Conference

DeepSec 2017 Workshop: Hunting The Adversary – Developing And Using Threat Intelligence – John Bambenek

Posted by on October 12, 2017 at 11:46 am

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just […]

Google supports DeepSec 2017

Posted by on October 12, 2017 at 10:09 am

You have probably heard of Google. Well, you will be hearing more from them if you come to DeepSec 2017. They have agreed to support our conference. They will be on site, and you will be able to talk to them. Every year we aim to give you opportunities for a short-cut, for exchanging ideas, […]

DeepSec2017 Workshop: SAP CTF Pentest : From Outside To Company Salaries Tampering – Yvan Genuer

Posted by on October 10, 2017 at 9:03 pm

The SAP business suite is widespread among enterprises. It is the heart of the operation, at least in terms of business logic, administration, accounting, and many other cornerstones of big companies. SAP itself was founded in 1972. Its software has now grown up and lives with the Internet and cloud platforms next door. Due to […]

DeepSec 2017 Talk: How To Hide Your Browser 0-days: Free Offense And Defense Tips Included – Zoltan Balazs

Posted by on October 9, 2017 at 8:05 am

There is a famous thought experiment described in the book A Treatise Concerning the Principles of Human Knowledge. It deals with the possibility of unperceived existence; for example does a falling tree in the forest make a sound when no one is around to hear it? Given the many reports and mentions about zero-day exploits, […]

DeepSec 2017 Talk: BITSInject – Control Your BITS, Get SYSTEM – Dor Azouri

Posted by on October 8, 2017 at 8:30 am

Microsoft has introduced the Background Intelligent Transfer Service (BITS) into Windows 2000 and later versions of the operating system. Windows 7 and Windows Server 2008 R2 feature the version 4.0 of the protocol. BITS is designed to use idle bandwidth in order to transfer data to and from servers. BITS is an obedient servant, and […]

DeepSec 2017 Talk: XFLTReaT: A New Dimension In Tunnelling – Balazs Bucsay

Posted by on October 7, 2017 at 8:05 am

“Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter”, says Balazs. “It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol […]

DeepSec 2017 Talk: Insecurity In Information Technology – Tanya Janca

Posted by on October 6, 2017 at 8:05 am

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation is further strained. This silo-filled, tension-laced […]

DeepSec 2017 Talk: Bypassing Web Application Firewalls – Khalil Bijjou

Posted by on October 5, 2017 at 1:43 pm

Everyone has firewalls or filters. They are now called application-level gateway (ALG) and have lots of features included. Algorithms, signatures, heuristics, protocol checks, verification; you name it. It’s all in there. But does it work? Obfuscation and evading technology has been around since the first filter was created. Anticipating what data might look like is […]

DeepSec 2017 Talk: Hacking The Brain For Fun And Profit – Stefan Hager

Posted by on October 2, 2017 at 8:15 am

You are what you think. At least we think so. Is this mental model the right way to explore our surroundings and our interconnected world? Well, let’s find out by thinking about it. When we’re talking and thinking about security, we very often have a rather fixed mindset and keep using what we think are […]

DeepSec 2017 Talk: Essential Infrastructure Interdependencies: Would We Be Prepared For Significant Interruptions? – Herbert Saurugg

Posted by on September 29, 2017 at 8:05 am

How would your day look without electrical power? Given the fact that we rely on information technology every single minute of our lives (well, mostly), this would be a very dark outlook indeed. Knocking out the power grid is a tactic used by the military. They have even special tools for disabling power lines and […]

DeepSec 2017 Talk: Uncovering And Visualizing Botnet Infrastructure And Behavior – Andrea Scarfo & Josh Pyorre

Posted by on September 28, 2017 at 8:45 am

When you read about information security, then you might get the impression that there are lots of nameless threats Out There™. Especially when it comes to networked malicious software, i.e. malware, that forms robot armies, the picture gets a lot more vague and foggy. So you need to get some details to sharpen your view. […]

DeepSec 2017 Talk: Next-Gen Mirai Botnet – Balthasar Martin & Fabian Bräunlein

Posted by on September 27, 2017 at 10:17 am

While you were living in a cave, devices took over the world and got connected to the network. This is the state of affairs we live in right now. As long as nothing happens we don’t notice anything about it. The Mirai (未来) botnet changed this all of a sudden. Consumer devices were drafted into […]

DeepSec 2017 Schedule Update, Review Status, Disputes, and Trainings

Posted by on September 26, 2017 at 12:53 am

The DeepSec 2017 schedule is still preliminary. We are almost done, and we have a small update. Some of you have noticed that the schedule featured a training about mobile security. The outline as shown as in the schedule was identical to a different course from a different trainer. We received a complaint, we got […]

DeepSec 2017 Early Bird Tariff ends on 25 September

Posted by on September 22, 2017 at 7:25 am

The early bird tariff for DeepSec 2017 (and ROOTS) ends on 25 September 2017. We recommend buying your ticket now. Save some money! In addition we ask you to book the workshop you want to visit as early as possible! Every year we see sad faces, because the workshop of your choice had to be […]

Workshops, Trainings, Talks: DeepSec and ROOTS Schedule Update

Posted by on September 20, 2017 at 3:43 pm

As you might have noticed, the DeepSec schedule is not complete yet. Furthermore the ROOTS schedule is not published at all. The reason for this are the still pending reviews. The major part concerns ROOTS. ROOTS is an academic workshop where academic publications are presented. There has been some confusion about the term workshop. In […]