Archive for October, 2016

DeepSec2016 Talk: Java Deserialization Vulnerabilities – The Forgotten Bug Class – Matthias Kaiser

October 13, 2016

Most programming languages and frameworks have support for serialization of data. It’s quite handy for storing things to disk (or other media) and transporting them around a network for example. The process can be reversed, aptly called deserialization, in order to obtain the original pieces of data. Great. Even though this process sounds simple, there […]

Tags: , , , , ,
Posted in Conference, Development, Security 4 Comments »

DeepSec 2016 Workshop: Fundamentals of Routing and Switching from a Blue and Red Team Perspective – Paul Coggin

October 12, 2016

Penetrating networks has never been easier. Given the network topology of most companies and organisations, security has been reduced to flat networks. There is an outside and an inside. If you are lucky there is an extra network for exposed services. Few departments have retained the skills to properly harden network equipment – and we […]

Tags: , , , , , ,
Posted in Security, Training Comments Off on DeepSec 2016 Workshop: Fundamentals of Routing and Switching from a Blue and Red Team Perspective – Paul Coggin

DeepSec 2016 Talk: Brace Yourselves – Exploit Automation is Coming! – Andreas Follner

October 12, 2016

Automating tasks is not only the domain of system administrators. We use computers for a lot of dull and boring processes. This enhances productivity and enables us to focus on problem solving. That’s good news. The bad news is that your adversaries can do this, too. While there are still more than enough hand-crafted attacks […]

Tags: , , ,
Posted in Conference, Development, Security 6 Comments »

DeepSec2016 Talk: The (In)Security or Sad State of Online Newspapers – Ashar Javed

October 8, 2016

Web sites are simply, one might think. The client requests a page, the server sends it, the layout is applied, and your article appears. This is a heavy simplification. It worked like this back in 1994. Modern web sites are much more complex. And complexity attracts curious minds. Usually that’s what gets you into trouble. […]

Tags: , , , , ,
Posted in Conference, Internet, Press 4 Comments »

DeepSec Talk 2016: Inside Stegosploit – Saumil Shah

October 7, 2016

Stegosploit creates a new way to encode “drive-by” browser exploits and delivers them through image files. Using current means these payloads are undetectable. In his talk Saumil Shah discusses two broad underlying techniques used for image based exploit delivery – Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant […]

Tags: , , , ,
Posted in Conference, Pictures, Security Comments Off on DeepSec Talk 2016: Inside Stegosploit – Saumil Shah

DeepSec 2016 Talk: Social Engineering The Most Underestimated APT – Hacking the Human Operating System – Dominique C. Brack

October 5, 2016

Social Engineering is an accepted Advanced Persistent Threat (APT) and is going to stay according to Dominique C. Brack of the Reputelligence, Social Engineering Engagement Framework (SEEF). Most of the high-value hacking attacks include components of social engineering. Understanding the behind the scene methods and approaches of social engineering will help you make the world a safer […]

Tags: , , , , ,
Posted in Conference, Security 2 Comments »

DeepSec2016 Talk: Behavioral Analysis from DNS and Network Traffic – Josh Pyorre

October 4, 2016

What’s in a name? A rose? The preparation for an attack? Or simply your next web page you will be looking at? The Domain Name System (DNS) has gone a long way from replacing text lists of hosts to a full directory service transporting all kinds of queries. DNS even features a security protocol for […]

Tags: , , , , ,
Posted in Conference, Internet, Security 1 Comment »