Security

DeepSec Talk 2017: Normal Permissions In Android: An Audiovisual Deception – Constantinos Patsakis

Posted by on October 17, 2017 at 8:01 am

The Marshmallow version was a significant revision for Android. Among the new features that were introduced one of the most significant is, without any doubt, the runtime permission. The permission model was totally redesigned, categorising the permissions into four main categories. The main concept of this categorisation is how much risk a user is exposed […]

Science First! – University of Applied Sciences Upper Austria (FHOOe) supports DeepSec

Posted by on October 12, 2017 at 5:00 pm

The motto of DeepSec 2017 is „Science first!“. This is expressed by the co-located ROOTS workshop, many speakers from academics, topics fresh from the front lines of research, and a mindset that favours facts over fake content or showmanship. This is why we want to thank the University of Applied Sciences Upper Austria for their […]

DeepSec 2017 Talk: BITSInject – Control Your BITS, Get SYSTEM – Dor Azouri

Posted by on October 8, 2017 at 8:30 am

Microsoft has introduced the Background Intelligent Transfer Service (BITS) into Windows 2000 and later versions of the operating system. Windows 7 and Windows Server 2008 R2 feature the version 4.0 of the protocol. BITS is designed to use idle bandwidth in order to transfer data to and from servers. BITS is an obedient servant, and […]

DeepSec 2017 Talk: XFLTReaT: A New Dimension In Tunnelling – Balazs Bucsay

Posted by on October 7, 2017 at 8:05 am

“Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter”, says Balazs. “It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol […]

DeepSec 2017 Talk: Insecurity In Information Technology – Tanya Janca

Posted by on October 6, 2017 at 8:05 am

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation is further strained. This silo-filled, tension-laced […]

DeepSec 2017 Talk: Bypassing Web Application Firewalls – Khalil Bijjou

Posted by on October 5, 2017 at 1:43 pm

Everyone has firewalls or filters. They are now called application-level gateway (ALG) and have lots of features included. Algorithms, signatures, heuristics, protocol checks, verification; you name it. It’s all in there. But does it work? Obfuscation and evading technology has been around since the first filter was created. Anticipating what data might look like is […]

DeepSec 2017 Talk: Next-Gen Mirai Botnet – Balthasar Martin & Fabian Bräunlein

Posted by on September 27, 2017 at 10:17 am

While you were living in a cave, devices took over the world and got connected to the network. This is the state of affairs we live in right now. As long as nothing happens we don’t notice anything about it. The Mirai (未来) botnet changed this all of a sudden. Consumer devices were drafted into […]

44CON revisited: Secure Design in Software is still a new Concept

Posted by on September 20, 2017 at 8:51 am

We have been to 44CON, and we returned with lots of ideas and scary news about the state of security in devices and applications. Given the ever spreading Internet of Things (IoT) you can see why connecting random devices via a network with no second thoughts about design, updates, or quality control is a bad […]

DeepSec 2017 Training: The ARM IoT Exploit Laboratory

Posted by on August 29, 2017 at 5:25 pm

If the Internet of Things (IoT) will ever leave puberty, it has to deal with the real world. This means dealing with lies, fraud, abuse, exploits, overload, bad tempered clients (and servers), and much more. Analysing applications is best done by looking at what’s behind the scenes. IoT devices, their infrastructure, billions of mobile devices, […]

DeepSec 2017 Talk: Malware Analysis: A Machine Learning Approach – Chiheb Chebbi

Posted by on August 26, 2017 at 2:13 pm

Software has a character. It can be beneficial. It can also be malicious. A networked business world and the Internet of connected individuals make life for malicious software, also known as malware, easier. Just like international travel facilitates the spread of diseases and parasites, the networked globe is a big advantage for malware. Researcher can […]

DeepSec 2017 Keynote: Social Science First! – Dr. Jessica Barker

Posted by on August 24, 2017 at 5:24 pm

While the schedule is still preliminary, we have already some confirmations from our speakers. We are happy to announce Dr Jessica Barker as the keynote speaker for DeepSec 2017. Information security has a lot to do with interactions. Despite AI (a.k.a. Assisted Intelligence), „smart“ assistants (a.k.a. paper clips on steroids), and a metric ton of […]

Decline of the Scientific Method: New (Austrian) “Trojan” Law without Technical Expertise

Posted by on August 3, 2017 at 2:27 pm

The Crypto Wars are still raging despite everyone relying on secure communication. Everyone means everyone. The good thing is that mathematics still works, even though some people wouldn’t want it to. The latest cryptographic review comes from Amber Rudd, the current UK Home Secretary. She said recently: “Real people often prefer ease of use and […]

Unicorns in the Wild – Information Security Skills and how to achieve them

Posted by on July 27, 2017 at 12:22 pm

Everyone talks about information security, countering „cyber“ threats, endless feats of hackers gone wrong/wild, and more epic stories. Once you have realised that you are reading the news and not a script for a TV series, you are left with one question: What are information security skills? The next question will probably be: How do […]

Malicious Software explores new Business Models – Politics

Posted by on July 19, 2017 at 2:25 pm

Malicious software has become a major component of criminal business and geopolitics. In addition it is a convenient explanation for anything one does not want to investigate. Since code always come from somewhere you have to ask yourself many more questions when it comes to infected networks and compromised hosts. What is the agenda of […]

ROOTS 2017, DeepSec, and DeepINTEL Call for Papers are still open

Posted by on June 26, 2017 at 2:38 pm

Our wonderful world of technology is full of surprises, bugs, intentional weaknesses, adversaries, defenders, vendors, and users. Some software just got more lines of code instead of a decent audit or refactoring. Everything is turning smart, but no one knows what smart really means. Big Data is all the fashion, Big Knowledge still isn’t. So […]