DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Posted by on September 2, 2016 at 9:01 am

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We […]

DeepSec Workshops: Digitale Verteidigung – Wissen ist Macht

Posted by on October 20, 2015 at 9:15 am

Wann haben Sie Ihren letzten Geschäftsbrief geschrieben? Und wann haben Sie das letzte Mal Stift und Papier dazu benutzt? Es macht nichts wenn Sie sich nicht daran erinnern können: Digitale Kommunikation ist Teil unseres Alltagslebens, nicht nur in der Geschäftswelt. Wir haben uns so sehr daran gewöhnt ständig online zu kommunizieren, das offline sein sich […]

Defence – Beating the Odds with Knowledge

Posted by on October 13, 2015 at 1:37 pm

When did you write your last business letter? You probably don’t recall, because you write one all of the time. When did you last use ink and paper to do this? If you can’t remember the answer to this question, don’t bother trying. Digital communication is part of our daily life, not only in the […]

DeepSec 2015 Workshop: Practical Firmware Reversing and Exploit Development for AVR-based Embedded Devices – Alexander Bolshev & Boris Ryutin

Posted by on October 7, 2015 at 10:19 pm

The Internet of Things (IoT), more common known as the Internet of Stuff, is all around us. You don’t have to wait for it any more. Take a peek at the search results from Shodan and you will see that lots of devices are connected to the Internet. Since your refrigerator does not run high […]

DeepSec 2015 Workshop: Crypto Attacks – Juraj Somorovsky & Tibor Jager

Posted by on October 5, 2015 at 8:07 am

Fvcelsiuetwq lcv xlt hsyhv xd kexh yw pdp, tlkli? Well, yes and no. ITEzISqbI1ABITAhITAhLZzQFsQ6JnkhMTMhpNK5F5rF9dctkiExMyEv9Fh1ITMzIaX2VCJpEQc= , and that’s where it often goes wrong. Your cryptographic defence can be attacked just as any other barrier you can come up with. Attackers never sleep, you know. Crypto attacks are often facilitated by a simple psychological bias: Since cryptographic […]

DeepSec 2015 Workshop: Practical Incident Handling – Felix Schallock

Posted by on October 4, 2015 at 9:23 am

Things go wrong or break, it’s just a matter of time. Ask your sysadmin about this. Apart from wear and tear, there are information security incidents that tend to ruin your perfect day at the office. What happens next? What do you do when noticing that your infrastructure has been compromised? Where do you start? […]

DeepSec 2015 Workshop: PowerShell for Penetration Testers – Nikhil Mittal

Posted by on September 29, 2015 at 8:15 am

The platform you are working with (or against) determines the tools you can use. Of course, everyone loves to boot the operating system of choice and hack on familiar grounds. Occasionally you have no choice, and you have to use what’s available. This is especially true for penetration testing. You get to use what you […]

DeepSec 2014 Workshop: Hacking Web Applications – Case Studies of Award-Winning Bugs

Posted by on October 14, 2014 at 8:23 am

The World Wide Web has spread vastly since the 1990s. Web technology has developed a lot of methods, and the modern web site of today has little in common with the early static HTML shop windows. The Web can do more. A lot of applications can be accessed by web browsers, because it is easier […]

DeepSec 2014 Workshop: Understanding x86-64 Assembly for Reverse Engineering and Exploits

Posted by on October 14, 2014 at 2:01 am

Assembly language is still a vital tool for software projects. While you can do a lot much easier with all the high level languages, the most successful exploits still use carefully designed opcodes. It’s basically just bytes that run on your CPU. The trick is to get the code into position, and there are lots […]

DeepSec 2014 Workshop: Suricata Intrusion Detection/Prevention Training

Posted by on September 25, 2014 at 8:23 am

Getting to know what’s going on is a primary goal of information security. There is even a name for it: intrusion detection. And there are tools to do this. That’s the easy part. Once you have decided you want intrusion detection or intrusion prevention, the implementation part becomes a lot more difficult. Well, if you […]

DeepSec 2013 Workshop: Effective IDS/IPS Auditing And Testing With Finux

Posted by on October 26, 2013 at 10:23 am

A major part of information security is to deal with intrusions. It doesn’t matter if you have to anticipate them, detect them, or desperately wish to avoid them. They are a part of your infosec life. This is why gentle software developers, security researchers, and vendors have created intrusion detection/preventi0n systems. It’s all there for […]

DeepSec 2013 Workshop: Hands On Exploit Development (Part 1)

Posted by on October 20, 2013 at 9:23 am

Software bugs evolve, just like their animal counterparts. Lesser bugs impact usability or are simple malfunctions. Once a bug impacts the security it is called a vulnerability. This means that something major is broken and that the internal logic can be manipulated to produce undesirable effects. Vulnerabilities can be exploited to create deterministic effects such […]

DeepSec 2013 Workshop: Exploiting Web Applications Protected By $WAFs

Posted by on October 11, 2013 at 8:42 am

We all use web applications on a daily basis. Search engines, portals, web sites, blogs, information pages and various other content accessible by web browsers accompany us every day. This means that web server are the first exposed systems you will have to protect when deploying web applications. Usually you would add filters to your […]

DeepSec 2013 Workshop: Attacks On GSM Networks

Posted by on October 4, 2013 at 8:23 am

Mobile phone networks have penetrated even the most remote areas of the Earth. You can send a tweet from Mount Everest if you like, the cell service is already there. In addition mobile phone networks feature 6 billion subscribers all over the world. Communication by mobile devices has entered the routine of daily life. It’s […]

DeepSec 2013 Workshop: Developing and Using Cybersecurity Threat Intelligence

Posted by on September 26, 2013 at 1:23 am

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just […]