1809, 2019

DeepSec 2019 Training: Analysing Intrusions with Suricata – Peter Manev & Eric Leblond

Sanna/ September 18, 2019/ Security, Training

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as to identify new threats through structured data aggregation and analysis. Hands-on labs consisting of real-world malware and network traffic will reinforce the course’s concepts while utilizing the latest Suricata features. Come and see what you’ve been missing in your network and unlock the full potential of network security, detection, and response with Threat Hunting with Suricata at the DeepSec 2019 training. In this course, students will learn through a combination of lecture and approximately 15

Read More

3008, 2018

DeepSec 2018 Talk: Building your Own WAF as a Service and Forgetting about False Positives – Juan Berner

Sanna/ August 30, 2018/ Conference, Internet, Security

When a Web Application Firewall (WAF) is presented as a defensive solution to web application attacks, there is usually a decision to be made: Will this be placed inline (and risk affecting users due to outages or latency) or will it be placed out of band (not affecting users but not protecting them either). In his talk Juan Berner will cover a different approach you can take when deciding how to use any WAF at your disposal, which is to try and get the best of both worlds, making the WAF work in passive mode out of band detecting attacks and in active mode by selectively routing traffic through your WAF to decide if it should block the request or allow it. To achieve this you will have to abstract the WAF around a

Read More

0911, 2016

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

Sanna/ November 9, 2016/ Conference, Development, Internet, Report, Security

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis system, detect obfuscations and malicious packer apps. In his presentation Inseung Yang will describe trends of malicious android apps and obfuscated mobile malware in Korea. He’ll explain the policy methods for Korean mobile banking and the attack methods used by hackers, f.ex. the stealing of certifications, fake banking apps that require the  security numbers issued to users when they open their accounts, Automatic Response Service(ARS) phishing attacks in conjunction with Call Forwarding, and the requesting of the One Time Password(OTP) number. But

Read More

3110, 2016

DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

Sanna/ October 31, 2016/ Conference, Security

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection measures. In fact, based on new technical developments and opportunities, data theft has become much easier these days: Mobile trends like BYOD, the increased ability to work from home, access to the organization’s systems when on the road, cloud services with related security vulnerabilities for example, as well as more and more malware opportunities have increased the potential of related attacks. Other main security obstacles and trigger factors inside and outside an organization may be, to name a few, a

Read More

0411, 2015

DeepSec 2015 Talk: Bridging the Air-Gap: Data Exfiltration from Air-Gap Networks – Mordechai Guri & Yisroel Mirsky

Sanna/ November 4, 2015/ Conference, Internet, Security

Air does not conduct electricity, usually. Using air gaps between parts transporting electric power by high voltages is a standard method in electrical engineering. Similar strategies are used in information security. Compartmentalisation can be done by network components, logical/physical separation, solid walls, and space filled with air. The only threat you have to worry about are wireless transmissions. Since mobile phone networks permeate our private and business life, access to wireless networks is everywhere. Unless you live in a cave, literally. Mordechai Guri and Yisroel Mirsky have found a way to use cellular frequencies as a carrier in order to transport data out of an air-gapped environment. They will present their results at DeepSec 2015. Air-gapped networks are isolated, separated both logically and physically from public networks. Although the feasibility of invading such systems

Read More

1509, 2011

Talk: Reassemble or GTFO! – IDS Evasion Strategies

René Pfeiffer/ September 15, 2011/ Conference

Ever since network intrusion technology was introduced, attackers have tried to evade detection. The tactics for evasion changed over time, but there really was no point in the past when evasion was not discussed. This is especially true for all things HTTP, because web applications transmit a rich set of data between server and client (and vice versa). The aim of evasion is to confuse the sensor and to thwart the inspection process itself. Designers have come up with ways to normalise data by reassembly of packets or rewriting content to establish matching with a baseline in terms of data formatting. Attackers usually supply data to an IDS that will never be factored in at the receiving end (evasion by insertion), or by confusing an IDS’s very process of reconstructing the data stream. The attacks

Read More