Internet

DeepSec 2016 Talk: Where Should I Host My Malware? – Attila Marosi

Posted by on October 18, 2016 at 9:15 am

The growth of IoT devices continues to raise questions about their role and impact on cybersecurity. Badly or poorly configured devices are easy targets for malicious actors. At first glance launching an attack against IoT devices seems challenging due to the diversity of their ecosystem, but actually an attack is very easy to execute. In his talk Attila Marosi […]

DeepSec 2016 Talk: Unveiling Patchwork – Gadi Evron

Posted by on October 17, 2016 at 11:15 am

Nation state attacks are very popular – in the news and in reality. High gain, low profile, maximum damage. From the point of information security it is always very insightful to study the anatomy of these attacks once they are known. Looking at ways components fail, methods adversaries use for their own advantage, and thinking […]

DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin

Posted by on October 16, 2016 at 1:37 pm

At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered. Paul will provide you with defensive mitigations and recommendations for adding secure […]

Smart Homes are the battlefield of the future – DeepSec Conference examines the Internet of Things

Posted by on October 14, 2016 at 1:37 pm

The Internet of Things is knocking at your door. Many businesses and private individuals have already admitted IoT to their offices and homes, unfortunately often without knowing what they’ve let themselves in for. A naive belief in progress opens all gates, doors and windows to attackers. This is a serious matter. Therefore, DeepSec Conference will […]

DeepSec2016 Talk: The (In)Security or Sad State of Online Newspapers – Ashar Javed

Posted by on October 8, 2016 at 9:30 am

Web sites are simply, one might think. The client requests a page, the server sends it, the layout is applied, and your article appears. This is a heavy simplification. It worked like this back in 1994. Modern web sites are much more complex. And complexity attracts curious minds. Usually that’s what gets you into trouble. […]

DeepSec2016 Talk: Behavioral Analysis from DNS and Network Traffic – Josh Pyorre

Posted by on October 4, 2016 at 1:12 pm

What’s in a name? A rose? The preparation for an attack? Or simply your next web page you will be looking at? The Domain Name System (DNS) has gone a long way from replacing text lists of hosts to a full directory service transporting all kinds of queries. DNS even features a security protocol for […]

DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco

Posted by on September 20, 2016 at 6:15 pm

Do you remember the days of Wired Equivalent Privacy (WEP)? One might almost say security design was bad back then. The question is: Has it really improved? Proper encryption and authentication is only a part of the design. In the case of wireless networking there is a whole lot more to consider. Shooting clients off […]

Deep Sec2016 Talk: DROWN – Breaking TLS using SSLv2 – Nimrod Aviram

Posted by on September 5, 2016 at 1:37 pm

In the past years encrypted communication has been subject to intense scrutiny by researchers. With the advent of Transport Layer Security (TLS) Internet communication via HTTP became a lot more secure. Its predecessor Secure Sockets Layer (SSL) must not be used any more. The real world has its own ideas. SSLv2 and SSLv3 is still […]

DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Posted by on September 2, 2016 at 9:01 am

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We […]

The Internet of Threats revisited

Posted by on July 14, 2016 at 1:12 pm

Everyone is talking about the Internet of Things. Connecting household applications (yes, applications, appliances is so 1990s) to a network hasn’t been more fun than now. Also measuring things is great. Today most sensors are deployed to generate endless streams of data because we can, not because there is a need for it. And I […]

DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

Posted by on March 2, 2016 at 8:15 am

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering […]

DeepSec Video: DDoS – Barbarians at the Gate(way)

Posted by on February 23, 2016 at 8:01 am

Unfortunately the Internet doesn’t follow the rules of economic theory. Unlimited growth is a myth best kept for feeding your unicorns. Of course, the Internet has grown, but the mathematics and physics behind network flows stay the same. If your pipe is full, then you are going nowhere. This is why Distributed Denial of Service […]

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

Posted by on February 22, 2016 at 8:15 am

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is […]

DeepSec Video: illusoryTLS – Nobody But Us. Impersonate,Tamper and Exploit

Posted by on February 15, 2016 at 9:15 am

Cryptographic backdoors are a timely topic often debated as a government matter to legislate on. At the same time, they define a space that some entities might have practically explored for intelligence purposes, regardless of the policy framework. The Web Public Key Infrastructure (PKI) we daily rely on provides an appealing target for attack. The […]

DeepSec Video: Measuring the TOR Network

Posted by on February 13, 2016 at 9:15 am

A lot of people use TOR for protecting themselves and others. Fortunately the TOR network is almost all around us. But what does it do? How can you get access to metrics? TOR is an anonymisation network and by design doesn’t know anything about its users. However, the question about the structure of the user […]