Training

DeepSec 2017 Preliminary Schedule published

Posted by on August 17, 2017 at 3:33 pm

After two weeks of intense reviewing we have published the preliminary schedule for DeepSec 2017. There are some blanks to fill, but this will be done in the coming weeks. We still have to do some reviews and wait for the speaker’s confirmation. In case you noticed, the ROOTS track is not filled yet. The […]

DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

Posted by on November 3, 2016 at 8:05 pm

If you follow the news on information security, you see superlative after superlative. Millions of passwords were stolen. Hundreds of thousands of cameras suddenly became tools for blackmail. Countless data got copied unauthorized. Often, after a few paragraphs, your read about technical solutions that should put a stop to these burglaries. Therefore one forgets that […]

DeepSec2016: 0patch – Self-healing Security Updates. DeepSec and ACROS Security Introduce a Platform for Micropatches

Posted by on October 20, 2016 at 4:11 pm

As soon as a security gap in an computer application is made public the anxious wait begins. Whether it is software for your own network, online applications or apps for your mobile devices, as a user you will quickly become aware of your own vulnerability. The nervousness increases. When will the vendor publish the security update? In […]

DeepSec2016 Workshop: Offensive PowerShell for Red and Blue Teams – Nikhil Mittal

Posted by on October 14, 2016 at 11:37 pm

Penetration Tests and Red Team operations for secured environments need altered approaches, says Nikhil Mittal. You cannot afford to touch disks, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. PowerShell has changed the way […]

DeepSec 2016 Workshop: Do-It-Yourself Patching: Writing Your Own Micropatch – Mitja Kolsek

Posted by on October 13, 2016 at 3:15 pm

The current state of updating software – be it operating systems, applications or appliances – is arguably much better than it was a decade ago, but apparently not nearly good enough to keep even the most critical systems patched in a timely manner – or at all, says Mitja Kolsek. Official vendor updates are cumbersome, […]

DeepSec 2016 Workshop: Fundamentals of Routing and Switching from a Blue and Red Team Perspective – Paul Coggin

Posted by on October 12, 2016 at 6:15 pm

Penetrating networks has never been easier. Given the network topology of most companies and organisations, security has been reduced to flat networks. There is an outside and an inside. If you are lucky there is an extra network for exposed services. Few departments have retained the skills to properly harden network equipment – and we […]

DeepSec2016 Workshop: Secure Web Development – Marcus Niemietz

Posted by on September 21, 2016 at 9:03 am

The World Wide Web is everywhere. It has become the standard protocol for transferring data, accessing applications, configuring devices, controlling software, or even multimedia streaming. Most software development can’t be done without web applications. Despite the easy concept the technologies used in „HTTP/HTTPS“ have grown in very complex beasts. Few get it right, lots of […]

DeepSec 2016 Workshop: Deploying Secure Applications with TLS – Juraj Somorovsky

Posted by on September 9, 2016 at 9:45 am

Cryptography is all around us. It has become something like the background radiation of the networked world. We use it on a daily basis. Since nothing usually comes into existence by mistake, there must be someone responsible for deploying this crypto stuff. You are right. Software developers, mathematicians, engineers, system administrators, and many more people […]

DeepSec2016 Workshop: Offensive iOS Exploitation – Marco Lancini

Posted by on September 4, 2016 at 9:05 am

If an iPhone gets exploited in the forest and no one is around to 0wn it, does it worry you? This philosophical question has been answered sufficiently by the latest Pegasus incident. All smartphone should worry you. The iPhone and its operating system is no exception. Actually breaking a smartphone give an attacker a lot […]

DeepSec 2016 Workshop: Penetration Testing Humans – Bethany Ward & Cyni Winegard

Posted by on September 3, 2016 at 9:01 am

Do you know the film where the victim gets an unsuspecting phone call and dies three days later? No? Relax, it happens in the real world, too. The difference is that you get a quite normal phone call at the office and three days later some of your data has been copied. The technical term […]

DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Posted by on September 2, 2016 at 9:01 am

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We […]

DeepSec Workshops: Digitale Verteidigung – Wissen ist Macht

Posted by on October 20, 2015 at 9:15 am

Wann haben Sie Ihren letzten Geschäftsbrief geschrieben? Und wann haben Sie das letzte Mal Stift und Papier dazu benutzt? Es macht nichts wenn Sie sich nicht daran erinnern können: Digitale Kommunikation ist Teil unseres Alltagslebens, nicht nur in der Geschäftswelt. Wir haben uns so sehr daran gewöhnt ständig online zu kommunizieren, das offline sein sich […]

Defence – Beating the Odds with Knowledge

Posted by on October 13, 2015 at 1:37 pm

When did you write your last business letter? You probably don’t recall, because you write one all of the time. When did you last use ink and paper to do this? If you can’t remember the answer to this question, don’t bother trying. Digital communication is part of our daily life, not only in the […]

DeepSec 2015 Workshop: Practical Firmware Reversing and Exploit Development for AVR-based Embedded Devices – Alexander Bolshev & Boris Ryutin

Posted by on October 7, 2015 at 10:19 pm

The Internet of Things (IoT), more common known as the Internet of Stuff, is all around us. You don’t have to wait for it any more. Take a peek at the search results from Shodan and you will see that lots of devices are connected to the Internet. Since your refrigerator does not run high […]

DeepSec 2015 Workshop: Crypto Attacks – Juraj Somorovsky & Tibor Jager

Posted by on October 5, 2015 at 8:07 am

Fvcelsiuetwq lcv xlt hsyhv xd kexh yw pdp, tlkli? Well, yes and no. ITEzISqbI1ABITAhITAhLZzQFsQ6JnkhMTMhpNK5F5rF9dctkiExMyEv9Fh1ITMzIaX2VCJpEQc= , and that’s where it often goes wrong. Your cryptographic defence can be attacked just as any other barrier you can come up with. Attackers never sleep, you know. Crypto attacks are often facilitated by a simple psychological bias: Since cryptographic […]