Archive for October, 2016

DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

October 31, 2016

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection […]

Tags: , , , , , ,
Posted in Conference, Security 1 Comment »

DeepSec2016 Workshop: IoT Hacking: Linux Embedded, Bluetooth Smart, KNX Home Automation – Slawomir Jasek

October 31, 2016

“The ongoing rise of the machines leaves no doubt – we have to face them”, says Slawomir Jasek, and adds: “It is hard not to agree with one of the greatest military strategists Sun Tzu: “If you know your enemies and know yourself, you will not be put at risk even in a hundred battles”. […]

Tags: , , , , ,
Posted in Conference, Internet, Security 6 Comments »

DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco

October 21, 2016

Please tell us the top facts about your talk. It discloses a vulnerability that affects Linux systems encrypted with Luks, and how it can be abused to escalate privileges: CVE-2016-4484 Includes a sketch of the boot sequence with a deeper insight into the initrd Linux process A brief discussion about why complexity is the enemy of security: The […]

Tags: , , , , , ,
Posted in Conference, Interview No Comments »

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

October 21, 2016

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a […]

Tags: , , , , ,
Posted in Conference, Development, Security No Comments »

DeepSec2016: 0patch – Self-healing Security Updates. DeepSec and ACROS Security Introduce a Platform for Micropatches

October 20, 2016

As soon as a security gap in an computer application is made public the anxious wait begins. Whether it is software for your own network, online applications or apps for your mobile devices, as a user you will quickly become aware of your own vulnerability. The nervousness increases. When will the vendor publish the security update? In […]

Tags: , , , , , ,
Posted in Conference, Development, Schedule, Security, Training 3 Comments »

DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal

October 20, 2016

In his talk Nikhil Mittal will focus on AMSI: In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI), which is designed to target script based attacks and malware. Script based attacks have been lethal for enterprise security and with the advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written […]

Tags: , , , ,
Posted in Conference, Development, Security No Comments »

DeepSec 2016 Talk: TLS 1.3 – Lessons Learned from Implementing and Deploying the Latest Protocol – Nick Sullivan

October 19, 2016

Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. TLS was last changed in 2008, and a lot of progress has been made since then. CloudFlare […]

Tags: , , , , ,
Posted in Conference, Development, Internet, Security 3 Comments »

DeepSec 2016 Talk: Where Should I Host My Malware? – Attila Marosi

October 18, 2016

The growth of IoT devices continues to raise questions about their role and impact on cybersecurity. Badly or poorly configured devices are easy targets for malicious actors. At first glance launching an attack against IoT devices seems challenging due to the diversity of their ecosystem, but actually an attack is very easy to execute. In his talk Attila Marosi […]

Tags: , , , , ,
Posted in Conference, Internet, Security No Comments »

DeepSec 2016 Talk: Unveiling Patchwork – Gadi Evron

October 17, 2016

Nation state attacks are very popular – in the news and in reality. High gain, low profile, maximum damage. From the point of information security it is always very insightful to study the anatomy of these attacks once they are known. Looking at ways components fail, methods adversaries use for their own advantage, and thinking […]

Tags: , , , , ,
Posted in Conference, Internet, Security Intelligence 4 Comments »

DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin

October 16, 2016

At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered. Paul will provide you with defensive mitigations and recommendations for adding secure […]

Tags: , , , , ,
Posted in Conference, Internet, Security 1 Comment »

DeepSec2016 Talk: Security and Privacy in the Current E-Mobility Charging Infrastructure – Achim Friedland

October 15, 2016

The whole information technology strongly depends on electric power. Your servers will turn into expensive door stoppers once the power goes out. The same is true for your mobile devices and the hardware you use to get around. Hence there are efforts to extend the power grid to accommodate the demand of new and emerging […]

Tags: , , , ,
Posted in Conference, Development, Security 4 Comments »

DeepSec2016 Workshop: Offensive PowerShell for Red and Blue Teams – Nikhil Mittal

October 14, 2016

Penetration Tests and Red Team operations for secured environments need altered approaches, says Nikhil Mittal. You cannot afford to touch disks, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. PowerShell has changed the way […]

Tags: , , , ,
Posted in Conference, Security, Training No Comments »

Smart Homes are the battlefield of the future – DeepSec Conference examines the Internet of Things

October 14, 2016

The Internet of Things is knocking at your door. Many businesses and private individuals have already admitted IoT to their offices and homes, unfortunately often without knowing what they’ve let themselves in for. A naive belief in progress opens all gates, doors and windows to attackers. This is a serious matter. Therefore, DeepSec Conference will […]

Tags: , , , , , , , ,
Posted in Conference, Internet, Press, Security, Veranstaltung 5 Comments »

DeepSec 2016 Talk: The Perfect Door and The Ideal Padlock – Deviant Ollam

October 14, 2016

You have spent lots of money on a high-grade pick-resistant lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have […]

Tags: , , , ,
Posted in Conference, Discussion, Security 1 Comment »

DeepSec 2016 Workshop: Do-It-Yourself Patching: Writing Your Own Micropatch – Mitja Kolsek

October 13, 2016

The current state of updating software – be it operating systems, applications or appliances – is arguably much better than it was a decade ago, but apparently not nearly good enough to keep even the most critical systems patched in a timely manner – or at all, says Mitja Kolsek. Official vendor updates are cumbersome, […]

Tags: , , , , ,
Posted in Conference, Development, Security, Training 5 Comments »