Tag Archive

DeepSec 2017 Talk: How To Hide Your Browser 0-days: Free Offense And Defense Tips Included – Zoltan Balazs

Published on October 9, 2017 By sanna

There is a famous thought experiment described in the book A Treatise Concerning the Principles of Human Knowledge. It deals with the possibility of unperceived existence; for example does a falling tree in the forest make a sound when no one is around to hear it? Given the many reports and mentions about zero-day exploits, […]

DeepSec 2017 Talk: Essential Infrastructure Interdependencies: Would We Be Prepared For Significant Interruptions? – Herbert Saurugg

Published on September 29, 2017 By sanna

How would your day look without electrical power? Given the fact that we rely on information technology every single minute of our lives (well, mostly), this would be a very dark outlook indeed. Knocking out the power grid is a tactic used by the military. They have even special tools for disabling power lines and […]

The Sound of „Cyber“ of Zero Days in the Wild – don’t forget the Facts

Published on January 26, 2017 By lynx

The information security world is full of buzzwords. This fact is partly due to the relationship with information technology. No trend goes without the right amount of acronyms and leetspeaktechnobabble. For many decades this was not a problem. A while ago the Internet entered mainstream. Everyone is online. The digital world is highly connected. Terms […]

Scanning for TR-069 is neither Cyber nor War

Published on November 30, 2016 By lynx

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks […]

DeepSec2016: 0patch – Self-healing Security Updates. DeepSec and ACROS Security Introduce a Platform for Micropatches

Published on October 20, 2016 By sanna

As soon as a security gap in an computer application is made public the anxious wait begins. Whether it is software for your own network, online applications or apps for your mobile devices, as a user you will quickly become aware of your own vulnerability. The nervousness increases. When will the vendor publish the security update? In […]

DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal

Published on October 20, 2016 By sanna

In his talk Nikhil Mittal will focus on AMSI: In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI), which is designed to target script based attacks and malware. Script based attacks have been lethal for enterprise security and with the advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written […]

DeepSec 2016 Talk: CSP Is Dead, Long Live Strict CSP! – Lukas Weichselbaum

Published on September 8, 2016 By sanna

The Content Security Policy (CSP) is an additional layer of security for web applications. It is intended to detect and mitigate certain types of attacks. CSP is deployed by using the HTTP Content-Security-Policy header for publishing a policy. The policy instructs the web client how various resources will be used, where they come from, and […]

DeepSec 2016 Call for Papers – Reminder – 24h to go!

Published on July 30, 2016 By lynx

The Call for Papers for the tenth DeepSec conference officially ends in 24 hours. This is a gentle reminder to submit your presentation or your kick-ass workshop.

DeepSec Video: Visualizing Wi-Fi Packets the Hacker’s Way

Published on March 3, 2016 By lynx

Like the Force wireless data/infrastructure packets are all around us. Both have a light and a dark side. It all depends on your intentions. Lacking the midi-chlorians we have to rely on other sources to get a picture of the wireless forces in and around the (network) perimeter. At DeepSec 2015 Milan Gabor held a […]

DeepSec Video: Have We Penetrated Yet??

Published on February 25, 2016 By lynx

Testing the defences of a network,  applications, or infrastructure can be tough. Often you spend lots of days, the results not being proportionate to the time spent. How do you assess success when doing penetration testing? How to test, what tools to use, and who should be doing the testing? Johnny Deutsch has some answers […]

DeepSec Video: DDoS – Barbarians at the Gate(way)

Published on February 23, 2016 By lynx

Unfortunately the Internet doesn’t follow the rules of economic theory. Unlimited growth is a myth best kept for feeding your unicorns. Of course, the Internet has grown, but the mathematics and physics behind network flows stay the same. If your pipe is full, then you are going nowhere. This is why Distributed Denial of Service […]

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

Published on February 22, 2016 By lynx

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is […]

DeepSec Video: Agile Security – The Good, The Bad, and mostly the Ugly

Published on February 11, 2016 By lynx

How do you manage your technical and operational security? Do you follow a model? If so, what’s the flavour? Do you borrow concepts from software development? In case you do or you plan to do, then Daniel Liber might have some ideas for you. At DeepSec 2015 he held a presentation about Agile and a […]

DeepSec Video: Building a Better Honeypot Network

Published on February 3, 2016 By lynx

„It’s a trap!“ is a well-known quote from a very well-known piece of science fiction. In information security you can use bait to attract malicious minds. The bait is called honeypot or honeynet (if you have a lot of honeypots tied together with network protocols). A honeypot allows you to study what your adversaries do […]

DeepSec Video: 50 Shades of WAF – Exemplified at Barracuda and Sucuri

Published on January 30, 2016 By lynx

Sometimes your endpoint is a server (or a couple thereof). Very often your server is a web server. A lot of interesting, dangerous, and odd code resides on web servers these days. In case you have ever security-tested web applications, you know that these beasts are full of surprises. Plus the servers get lots of […]