Author Archive

DeepINTEL 2017 – Modern Strategies for Information Security

March 13, 2017

Seminar on Digital Defence with Experts. The news is full of reports covering attacks against networked systems and digital components. Every day there is new media coverage about stolen data, compromised accounts, the impact of malicious software, digital second strikes, cyber attacks between countries and new vulnerabilities in computer systems. All that leads to the […]

Tags: , , , , ,
Posted in Conference, Security Intelligence, Veranstaltung No Comments »

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

November 9, 2016

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis […]

Tags: , , , , , , ,
Posted in Conference, Development, Internet, Report, Security Comments Off on DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

DeepSec 2016 Keynote: Security in my Rear-View Mirror – Marcus J. Ranum

November 8, 2016

Everything that’s old is new again, and if you work in security long enough, you’ll see the same ideas re-invented and marketed as the new new thing. Or, you see solutions in search of a problem, dusted off and re-marketed in a new niche. At this year’s DeepSec conference the keynote will be given by Marcus Ranum, who set […]

Tags: , , ,
Posted in Conference, Discussion, Security, Stories 3 Comments »

DeepSec 2016 Talk: Systematic Fuzzing and Testing of TLS Libraries – Juraj Somorovsky

November 8, 2016

In his talk Juraj Somorovsky presents TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, he and his team first developed a two-stage TLS fuzzing approach. […]

Tags: , , , , , ,
Posted in Conference, Development, Security 15 Comments »

DeepSec2016 Talk: Smart Sheriff, Dumb Idea: The Wild West of Government Assisted Parenting – Abraham Aranguren & Fabian Fäßler

November 4, 2016

Would you want to let your kids discover the darker corners of the Internet without protection? Wouldn’t it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit and even when they play games? Worry no longer, […]

Tags: , , , , ,
Posted in Conference, Legal, Security, Stories 2 Comments »

DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

November 3, 2016

If you follow the news on information security, you see superlative after superlative. Millions of passwords were stolen. Hundreds of thousands of cameras suddenly became tools for blackmail. Countless data got copied unauthorized. Often, after a few paragraphs, your read about technical solutions that should put a stop to these burglaries. Therefore one forgets that […]

Tags: , , , ,
Posted in Conference, Press, Schedule, Training Comments Off on DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

November 3, 2016

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have […]

Tags: , , , , ,
Posted in Conference, Internet, Security Comments Off on DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

November 3, 2016

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. […]

Tags: , , , , ,
Posted in Conference, Security, Security Intelligence Comments Off on DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

DeepSec 2016 Talk: Why Companies Must Control Their Data in the Era of IoT – and How To – Kurt Kammerer

November 3, 2016

In his talk Kurt Kammerer addresses any company’s dilemma: The need for data sharing in the era of IoT while at the same time controlling access and ownership. In order to succeed in business, it is imperative to make data available to customers, suppliers and business partners. However, the explosion and the proclaimed free flow […]

Tags: , , , , ,
Posted in Conference, Internet, Interview, Security 1 Comment »

DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

October 31, 2016

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection […]

Tags: , , , , , ,
Posted in Conference, Security 1 Comment »

DeepSec2016 Workshop: IoT Hacking: Linux Embedded, Bluetooth Smart, KNX Home Automation – Slawomir Jasek

October 31, 2016

“The ongoing rise of the machines leaves no doubt – we have to face them”, says Slawomir Jasek, and adds: “It is hard not to agree with one of the greatest military strategists Sun Tzu: “If you know your enemies and know yourself, you will not be put at risk even in a hundred battles”. […]

Tags: , , , , ,
Posted in Conference, Internet, Security 6 Comments »

DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco

October 21, 2016

Please tell us the top facts about your talk. It discloses a vulnerability that affects Linux systems encrypted with Luks, and how it can be abused to escalate privileges: CVE-2016-4484 Includes a sketch of the boot sequence with a deeper insight into the initrd Linux process A brief discussion about why complexity is the enemy of security: The […]

Tags: , , , , , ,
Posted in Conference, Interview Comments Off on DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

October 21, 2016

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a […]

Tags: , , , , ,
Posted in Conference, Development, Security Comments Off on DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

DeepSec2016: 0patch – Self-healing Security Updates. DeepSec and ACROS Security Introduce a Platform for Micropatches

October 20, 2016

As soon as a security gap in an computer application is made public the anxious wait begins. Whether it is software for your own network, online applications or apps for your mobile devices, as a user you will quickly become aware of your own vulnerability. The nervousness increases. When will the vendor publish the security update? In […]

Tags: , , , , , ,
Posted in Conference, Development, Schedule, Security, Training 3 Comments »

DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal

October 20, 2016

In his talk Nikhil Mittal will focus on AMSI: In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI), which is designed to target script based attacks and malware. Script based attacks have been lethal for enterprise security and with the advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written […]

Tags: , , , ,
Posted in Conference, Development, Security Comments Off on DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal