Archive for February, 2016

DeepSec Video: IntelMQ

February 26, 2016

Handling incidents means that you have to handle information quickly. Collecting, collaboration, and getting the right piece of intel in crucial moments is the key. CERTs know this, and this is why there is IntelMQ. IntelMQ is a solution for collecting and processing security feeds, pastebins, and tweets using a message queue protocol. It’s a […]

Tags: , , ,
Posted in Conference, Security Comments Off on DeepSec Video: IntelMQ

DeepSec Video: Have We Penetrated Yet??

February 25, 2016

Testing the defences of a network,  applications, or infrastructure can be tough. Often you spend lots of days, the results not being proportionate to the time spent. How do you assess success when doing penetration testing? How to test, what tools to use, and who should be doing the testing? Johnny Deutsch has some answers […]

Tags: , , ,
Posted in Conference, Security Comments Off on DeepSec Video: Have We Penetrated Yet??

DeepSec Video: Continuous Intrusion – Why CI Tools Are an Attacker’s Best Friends

February 24, 2016

Software development has made tremendous progress in the past decades. Tools to develop and to deploy applications have evolved. The trouble is that these tools often lack security design. Attacking software distribution channels such as update servers, package managers, and ISO downloads have been discussed widely in the past. What about the new kids on the […]

Tags: , , ,
Posted in Conference, Security Comments Off on DeepSec Video: Continuous Intrusion – Why CI Tools Are an Attacker’s Best Friends

DeepSec Video: DDoS – Barbarians at the Gate(way)

February 23, 2016

Unfortunately the Internet doesn’t follow the rules of economic theory. Unlimited growth is a myth best kept for feeding your unicorns. Of course, the Internet has grown, but the mathematics and physics behind network flows stay the same. If your pipe is full, then you are going nowhere. This is why Distributed Denial of Service […]

Tags: , , , , ,
Posted in Conference, Internet, Stories Comments Off on DeepSec Video: DDoS – Barbarians at the Gate(way)

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

February 22, 2016

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is […]

Tags: , , , , ,
Posted in Conference, Internet, Security 1 Comment »

DeepSec Video: HackingTeam – How They Infected Your Android Device By 0days

February 20, 2016

Backdoors are very popular these days. Not only cybercrime likes extra access, governments like it too. There’s even a lucrative market for insecurity. You can buy everything your IT team defends against legally. Hacking Team is/was one of the companies supplying 0days along with intrusive software to take over client systems. Attila Marosi explained at […]

Tags: , , , , ,
Posted in Conference, Discussion, High Entropy, Security 2 Comments »

DeepSec Video: ZigBee Smart Homes – A Hacker’s Open House

February 19, 2016

The data protocols of SmartHomes are the FBI’s wet dream. Why? Because they have no security design. Take ZigBee for example. ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have for example a smart light bulb at home, […]

Tags: , , , , , ,
Posted in Conference, Security, Stories 4 Comments »

DeepSec Video: Not so Smart – On Smart TV Apps

February 18, 2016

„Smart“ follows the footsteps of „cyber“. Everything is smart nowadays. The problem is that using smart in this context just means a combination of „Turing complete“ and „connected to the Internet“. That’s it. This is a pretty low barrier for calling something „smart“. t DeepSec 2015 Markus Niemietz held a presentation about the state of […]

Tags: , , , , , , ,
Posted in Conference, Security 4 Comments »

DeepSec Video: Extending a Legacy Platform Providing a Minimalistic, Secure Single-Sign-On-Library

February 17, 2016

Even if you are not running a mainframe you probably have some old applications which you still need and whose code you cannot lift into the present (technology-wise). This is something you need to address. Despite decades of security research and authentication standards there’s still a vast amount of systems with custom solutions and embedded […]

Tags: , , , , ,
Posted in Conference, Stories Comments Off on DeepSec Video: Extending a Legacy Platform Providing a Minimalistic, Secure Single-Sign-On-Library

DeepSec Video: Legal Responses Against Cyber Incidents

February 16, 2016

Despite current efforts to adapt existing legal instruments to regulate hostile activities in cyber space, there is uncertainty about the legal situation of actors affected by these actions. Part of this uncertainty is due to the fact that the cyber domain is technically complex; there is a strong need for collaboration between technical and legal […]

Tags: , , , ,
Posted in Conference, Legal Comments Off on DeepSec Video: Legal Responses Against Cyber Incidents

Go dark with us! Submit a presentation to DeepINTEL 2016!

February 15, 2016

Information security without intelligence is less than half the fun. That’s why we organise the DeepINTEL 2016 conference. The focus is entirely on the intelligence side of security. Given the events in the recent months it’s about time that you get your focus right and turn your radar on. Flying blind will get you into […]

Tags: , , ,
Posted in Call for Papers, Conference, Security Intelligence 3 Comments »

DeepSec Video: illusoryTLS – Nobody But Us. Impersonate,Tamper and Exploit

February 15, 2016

Cryptographic backdoors are a timely topic often debated as a government matter to legislate on. At the same time, they define a space that some entities might have practically explored for intelligence purposes, regardless of the policy framework. The Web Public Key Infrastructure (PKI) we daily rely on provides an appealing target for attack. The […]

Tags: , , , , , ,
Posted in Conference, Internet, Security Comments Off on DeepSec Video: illusoryTLS – Nobody But Us. Impersonate,Tamper and Exploit

DeepSec Video: Measuring the TOR Network

February 13, 2016

A lot of people use TOR for protecting themselves and others. Fortunately the TOR network is almost all around us. But what does it do? How can you get access to metrics? TOR is an anonymisation network and by design doesn’t know anything about its users. However, the question about the structure of the user […]

Tags: , , , ,
Posted in Conference, Internet, Security 1 Comment »

DeepSec Video: Cryptographic Enforcement of Segregation of Duty within Work-Flows

February 12, 2016

Calling for encryption and implementing it may be easy at a first glance. The problem starts  when you have to grant access to data including a segregation of duty. Workflows with Segregation-of-Duty requirements or involving multiple parties with non-aligned interests (typically mutually distrustful) pose interesting challenges in often neglected security dimensions. Cryptographic approaches are presented […]

Tags: , , ,
Posted in Conference, Security 2 Comments »

DeepSec Video: Agile Security – The Good, The Bad, and mostly the Ugly

February 11, 2016

How do you manage your technical and operational security? Do you follow a model? If so, what’s the flavour? Do you borrow concepts from software development? In case you do or you plan to do, then Daniel Liber might have some ideas for you. At DeepSec 2015 he held a presentation about Agile and a […]

Tags: , , , ,
Posted in Conference, Security 1 Comment »