Archive for September, 2016

CERT.at supports the DeepSec 2016 Conference

September 27, 2016

We welcome the Computer Emergency Response Team Austria as a support of DeepSec 2016! CERT.at is the primary contact point for IT-security in a national context. CERT.at will coordinate other CERTs operating in the area of critical infrastructure or communication infrastructure. When it comes to incident response, the coordination of any information regarding the event […]

Tags: , , ,
Posted in Conference, Security Comments Off on CERT.at supports the DeepSec 2016 Conference

DeepSec2016 Talk: Cover Your SaaS: Protecting Your Cloud With Analytics and Machine Learning – Ian Thornton-Trump

September 24, 2016

Some people call military intelligence an oxymoron. This usually happens when something goes wrong. It might be due to sloppy reconnaissance, operations, or simply bad luck. While it’s always good to have someone or something to blame, things are not so easy in modern „cyberspace“. Improving your security means to have something to base this […]

Tags: , , , , , , ,
Posted in Conference, Security, Security Intelligence Comments Off on DeepSec2016 Talk: Cover Your SaaS: Protecting Your Cloud With Analytics and Machine Learning – Ian Thornton-Trump

DeepSec 2016 Talk: Fuzzing Remote Interfaces for System Services in Android – Alexandru Blanda

September 23, 2016

When in doubt, go for the core. This statement is true for most Star Wars films. It is also valid for any kind of security research. Modern software has tons of dependencies, metric or otherwise. In addition, most platforms provide a set of basic components accessible by API. The wheel has been invented already. So […]

Tags: , , , ,
Posted in Conference, Security 1 Comment »

DeepSec 2016 Talk: Malicious Hypervisor Threat – Phase Two: How to Catch the Hypervisor – Mikhail A. Utin

September 22, 2016

The blue/red pill analogy has been used a lot when it comes to hypervisor security and virtualisation. While there are reliable ways to determine if your code runs in a hypervisor or not, the underlying problem still persists. How do you know if the platform your code runs on watches every single move, i.e. instruction […]

Tags: , , , ,
Posted in Conference, Security 2 Comments »

DeepSec2016 Workshop: Secure Web Development – Marcus Niemietz

September 21, 2016

The World Wide Web is everywhere. It has become the standard protocol for transferring data, accessing applications, configuring devices, controlling software, or even multimedia streaming. Most software development can’t be done without web applications. Despite the easy concept the technologies used in „HTTP/HTTPS“ have grown in very complex beasts. Few get it right, lots of […]

Tags: , , , , , , , ,
Posted in Development, Security, Training 6 Comments »

DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco

September 20, 2016

Do you remember the days of Wired Equivalent Privacy (WEP)? One might almost say security design was bad back then. The question is: Has it really improved? Proper encryption and authentication is only a part of the design. In the case of wireless networking there is a whole lot more to consider. Shooting clients off […]

Tags: , , , ,
Posted in Conference, Internet, Security Comments Off on DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco

Last Call for Early Bird Tickets – DeepSec 2016

September 20, 2016

We are back from 44CON and thoroughly enjoyed our time in London. The keynotes were great. The presenters showed a lot of interesting thoughts and facts you can use for attack and defence. Furthermore the conversations with attendees and speakers were very fruitful. You really cannot plan what you will be talking about. This is […]

Tags: , ,
Posted in Administrivia, Conference Comments Off on Last Call for Early Bird Tickets – DeepSec 2016

Firmware Threats – House of Keys

September 10, 2016

SEC Consult, our long-term supporter, has updated a report on the use of encryption keys in firmware. These hardcoded cryptographic secrets pose a serious threat to information security. The report features 50 different vendors and has some interesting statistics. The results were coordinated with CERT/CC in order to inform the vendors about the problem. The […]

Tags: , , ,
Posted in Discussion, Security Comments Off on Firmware Threats – House of Keys

DeepSec 2016 Workshop: Deploying Secure Applications with TLS – Juraj Somorovsky

September 9, 2016

Cryptography is all around us. It has become something like the background radiation of the networked world. We use it on a daily basis. Since nothing usually comes into existence by mistake, there must be someone responsible for deploying this crypto stuff. You are right. Software developers, mathematicians, engineers, system administrators, and many more people […]

Tags: , , , , , ,
Posted in Security, Training Comments Off on DeepSec 2016 Workshop: Deploying Secure Applications with TLS – Juraj Somorovsky

DeepSec 2016 Talk: CSP Is Dead, Long Live Strict CSP! – Lukas Weichselbaum

September 8, 2016

The Content Security Policy (CSP) is an additional layer of security for web applications. It is intended to detect and mitigate certain types of attacks. CSP is deployed by using the HTTP Content-Security-Policy header for publishing a policy. The policy instructs the web client how various resources will be used, where they come from, and […]

Tags: , , , , ,
Posted in Conference Comments Off on DeepSec 2016 Talk: CSP Is Dead, Long Live Strict CSP! – Lukas Weichselbaum

DeepSec2016 Talk: badGPO – Using GPOs for Persistence and Lateral Movement – Yves Kraft & Immanuel Willi

September 7, 2016

System administration has evolved a lot during the past decades. Instead of enjoying long walks through the forests of servers and clients, the modern sysadmin controls the whole infrastructure by policies. Most operating systems can take advantage of this technology. As with software upgrades, these tools can make your life easier – or help an […]

Tags: , , ,
Posted in Conference, Development, Security 5 Comments »

DeepSec 2016 Talk: Machine Duping – Pwning Deep Learning Systems – Clarence Chio

September 6, 2016

Give a man a computer, and you 0wn him for a day. Teach a man to employ machine learning, and he will have to battle Skynet for a lifetime. This quote might not be the exact copy of the original, but it will do. Machine now learn stuff. Hence the are of machine learning is […]

Tags: , , ,
Posted in Conference, Security 4 Comments »

Of Clouds & Cyber: A little Story about Wording in InfoSec

September 5, 2016

In case you ever received a message about our calls for papers, you may have noticed that we do not like the word cyber. Of course we know that it is used widely. Information security experts are divided if it should be used. Some do it, some reject it, some don’t know what to do […]

Tags: , , ,
Posted in Discussion, High Entropy Comments Off on Of Clouds & Cyber: A little Story about Wording in InfoSec

Deep Sec2016 Talk: DROWN – Breaking TLS using SSLv2 – Nimrod Aviram

September 5, 2016

In the past years encrypted communication has been subject to intense scrutiny by researchers. With the advent of Transport Layer Security (TLS) Internet communication via HTTP became a lot more secure. Its predecessor Secure Sockets Layer (SSL) must not be used any more. The real world has its own ideas. SSLv2 and SSLv3 is still […]

Tags: , , , , , ,
Posted in Conference, Internet 2 Comments »

DeepSec2016 Workshop: Offensive iOS Exploitation – Marco Lancini

September 4, 2016

If an iPhone gets exploited in the forest and no one is around to 0wn it, does it worry you? This philosophical question has been answered sufficiently by the latest Pegasus incident. All smartphone should worry you. The iPhone and its operating system is no exception. Actually breaking a smartphone give an attacker a lot […]

Tags: , , , , ,
Posted in Conference, Training 2 Comments »