulnerability Researcher, Sonar Date: Wednesday, June 25, 2025 Time: 2:15 pm Location: Track 3
Coming to #TROOPERS25 this week? We'll be there too, presenting our research!
🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language
@pspaul95.bsky.social will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today
Currently there is so much stuff happening around EMBA ... today I can share that we got the chance to share the latest EMBA and #SBOM stuff at the #TROOPERS25 /
@wearetroopers.bsky.social security conference. Check it out here troopers.de/troopers25/a...
Just got the email that my proposal for a talk at #TROOPERS25 got accepted!!!! I'm soo excited ahahaha
