Security

DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin

Posted by on October 16, 2016 at 1:37 pm

At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered. Paul will provide you with defensive mitigations and recommendations for adding secure […]

DeepSec2016 Talk: Security and Privacy in the Current E-Mobility Charging Infrastructure – Achim Friedland

Posted by on October 15, 2016 at 9:45 am

The whole information technology strongly depends on electric power. Your servers will turn into expensive door stoppers once the power goes out. The same is true for your mobile devices and the hardware you use to get around. Hence there are efforts to extend the power grid to accommodate the demand of new and emerging […]

DeepSec2016 Workshop: Offensive PowerShell for Red and Blue Teams – Nikhil Mittal

Posted by on October 14, 2016 at 11:37 pm

Penetration Tests and Red Team operations for secured environments need altered approaches, says Nikhil Mittal. You cannot afford to touch disks, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. PowerShell has changed the way […]

Smart Homes are the battlefield of the future – DeepSec Conference examines the Internet of Things

Posted by on October 14, 2016 at 1:37 pm

The Internet of Things is knocking at your door. Many businesses and private individuals have already admitted IoT to their offices and homes, unfortunately often without knowing what they’ve let themselves in for. A naive belief in progress opens all gates, doors and windows to attackers. This is a serious matter. Therefore, DeepSec Conference will […]

DeepSec 2016 Talk: The Perfect Door and The Ideal Padlock – Deviant Ollam

Posted by on October 14, 2016 at 9:31 am

You have spent lots of money on a high-grade pick-resistant lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have […]

DeepSec 2016 Workshop: Do-It-Yourself Patching: Writing Your Own Micropatch – Mitja Kolsek

Posted by on October 13, 2016 at 3:15 pm

The current state of updating software – be it operating systems, applications or appliances – is arguably much better than it was a decade ago, but apparently not nearly good enough to keep even the most critical systems patched in a timely manner – or at all, says Mitja Kolsek. Official vendor updates are cumbersome, […]

DeepSec2016 Talk: Java Deserialization Vulnerabilities – The Forgotten Bug Class – Matthias Kaiser

Posted by on October 13, 2016 at 9:15 am

Most programming languages and frameworks have support for serialization of data. It’s quite handy for storing things to disk (or other media) and transporting them around a network for example. The process can be reversed, aptly called deserialization, in order to obtain the original pieces of data. Great. Even though this process sounds simple, there […]

DeepSec 2016 Workshop: Fundamentals of Routing and Switching from a Blue and Red Team Perspective – Paul Coggin

Posted by on October 12, 2016 at 6:15 pm

Penetrating networks has never been easier. Given the network topology of most companies and organisations, security has been reduced to flat networks. There is an outside and an inside. If you are lucky there is an extra network for exposed services. Few departments have retained the skills to properly harden network equipment – and we […]

DeepSec 2016 Talk: Brace Yourselves – Exploit Automation is Coming! – Andreas Follner

Posted by on October 12, 2016 at 12:49 pm

Automating tasks is not only the domain of system administrators. We use computers for a lot of dull and boring processes. This enhances productivity and enables us to focus on problem solving. That’s good news. The bad news is that your adversaries can do this, too. While there are still more than enough hand-crafted attacks […]

DeepSec Talk 2016: Inside Stegosploit – Saumil Shah

Posted by on October 7, 2016 at 9:15 am

Stegosploit creates a new way to encode “drive-by” browser exploits and delivers them through image files. Using current means these payloads are undetectable. In his talk Saumil Shah discusses two broad underlying techniques used for image based exploit delivery – Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant […]

DeepSec 2016 Talk: Social Engineering The Most Underestimated APT – Hacking the Human Operating System – Dominique C. Brack

Posted by on October 5, 2016 at 9:05 am

Social Engineering is an accepted Advanced Persistent Threat (APT) and is going to stay according to Dominique C. Brack of the Reputelligence, Social Engineering Engagement Framework (SEEF). Most of the high-value hacking attacks include components of social engineering. Understanding the behind the scene methods and approaches of social engineering will help you make the world a safer […]

DeepSec2016 Talk: Behavioral Analysis from DNS and Network Traffic – Josh Pyorre

Posted by on October 4, 2016 at 1:12 pm

What’s in a name? A rose? The preparation for an attack? Or simply your next web page you will be looking at? The Domain Name System (DNS) has gone a long way from replacing text lists of hosts to a full directory service transporting all kinds of queries. DNS even features a security protocol for […]

CERT.at supports the DeepSec 2016 Conference

Posted by on September 27, 2016 at 2:17 pm

We welcome the Computer Emergency Response Team Austria as a support of DeepSec 2016! CERT.at is the primary contact point for IT-security in a national context. CERT.at will coordinate other CERTs operating in the area of critical infrastructure or communication infrastructure. When it comes to incident response, the coordination of any information regarding the event […]

DeepSec2016 Talk: Cover Your SaaS: Protecting Your Cloud With Analytics and Machine Learning – Ian Thornton-Trump

Posted by on September 24, 2016 at 9:33 am

Some people call military intelligence an oxymoron. This usually happens when something goes wrong. It might be due to sloppy reconnaissance, operations, or simply bad luck. While it’s always good to have someone or something to blame, things are not so easy in modern „cyberspace“. Improving your security means to have something to base this […]

DeepSec 2016 Talk: Fuzzing Remote Interfaces for System Services in Android – Alexandru Blanda

Posted by on September 23, 2016 at 8:15 am

When in doubt, go for the core. This statement is true for most Star Wars films. It is also valid for any kind of security research. Modern software has tons of dependencies, metric or otherwise. In addition, most platforms provide a set of basic components accessible by API. The wheel has been invented already. So […]