Archive for October, 2013

DeepSec 2013 Talk: Easy Ways To Bypass Anti-Virus Systems

October 31, 2013

The Joys of Detecting Malicious Software Malicious software is all around us. It permeates the Internet by riding on data transmissions. Once you communicate, you risk getting in touch with malware (another name for malicious software). This is why every single one of us, be it individual, company or organisation, runs anti-virus software. The idea […]

Tags: , ,
Posted in Conference, Security, Stories 2 Comments »

DeepSec 2013 Talk: Uncovering your Trails – Privacy issues of Bluetooth Devices

October 30, 2013

Bluetooth has been around for a while. Hackers and security researchers (such as trifinite.org and others) immediately investigated the weaknesses of protocol and implementations – The specifications have evolved, but so has the proliferation of Bluetooth-capable devices. Smartphones, dumb phones, computers, bulletin boards, media players, tablets, game consoles, headsets, and many more support Bluetooth wireless […]

Tags: , , , ,
Posted in Conference, Security 2 Comments »

DeepSec 2013 Workshop: Effective IDS/IPS Auditing And Testing With Finux

October 26, 2013

A major part of information security is to deal with intrusions. It doesn’t matter if you have to anticipate them, detect them, or desperately wish to avoid them. They are a part of your infosec life. This is why gentle software developers, security researchers, and vendors have created intrusion detection/preventi0n systems. It’s all there for […]

Tags: , , , ,
Posted in Conference, Security, Training 2 Comments »

DeepSec 2013 Talk: Hacking Medical Devices

October 25, 2013

Modern information technology has already entered the field of medical technology. Few hospitals can operate without power and network connectivity. This is why information security has followed the deployment of hardware and software. Next to the infrastructure present there exists a multitude of communication protocols that increase the attack surface. Hospitals and other medical facilities […]

Tags: , , ,
Posted in Conference, Security Comments Off on DeepSec 2013 Talk: Hacking Medical Devices

DeepSec 2013 Talk: Psychology of Security – a Research Programme

October 23, 2013

Have you ever considered the impact of the human mind on information security? Since our brain also deals with information,it should be an integral part of defence. Let’s take a look at psychology:  At DeepSec 2013 Stefan Schumacher will give you an introduction into the psychology of security and why we need to improve scientific […]

Tags: , , ,
Posted in Conference Comments Off on DeepSec 2013 Talk: Psychology of Security – a Research Programme

DeepSec 2013 Workshop: Hands On Exploit Development (Part 2)

October 21, 2013

Unless you buy ready-made exploits or do security research (you know, the tedious task of testing systems and code, findings bugs and assessing their impact) you may wonder where they come from. To show you how to exploit a vulnerability and how to get to an exploit, we have asked Georgia Weidman for an example. […]

Tags: , , ,
Posted in Conference, Stories 3 Comments »

DeepSec 2013 Workshop: Hands On Exploit Development (Part 1)

October 20, 2013

Software bugs evolve, just like their animal counterparts. Lesser bugs impact usability or are simple malfunctions. Once a bug impacts the security it is called a vulnerability. This means that something major is broken and that the internal logic can be manipulated to produce undesirable effects. Vulnerabilities can be exploited to create deterministic effects such […]

Tags: , , ,
Posted in Conference, Training 4 Comments »

DeepSec 2013 Talk: Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

October 19, 2013

The SANS Institute offers the article The History and Evolution of Intrusion Detection in its Reading Room. The article was published in 2001. It starts with the phrase „during the past five years…“. We now have 2013. Why is it important to examine the history of a technology which certainly is well established and widely deployed […]

Tags: , , ,
Posted in Conference, Security, Stories 3 Comments »

DeepSec 2013 Talk: Pivoting In Amazon Clouds

October 17, 2013

The „cloud“ infrastructure is a crucial part of information technology. Many companies take advantage of outsourced computing and storage resources. Due to many vendors offering a multitude of services, the term „cloud“ is often ill-defined and misunderstood. This is a problem if your IT security staff needs to inspect and configure your „cloud“ deployment with […]

Tags: , , ,
Posted in Conference, Internet Comments Off on DeepSec 2013 Talk: Pivoting In Amazon Clouds

DeepSec 2013 Talk: From Misconceptions To Failure – Security And Privacy In The US Cloud Computing FedRAMP Program

October 16, 2013

The „Cloud“ doesn’t stop when it comes to government data. Once government authorities play with outsourcing a lot more regulations need to be reviewed. Mikhail Utin talks about new results and a continuation of his last presentation at DeepSec conference: Our second presentation at DeepSec on so named “Cloud Computing” (CC) and associated services (CCS) […]

Tags: , , ,
Posted in Conference, Security 2 Comments »

DeepSec 2013 Talk: The Economics Of False Positives

October 15, 2013

Ever since networks got attacked the victims have thought of ways to detect and prevent attacks. Packet filters were the first idea. Closing a port meant to worry less about applications listening on them. So the trouble of protecting moved to the services that were still exposed. Filtering got more complex, protocols were inspected, signatures […]

Tags: , , , ,
Posted in Conference 11 Comments »

DeepSec 2013 Workshop: Exploiting Web Applications Protected By $WAFs

October 11, 2013

We all use web applications on a daily basis. Search engines, portals, web sites, blogs, information pages and various other content accessible by web browsers accompany us every day. This means that web server are the first exposed systems you will have to protect when deploying web applications. Usually you would add filters to your […]

Tags: , , ,
Posted in Conference, Security, Training Comments Off on DeepSec 2013 Workshop: Exploiting Web Applications Protected By $WAFs

Changes to the DeepSec 2013 Schedule – two new Talks

October 10, 2013

We had to change the schedule for the DeepSec 2013 conference slightly. Unfortunately two talks were cancelled, because the speakers could not confirm their presence. We are sorry to hear that, but every one of us know Real Life Interference™ can bust the best of plans. We have replaced the talk slots with submissions by […]

Tags: ,
Posted in Administrivia, Conference 8 Comments »

DeepSec 2013 Talk: The Boomerang Effect – Using Session Puzzling To Attack Apps From The Backend

October 10, 2013

In past centuries attackers used battering rams to break down doors and siege artillery to blast holes into solid fortification walls. These were very tedious undertakings, so using alternate routes – possibly back-doors – were always highly regarded. Nowadays wonderful World of „Cyber“™ is no exception. The modern web-obsessed infrastructure has seen web browsers in […]

Tags: , ,
Posted in Conference, Security Comments Off on DeepSec 2013 Talk: The Boomerang Effect – Using Session Puzzling To Attack Apps From The Backend

DeepSec 2013 Workshop: Attacks On GSM Networks

October 4, 2013

Mobile phone networks have penetrated even the most remote areas of the Earth. You can send a tweet from Mount Everest if you like, the cell service is already there. In addition mobile phone networks feature 6 billion subscribers all over the world. Communication by mobile devices has entered the routine of daily life. It’s […]

Tags: , , , , ,
Posted in Conference, Security, Training 1 Comment »