Archive for September, 2015

DeepSec 2015 Talk: Cryptography Tools, Identity Vectors for „Djihadists“ – Julie Gommes

September 30, 2015

Some speak of Crypto Wars 2.0. For others the Crypto Wars have never ended. FBI Directory James Comey does not get tired of demanding back doors to IT infrastructure and devices (there is no difference between back door and front door, mind you). Let’s take a step back and look at the threats. We did […]

Tags: , , , , ,
Posted in Conference, Security, Security Intelligence Comments Off on DeepSec 2015 Talk: Cryptography Tools, Identity Vectors for „Djihadists“ – Julie Gommes

DeepSec 2015 Workshop: PowerShell for Penetration Testers – Nikhil Mittal

September 29, 2015

The platform you are working with (or against) determines the tools you can use. Of course, everyone loves to boot the operating system of choice and hack on familiar grounds. Occasionally you have no choice, and you have to use what’s available. This is especially true for penetration testing. You get to use what you […]

Tags: , , , ,
Posted in Conference, Security, Training 4 Comments »

DeepSec 2015: The Early Bird Gets the Luxury Bed, Swimming Pool and a Royal Breakfast

September 28, 2015

DeepSec 2015 is drawing nearer and tickets sell like hot cakes! Just an insider tip for all the smart birds out there: Get a DeepSec ticket for Early Birds and, while you’re at it book a room at our conference hotel straightaway – before they’re sold out! We have arranged a very competitive conference rate for you (including the breakfast, […]

Tags: , , , , ,
Posted in Administrivia, Conference, Veranstaltung Comments Off on DeepSec 2015: The Early Bird Gets the Luxury Bed, Swimming Pool and a Royal Breakfast

DeepSec Talk 2015: Cryptographic Enforcement of Segregation of Duty within Work-Flows – Thomas Maus

September 20, 2015

Encryption is great. Once you have a secret key and an algorithm, you can safeguard your information. The trouble starts when you communicate. You have to share something. And you need to invest trust. This is easy if you  have a common agenda. If things diverge, you need something else. Thomas Maus will explain in […]

Tags: , , ,
Posted in Conference 1 Comment »

DeepSec 2015 Talk: Legal Responses Against Cyber Incidents – Oscar Serrano

September 19, 2015

Like it or not, „cyber“ is here to stay. No matter what word you use, the networks have become a battlefield for various military operations. While you won’t be able to secure physical territory by keyboard (you still need boots on the ground for this), you can gain information, thwart hostile communications, and possibly sabotage […]

Tags: , , ,
Posted in Conference, Security Comments Off on DeepSec 2015 Talk: Legal Responses Against Cyber Incidents – Oscar Serrano

DeepSec 2015 Talk: Revisiting SOHO Router Attacks – Jose Antonio Rodriguez Garcia and Ivan Sanz de Castro

September 18, 2015

Have you seen Jon Schiefer’s  film Algorithm? If you haven’t, then you should catch up. The protagonist of the story gain access by using the good old small office / home office (SOHO) infrastructure. The attack is pretty realistic, and it shows that SOHO networks can expose all devices connected to it, either briefly or […]

Tags: , , , ,
Posted in Conference, Internet, Security 2 Comments »

DeepSec 2015 Talk: Building a Better Honeypot Network – Josh Pyorre (OpenDNS)

September 17, 2015

Most defenders only learn what attackers can do after recovering from a successful attack. Evaluating forensic evidence can tell you a lot. While this is still useful, wouldn’t it be better to learn from your adversaries without risking your production systems or sensitive data? There is a way. Use some bait and watch. Honeypots to […]

Tags: , , ,
Posted in Conference, Internet, Security 1 Comment »

DeepSec 2015 Talk: illusoryTLS – Nobody But Us. Impersonate,Tamper and Exploit (secYOUre)

September 11, 2015

Transport Layer Security is a cornerstone of modern infrastructure. The „Cloud“ is full of it (at least it should be). For most people it is the magic bullet to solve security problems. Well, it is helpful, but only until you try to dive into the implementation on servers, clients, certificate vendors, or Certificate Authorities. Alfonso […]

Tags: , , ,
Posted in Conference, Internet, Security 8 Comments »

DeepSec 2015 Talk: “Yes, Now YOU Can Patch That Vulnerability Too!” A short Interview with Mitja Kolsek

September 10, 2015

Patching software is a crucial task when it comes to fixing security vulnerabilities. While this totally works, usually you have to wait until the vendors or the developers provide you either an upgrade or a patch. What do you do in the meantime? Reducing the exposure of the software helps, but sometimes you have no […]

Tags: , , ,
Posted in Discussion, Interview, Security 9 Comments »

Social Engineering: Cold Call Warning (EHS, EHM)

September 8, 2015

While we have a workshop on social engineering for you at DeepSec 2015, we do not do any trainings or exercises before the DeepSec event starts. A speaker alerted us that he got a cold call from a company offering cheap rates for accommodation. In case you have received any call from Exhibition Housing Management […]

Tags: , , ,
Posted in Administrivia, Odd 1 Comment »

DeepSec 2015 Talk: Deactivating Endpoint Protection Software in an Unauthorized Manner

September 7, 2015

Your infrastructure is full of endpoints. Did you know that? You even have endpoints if you use your employees’ devices (BYOD!) or the „Cloud“ (YMMV!). Can’t escape them. Since the bad girls and guys knows this, they will attack these weak points first. How are your endpoints (a.k.a. clients in the old days) protected? In […]

Tags: , , , ,
Posted in Conference, Security Comments Off on DeepSec 2015 Talk: Deactivating Endpoint Protection Software in an Unauthorized Manner

DeepSec 2015 Schedule is almost stable & BSidesVienna CfP Deadline

September 7, 2015

The schedule of DeepSec 2015 is almost done. We’re still reviewing submissions and talk to authors. We are confident to call the schedule stable soon. Until this happens, we will describe the presentations and trainings with a little more detail here. Take a good look, but don’t wait too long before booking a ticket. The […]

Tags: , , , , ,
Posted in Administrivia, Conference 7 Comments »

The Enemy Within: Industrial Espionage and Your Network at DeepSec 2015

September 3, 2015

Networking is vital to aquire jobs in the business world, manage projects, and develop products. It all started with the World Wide Web, now we also interact via various clouds and social media platforms with our staff, clients, and customers. Data gets outsourced to third parties, and business letters are airily send by Instant Messenger (due […]

Tags: , , ,
Posted in Conference, High Entropy, Security 1 Comment »