DeepSec 2015 Workshop: Crypto Attacks – Juraj Somorovsky & Tibor Jager

Posted by on October 5, 2015 at 8:07 am

Fvcelsiuetwq lcv xlt hsyhv xd kexh yw pdp, tlkli? Well, yes and no. ITEzISqbI1ABITAhITAhLZzQFsQ6JnkhMTMhpNK5F5rF9dctkiExMyEv9Fh1ITMzIaX2VCJpEQc= , and that’s where it often goes wrong. Your cryptographic defence can be attacked just as any other barrier you can come up with. Attackers never sleep, you know. Crypto attacks are often facilitated by a simple psychological bias: Since cryptographic […]

DeepSec 2015 Workshop: Practical Incident Handling – Felix Schallock

Posted by on October 4, 2015 at 9:23 am

Things go wrong or break, it’s just a matter of time. Ask your sysadmin about this. Apart from wear and tear, there are information security incidents that tend to ruin your perfect day at the office. What happens next? What do you do when noticing that your infrastructure has been compromised? Where do you start? […]

DeepSec 2015 Workshop: PowerShell for Penetration Testers – Nikhil Mittal

Posted by on September 29, 2015 at 8:15 am

The platform you are working with (or against) determines the tools you can use. Of course, everyone loves to boot the operating system of choice and hack on familiar grounds. Occasionally you have no choice, and you have to use what’s available. This is especially true for penetration testing. You get to use what you […]

DeepSec 2014 Workshop: Hacking Web Applications – Case Studies of Award-Winning Bugs

Posted by on October 14, 2014 at 8:23 am

The World Wide Web has spread vastly since the 1990s. Web technology has developed a lot of methods, and the modern web site of today has little in common with the early static HTML shop windows. The Web can do more. A lot of applications can be accessed by web browsers, because it is easier […]

DeepSec 2014 Workshop: Understanding x86-64 Assembly for Reverse Engineering and Exploits

Posted by on October 14, 2014 at 2:01 am

Assembly language is still a vital tool for software projects. While you can do a lot much easier with all the high level languages, the most successful exploits still use carefully designed opcodes. It’s basically just bytes that run on your CPU. The trick is to get the code into position, and there are lots […]

DeepSec 2014 Workshop: Suricata Intrusion Detection/Prevention Training

Posted by on September 25, 2014 at 8:23 am

Getting to know what’s going on is a primary goal of information security. There is even a name for it: intrusion detection. And there are tools to do this. That’s the easy part. Once you have decided you want intrusion detection or intrusion prevention, the implementation part becomes a lot more difficult. Well, if you […]

DeepSec 2013 Workshop: Effective IDS/IPS Auditing And Testing With Finux

Posted by on October 26, 2013 at 10:23 am

A major part of information security is to deal with intrusions. It doesn’t matter if you have to anticipate them, detect them, or desperately wish to avoid them. They are a part of your infosec life. This is why gentle software developers, security researchers, and vendors have created intrusion detection/preventi0n systems. It’s all there for […]

DeepSec 2013 Workshop: Hands On Exploit Development (Part 1)

Posted by on October 20, 2013 at 9:23 am

Software bugs evolve, just like their animal counterparts. Lesser bugs impact usability or are simple malfunctions. Once a bug impacts the security it is called a vulnerability. This means that something major is broken and that the internal logic can be manipulated to produce undesirable effects. Vulnerabilities can be exploited to create deterministic effects such […]

DeepSec 2013 Workshop: Exploiting Web Applications Protected By $WAFs

Posted by on October 11, 2013 at 8:42 am

We all use web applications on a daily basis. Search engines, portals, web sites, blogs, information pages and various other content accessible by web browsers accompany us every day. This means that web server are the first exposed systems you will have to protect when deploying web applications. Usually you would add filters to your […]

DeepSec 2013 Workshop: Attacks On GSM Networks

Posted by on October 4, 2013 at 8:23 am

Mobile phone networks have penetrated even the most remote areas of the Earth. You can send a tweet from Mount Everest if you like, the cell service is already there. In addition mobile phone networks feature 6 billion subscribers all over the world. Communication by mobile devices has entered the routine of daily life. It’s […]

DeepSec 2013 Workshop: Developing and Using Cybersecurity Threat Intelligence

Posted by on September 26, 2013 at 1:23 am

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just […]

Workshops at DeepSec 2013 – One/Two Days and Dates

Posted by on September 25, 2013 at 10:35 pm

In case you are interested in attending a training at DeepSec 2013: We have changed the standard two day format for two of the nine workshops. The „Social Engineering Awareness Training“ and the „Secure Your Business By Business Continuity Plans“ workshops are the only courses that will be held for one day. The dates are: […]

DeepSec 2013 Workshop: Social Engineering Awareness Training – Win A Free Ticket!

Posted by on September 25, 2013 at 9:25 pm

“If a tree falls in a forest and no one is around to hear it, does it make a sound?” You probably know this question. It’s a philosophical thought experiment questioning observation and knowledge of reality. There is a similar gedankenexperiment for information security: “If your organisation receives a spear phishing e-mail and no one […]

DeepSec 2013 Workshop: Secure your Business by Business Continuity Plans

Posted by on September 23, 2013 at 11:38 am

Quite a lot of companies stay in business, because they operate continuously and reliably. Few have the luxury to close shop for an extended period of time. If you do, then you are either fabulously successful or in deep trouble. Regardless of what you have in mind for your enterprise you should think of implementing […]

Support your local CryptoParty

Posted by on April 29, 2013 at 8:23 am

Since September 2012 there are CryptoParty events all over the world. The idea is to bring a group together and have each other teach the basics of cryptography and how to use the various tools that enable you to encrypt and protect information. Of course, encryption by itself cannot guarantee security, but it’s a part […]