0309, 2016

DeepSec 2016 Workshop: Penetration Testing Humans – Bethany Ward & Cyni Winegard

Sanna/ September 3, 2016/ Conference, Security, Training

Do you know the film where the victim gets an unsuspecting phone call and dies three days later? No? Relax, it happens in the real world, too. The difference is that you get a quite normal phone call at the office and three days later some of your data has been copied. The technical term is leaked, also known as stolen. All your security measures will be untouched. Why break into a firewall or into servers when you get the access credentials by phone? Social engineering is an advanced and very persistent threat. You probably get phone calls and emails every day. You may often interact with people you have never seen or met before. Given the right approach they will make you and your employees believe anything. In turn this technique is very

Read More

0209, 2016

DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Sanna/ September 2, 2016/ Conference, Internet, Security, Training

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We bet that you have something exposed on the Web and even probably don’t know about it. Don’t worry. Instead attend the DeepSec training session „Hacking Web Applications“ conducted by Dawid Czagan. He will teach you about what to look for when examining web applications with a focus on information security. This hands-on web application hacking training is based on authentic, award-winning security bugs identified in some of the greatest companies (Google, Yahoo!, Mozilla, Twitter, etc.). You will learn how bug hunters

Read More

0109, 2016

DeepSec 2016 Schedule explained in a Series of Articles

René Pfeiffer/ September 1, 2016/ Administrivia, Conference, Schedule

We have almost finished the reviews of the submissions for DeepSec 2016. The preliminary schedule is already online. Our staff got quite some impatient requests about what to expect from the conference. Due to the sheer amount of submissions it was very difficult to review the content. We really read what you submit. We ask questions; we discuss the focus of the conference. While we try to suggest a motto when sending out the Call for Papers, we never know what the focus will be. It all depends on the presenters and trainers. Hopefully we found the right balance for all of you. Since the schedule is a short summary we have started to compile material about every talk and workshop. The series of articles will start tomorrow. It is a good way to

Read More