Archive for September, 2012

DeepSec 2012 Workshop: The Exploit Laboratory – Advanced Edition

September 30, 2012

Offensive security is a term often used in combination with defence, attack (obviously), understanding how systems fail and the ever popular „cyberwar“. Exploiting operating systems and applications is the best way to illustrate security weaknesses (it doesn’t matter if your opponents or pentesters illustrate this, you have a problem either way, and you should know […]

Tags: , , , ,
Posted in Conference Comments Off on DeepSec 2012 Workshop: The Exploit Laboratory – Advanced Edition

DeepSec 2012 Talk: SAP Slapping

September 30, 2012

DeepSec 2012 covers SAP in-depth, and we decided also to include a presentation on how to test/pen-test SAP installation. Dave Hartley will give you an overview about how to approach SAP, show you what you can do, and probably achieve complete compromise of insecure and misconfigured SAP environments by pressing buttons. ☺ SAP systems can incorporate many […]

Tags: , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: SAP Slapping

DeepSec 2012 Talk: AMF Testing Made Easy

September 28, 2012

Protocols are fun. When it comes to security, protocols are both loved and loathed. Security researchers have fun breaking them. Developers have a hard time designing them (this is why short-cuts will be taken and weaknesses are introduced). Penetration testers are sent to discover broken protocols and to exploit them. Attackers usually know some bits […]

Tags: , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: AMF Testing Made Easy

Booking Tickets for DeepSec 2012

September 27, 2012

Regulars already know this. We use a ticket shop system for all tickets to DeepSec 2012 that can be booked online for both the conference and the workshops. We received some reports of failed bookings with various payment options, and we already informed the company responsible for the shop system. In case you encounter any […]

Tags: ,
Posted in Administrivia Comments Off on Booking Tickets for DeepSec 2012

DeepSec 2012 Talk: Breaking SAP Portal

September 27, 2012

SAP products are very widespread in the corporate world. A lot of enterprises run SAP software for a whole variety of purposes. Since enterprises feature many levels of interconnection, there is also a great deal of exposing going on. Usually you do this by means of using portals. The term „portal“ is a trigger for […]

Tags: , , , ,
Posted in Conference, Security Comments Off on DeepSec 2012 Talk: Breaking SAP Portal

DeepSec 2012 Training: Penetration Testing with Metasploit

September 25, 2012

Metasploit is one of the major tools used by security researchers and security administrators when it comes to testing security or verifying the operation of intrusion detection/prevention systems. It is also used by penetration testers when trying to circumvent defences and to insert payloads into compromised systems. Everyone dealing with the implementation of security measures […]

Tags: , ,
Posted in Training Comments Off on DeepSec 2012 Training: Penetration Testing with Metasploit

DeepSec 2012 Workshop: Malware Forensics and Incident Response Education (MFIRE)

September 24, 2012

Malicious software is the major tool for attackers. It is used to deliver the payload so that compromised systems can be exploited and secured for executing further tasks by your adversaries. Getting to now this malicious software and finding traces of the breach is very important for dealing with a security event. Proper incident response […]

Tags: , , ,
Posted in Conference, Training Comments Off on DeepSec 2012 Workshop: Malware Forensics and Incident Response Education (MFIRE)

DeepSec 2012 Workshop: Strategic Thinking and Assessing Risk

September 24, 2012

We have begun to address the increasing demand for strategic thinking by staging the first DeepINTEL event in 2012. Since we strongly believe in the importance of the „big picture“, we offer a workshop on strategic thinking and assessing risk at DeepSec 2012, too. The training will be conducted by Richard Hanson, who has a […]

Tags: , , , ,
Posted in Conference, Training Comments Off on DeepSec 2012 Workshop: Strategic Thinking and Assessing Risk

DeepSec 2012 Workshop: Attacks on GSM Networks

September 20, 2012

We are proud to follow the tradition of breaking hardware, software, code, ciphers or protocols. When it comes to mobile phone networks, you can break a lot. The workshop on Attacks on GSM Networks will show you the current state of affairs and some new tricks and developments. The attacks that will be discussed during […]

Tags: , , ,
Posted in Conference Comments Off on DeepSec 2012 Workshop: Attacks on GSM Networks

DeepSec 2012 Schedule – In-Depth

September 19, 2012

The schedule for DeepSec 2012 has now been online since August. The last two workshop slots have been filled with two superb training by McAfee/Foundstone. There are still some minor blind spots, but Your Favourite Editors work on this. We will start to describe every workshop in-depth with its own blog article, and we will […]

Tags: , ,
Posted in Administrivia, Conference Comments Off on DeepSec 2012 Schedule – In-Depth

DeepINTEL 2012 Review Articles

September 16, 2012

The first DeepINTEL was very successful, and we enjoyed the presentations given and the many discussion that followed. While we will not disclose details or publish the slides of the talks, we would like to point you to reviews others have written. DeepINTEL 2012 by c-APT-ure DeepIntel 2012 – An Intelligent Security Conference DeepINTEL – […]

Tags: ,
Posted in Conference, Security Intelligence Comments Off on DeepINTEL 2012 Review Articles