0608, 2025

DeepSec 2025 Training: The Mobile Playbook – A Guide to iOS and Android App Security (hybrid – in person or online) – Sven Schleier

Sanna/ August 6, 2025/ Training/ 0 comments

This intensive two-day course equips you with practical skills for identifying and exploiting vulnerabilities in mobile apps across both Android and iOS. You’ll analyze a mix of real-world apps and custom training apps using tools like Frida, Burp Suite, jadx and other open-source tools. By the end of the training, you’ll know how to: intercept and analyze any type of network traffic in mobile apps, even when SSL pinning is used, bypass protection mechanisms such as root/jailbreak detection, decompile APKs and perform manual source code reviews, reverse engineer Swift-based iOS applications and apply a thorough methodology based on the OWASP Mobile Application Security Testing Guide (MASTG). The labs cover static and dynamic analysis, reverse engineering, and Software Composition Analysis (SCA), all through hands-on exercises. No need to bring your own devices — each participant

Read More

0508, 2025

DeepSec 2025 Training: eCrime Intelligence – Aaron Aubrey Ng & Scott Jarkoff

Sanna/ August 5, 2025/ Training/ 0 comments

Understanding eCrime is no longer optional. It is a mission-critical capability for any organization serious about anticipating, preventing, and neutralizing today’s most pervasive cyber threats. This intensive training provides a comprehensive exploration of the eCrime ecosystem, unpacking the full spectrum of adversarial tactics, techniques, and procedures used by financially motivated threat actors to exploit organizations of all sizes and sectors. Blending traditional intelligence tradecraft with cutting-edge cyber security methodology, this course empowers cyber threat intelligence professionals, SOC analysts, CISOs, and forward-thinking defenders to operationalize threat intelligence, proactively reduce risk, and harden their defensive posture. Whether you are new to the world of eCrime or looking to refine your existing expertise, this course will give you the insight, confidence, and real-world skill-set to outpace adversaries. Through hands-on exercises, real case studies, and live tooling, participants

Read More

0408, 2025

DeepSec 2025 Training: Becoming the Godfather of Threat Modeling – Mike van der Bijl

Sanna/ August 4, 2025/ Conference/ 0 comments

In the world of cybersecurity, there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move, you can take control and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy. Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately, you won’t only

Read More

0108, 2025

The Call for Papers for DeepSec 2025 has ended

René Pfeiffer/ August 1, 2025/ Administrivia, Call for Papers, Conference/ 0 comments

The call for papers for DeepSec 2025 has officially ended. We already reviewed most of the submissions, but now we will complete the conference schedule. Allow us some time to consider and review your content. As always, it is very hard to choose because of the high quality of your content. You are amazing.! If you are still interested in presenting at DeepINTEL 2025, then let us know. The deadline for DeepINTEL content has been extended. All contributions regarding threat intelligence, ongoing attacks, capabilities of adversaries, and proposals for defence are welcome!

2705, 2025

DeepSec 2025 Press Release: High threat level for IT security research. IT security is under attack from politics and hostility towards science.

Sanna/ May 27, 2025/ Conference/ 0 comments

Information technology is an integral part of computer science and therefore also of mathematics. Since 2007, the DeepSec conference in Vienna has brought together international researchers to discuss current threats, publish acute vulnerabilities and exchange knowledge on the defence of critical infrastructure. The increasing hostility towards science and the dismantling of US authorities that contribute to IT security are jeopardising the work and, therefore, also the results of the research groups. One consequence is a higher threat level for European companies. The DeepSec conference aims to counter this as a platform. Networks and data in the crosshairs Data may not be crude oil, but it is the driving force behind modern information technology. Digitalisation has made data via networks and services indispensable in many companies. Very few people today can go about their working

Read More

0505, 2025

DeepSec/DeepINTEL Conference Tickets available!

René Pfeiffer/ May 5, 2025/ Administrivia, Conference/ 0 comments

Easter is the traditional time for us to dust off the ticket shop and configure the next version. It is a bit more than just increasing the year and checking the dates because we need to check with the hotel venue and make sure that the tickets stay stable until November. You can take advantage of the early booking tariff. We have put some training session early selections online to assist you with planning this year’s education schedule. More trainings are currently under review. Please book as early as possible. It facilitates planning, and you will get a room at the conference hotel. There is a limited contingent of rooms available. If you wait too long, you probably can not find a room at the hotel. Vienna is beautiful, but being closer to DeepSec

Read More

1903, 2025

DeepSec and DeepINTEL 2025 – Call for Papers!

René Pfeiffer/ March 19, 2025/ Administrivia, Call for Papers, Conference, DeepIntel/ 0 comments

We have silent running since December. The reasons were behind-the-scenes updates, post-processing the past DeepSec conference, recharging our batteries, and adapting to the new situation in IT security influenced by geopolitics. Following the news since 20 January took a lot of head-shaking and wondering what the rest of 2025 will look like. This is where you come in. We want to see and hear you on stage at DeepSec and possibly DeepINTEL 2025. The Call for Papers is now open. The motto for DeepSec this year is “forbidden lore”. It is a reference to forbidden knowledge, the debate about full disclosure, and hard facts that are now declared illegal by authoritarian governments. DeepSec has always followed a scientific approach for discussing and questioning IT security. One of our past conferences even had the motto

Read More

0112, 2024

DeepSec 2024 Keynote – The Mind Bomb

René Pfeiffer/ December 1, 2024/ Conference

DeepSec 2024 ended on 22 November 2024. We took a week off to post-process the event in terms of video material and dialogues. Usually only participants get first access to the video recordings, but because of the threat of disinformation from nation states, we published the keynote early and freely. Randahl Fink explained his take on manipulation of elections and entire societies. Russia, among others, is very proficient in creating election results that keep on surprising politicians and analysts alike. The Mind Bomb is real, and it is about to explode in Western democracies. You can watch the video online on Randahl’s YouTube channel, his Patreon site, or on our Vimeo account. Presenters at conferences are storytellers. They make topics come alive, create links between seemingly unrelated aspects, teach new knowledge, and hopefully make

Read More

2111, 2024

DeepSec 2024 Opening – Conference Days are now live

René Pfeiffer/ November 21, 2024/ Conference

DeepSec 2024 has opened. Enjoy the two days of presentations, discussions, and insights into how to improve the security of your information technology infrastructure. Our keynote will deep dive into the dangerous world of mind manipulation. Social engineering is a threat from the past. Political engineering is the new kid on the block, and it has the power to reshape and destroy nation states and societies. Fake news, propaganda, and outright lies have become the standard tool of radical parties, be it left, right, or centre. Randahl Fink explores the power of the mind bomb in his keynote presentation. For everyone attending: Our only social media presence is in the Fediverse. Please use our @DeepSec handle and the #DeepSec hash tag for referencing content and discussions. Do not use Twitter/X or similar platforms. Thank

Read More

2011, 2024

DeepINTEL 2024 – a full Day all about Security Intelligence

René Pfeiffer/ November 20, 2024/ Conference, DeepIntel

The DeepINTEL 2024 security intelligence has begun. The day holds a full day of presentation about current and future threats. It is difficult to describe a TLP:AMBER event, because we do not publish the schedule for DeepINTEL. The term security intelligence has a wide spectrum. Basically, it includes all informations that will help you improve your defence, understand your adversaries, and how attacking groups operate. The sources are probes, monitoring systems, reports from attacks and their analysis. We are looking forward to provide the next iteration of DeepINTEL as a unique forum where security experts can get crucial updates. Grab your coffee, listen, and contribute!

1811, 2024

DeepSec 2024 Press Release: Choice of programming language does not determine IT security. NSA warns of memory errors while ignoring the majority of other security vulnerabilities

Sanna/ November 18, 2024/ Press

There are over 900 clearly classified defects in software applications. Some of these are because of memory errors, where code accesses memory areas incorrectly and subsequent errors can lead to crashes or other effects. In 2022, the US National Security Agency (NSA) warned against using the programming languages C and C++ to avoid memory errors. The recommendation is to use other programming languages that prevent these errors. This recommendation ignores reality, as these problems can no longer occur in modern, correct C++ code because of the language specification. Furthermore, the NSA’s proposal ignores existing code that is well tested and ready for production, and much more dangerous defects that are still possible in all programming languages. Modern C++ Bjarne Stroustrup published the C++ programming language back in 1978, and it has continued to evolve

Read More

1611, 2024

DeepSec 2024 Talk: Executive Breach Simulation Toolkits – Pavle Bozalo, Aron Feuer & Matias Ulloa

Sanna/ November 16, 2024/ Conference

As cyberattacks multiply and become more sophisticated, executive breach simulation toolkits have become essential. Enabling organizations to simulate, predict, and assess the impact of potential security breaches from an executive perspective is necessary to know how to keep organizations safe. Unfortunately, simulations are broken. Simply put, they don’t properly prepare leaders and security practitioners for security breaches. This talk will look at the evolving landscape of breach simulation toolkits designed for security practitioners, focusing on their role in enhancing cybersecurity strategies, incident preparedness, and organizational resilience. We will see how simulations can be engaging, while remaining instructive and preparing people for actual cyber events. We’ll discuss how these toolkits work, why they’re essential for making smarter business decisions around cybersecurity, and how they help align leadership with technical teams. Real-world examples will show how

Read More

1511, 2024

DeepSec 2024 Talk: The Malicious Bloodline Inheritance: Dissecting Deed RAT and Blood Alchemy – You Nakatsuru, Kiyotaka Tamada & Suguru Ishimaru

Sanna/ November 15, 2024/ Conference

ShadowPad is a particularly notorious malware family used in Advanced Persistent Threat (APT) campaigns since 2017. ShadowPad use spread to various groups beginning in 2019, and a ShadowPad builder was disclosed in June 2024. One reason ShadowPad has garnered so much attention from security researchers is that it is an advanced modular type fileless RAT with a complex structure that is difficult to analyze. In July 2023, Deed RAT was published by Positive Security as a variant of ShadowPad. Furthermore, Blood Alchemy malware was also discovered as another variant of Deed RAT in April by ICI, with evidence such as unique data structures, malware configurations, loading schemes, and code similarities. However, important features of both Deed RAT and Blood Alchemy, such as the C2 communication scheme, loading additional modules, and details of backdoor commands,

Read More

1211, 2024

DeepSec 2024 Talk: Why NIS2 Implementation often fails in Industrial Areas – Michael Walser

Sanna/ November 12, 2024/ Conference

Why do most projects preparing for NIS2 fail in practice? Many affected companies complain about the requirements of EU Directive 2022/2555, which are too unspecific and technically difficult to implement. Excessive demands are spreading. Companies affected are uncertain because of the evaluation of the actual implementation, unlike ISO security certification (e.g. ISO27001/ISO62443). The results are often unsatisfactory despite the sometimes massive investment in costs and personnel resources. An Excel spreadsheet or a Visio drawing itself does nothing to change the resilience of KRITIS or industrial facilities against cyber-attacks in practice. We focus on industrial customers and their OT infrastructure, using anonymized, real-world examples to show the challenges in practice and offer examples of solutions to prevent repeating past mistakes. The first steps do not have to cost a lot of money or tie up

Read More

1211, 2024

DeepSec 2024 Talk: Industrial plants: IP Protection in an increasingly (de)globalized economic System – Josef Rametsteiner

Sanna/ November 12, 2024/ Conference

Customs duties and trade restrictions are increasingly presenting companies with logistical challenges. The trend is to move production capacities to the relevant countries to be close to the customer. But how can a company safely move to an industrial plant abroad without risking the loss of its own IP (intellectual property)? By using a practical example, we show how to enable a commercially available Simatic S7 1500 PLC to keep control over the PLC program stored in the controller and its parameters. To achieve this, we implement strong cryptography within the device. The challenge here is that the device does not have the necessary functionality “out of the box”. How can we make sure that production does not take on a life of its own (secure manufacturing)? Regardless of the PLC used, industry has

Read More