whitepaper, whitepapers, veiledninger, guides

Whitepapers and Security Advisories

Collection of whitepapers and security advisories written by Encripto.
Documents published here follow a Creative Commons Attribution ShareAlike 3.0 license.

03.09.18 - Blue Team Training Toolkit - User Guide v2.8

User guide for Encripto’s Blue Team Training Toolkit version 2.8.

Learn more

16.07.16 - SteelCon 2016 - Improving Computer Network Defense Analysis Training with Adversary Replication Techniques

Talk given by Juan J. Güelfo at SteelCon 2016, covering techniques that improve current methods for Computer Network Defense Analysis training and advanced security engagements. This talk also introduces Encripto’s Blue Team Training Toolkit (BT3), with lots of demos and relevant examples.
Watch video

08.07.16 - Blue Team Training Toolkit (BT3) Video Series

This is a collection of videos documenting the Blue Team Training Toolkit (BT3), our open source tool for training Network Security Monitoring and supporting advanced security engagements, developed av Juan J. Güelfo at Encripto.
Watch video

25.11.15 - NISK 2015 - Improving Computer Network Defense Analysis Training With Adversary Replication Techniques (ISSN: 1894-7735)

This paper was presented at the Norwegian Information Security Conference (NISK) 2015. It proposes two methods that can be used to improve computer network defense analysis training. The main advantages are reduced risk and preparation costs, while increasing realism during training sessions. These methods can easily be implemented by both public and private organizations, as well as training institutions such as universities.
Learm more

25.06.15 - Security Advisory: Netgear Prosafe VPN Firewalls

Encripto discovered three important vulnerabilities in Netgear Prosafe firewalls. The vulnerabilities could allow an unauthenticated attacker to gain access to a company’s network.

Learn more

17.04.15 - Guide: Web App Security Testing

Application security testing is recommended on a regular basis, as the threats are constantly changing and new functionality gets added to the application. Encripto often gets questions about the recommended security level for different types of applications, in addition to the recommended frequency. Here you can find a guide that answers these questions.
Learn more

17.04.15 - Guide: Network Security Testing - Types of Tests

Vulnerability assessment, penetration testing, red teaming and adversary replication. These are different kinds of security tests that can be conducted against networks or organizations. Encripto’s guide gives you an overview about the newest trends when it comes to network security testing, and the audience that can benefit from them.
Learn more

17.04.15 - Guide: Network Security Testing - Scope & Frequency

Computer attacks are a risk for all kinds of companies, no matter what size they have. Security testing will uncover if your security countermeasures actually resist external threats, and how well they respond in case of an attack. Encripto’s guide for network security testing covers questions such as recommended frequency, scope and method.
Learn more

12.02.15 - Security Advisory: Inteno ICE-CLIENT

Encripto discovered that Inteno ICE-CLIENT is vulnerable to web directory traversal. The vulnerability could be exploited directly with a web browser, and it could allow unauthenticated attackers to retrieve sensitive files from the device where ICE-CLIENT is running.

Learn more

26.01.15 - Maligno Video Series

This is a collection of videos that document Maligno, our open source tool for security testing and adversary replication, developed by Juan J. Güelfo at Encripto.
Watch video

21.10.14 - TEDx Trondheim: How to protect your digital self

In September Encripto gave a talk at TEDx Trondheim’s event: “Caught Red Handed”. Here our security expert, Juan J. Güelfo, talked about web and wireless security. He demonstrated how easy it can be to hack a web application or access information transmitted via an open wireless network.
Watch video

03.02.14 - Security Advisory: Inteno DG301 Residential Gateway

Encripto discovered that Inteno DG301 is vulnerable to command injection. The vulnerability could be exploited from the login form available at the web administration interface, and it could allow unauthenticated attackers to execute arbitrary commands with root privileges.

Learn more

21.08.13 - Security Advisory: Netgear ProSafe CVE-2013-4775 & CVE-2013-4776

According to the vendor, Netgear ProSafe is a cost-effective line of smart switches for Small and Medium Businesses (SMBs). The products cover an essential set of network features and easy-to-use web-based management. Power over Ethernet (PoE) and Stacking versions are also available.

A range of ProSafe switches are affected by two different vulnerabilities:
CVE-2013-4775: Unauthenticated startup-config disclosure.
CVE-2013-4776: Denial of Service vulnerability.

Learn more

13.05.13 - SAS Scandinavian Airlines for iOS v1.0

SAS provides its customers the ability to order, pay, check in, choose their seat and much more directly on their mobile. The security expert Juan J. Güelfo at Encripto AS decided to look into the SAS application and discovered in a short time several security issues.
Learn more

31.05.12 - Nordea mobilbank v2.3.2 for Android

Encripto AS decided to look into Nordea’s Android app for mobile banking, and discovered in a few hours five important vulnerabilities.
Learn more

21.11.11 - Sikkerhet i norske nettbanker

Encripto AS conducted a research project in November 2011. It analyzed the quality of the SSL / TLS implementation in 10 different Norwegian Internet banks. The result was astonishing.
Learn more