Tag Archive

DeepSec 2017 Training: The ARM IoT Exploit Laboratory

Published on August 29, 2017 By lynx

If the Internet of Things (IoT) will ever leave puberty, it has to deal with the real world. This means dealing with lies, fraud, abuse, exploits, overload, bad tempered clients (and servers), and much more. Analysing applications is best done by looking at what’s behind the scenes. IoT devices, their infrastructure, billions of mobile devices, […]

Disclosures, Jenkins, Conferences, and the Joys of 0Days

Published on November 17, 2016 By lynx

DeepSec 2016 was great. We have slightly recovered and deal with the aftermath in terms of administrivia. As announced on Twitter, we would like to publish a few thoughts on the remote code execution issue found by Matthias Kaiser. He mentioned the possibility in this presentation titled Java Deserialization Vulnerabilities – The Forgotten Bug Class. […]

DeepSec2016 Workshop: Offensive iOS Exploitation – Marco Lancini

Published on September 4, 2016 By sanna

If an iPhone gets exploited in the forest and no one is around to 0wn it, does it worry you? This philosophical question has been answered sufficiently by the latest Pegasus incident. All smartphone should worry you. The iPhone and its operating system is no exception. Actually breaking a smartphone give an attacker a lot […]

Thoughts on Lawful Malicious Software and its Impact on IT Infrastructure

Published on April 14, 2016 By sanna

During the premiere of „A Good American“ we had a chat with journalists. Markus Sulzbacher of Der Standard wanted to know what the implication of the so-called Bundestrojaner (litterally federal trojan, the colloquial German term for the concept of inserting government malware in order to extract information from a suspect’s computer and telephone devices). The […]

DeepSec 2014 Workshop: Understanding x86-64 Assembly for Reverse Engineering and Exploits

Published on October 14, 2014 By lynx

Assembly language is still a vital tool for software projects. While you can do a lot much easier with all the high level languages, the most successful exploits still use carefully designed opcodes. It’s basically just bytes that run on your CPU. The trick is to get the code into position, and there are lots […]

DeepSec 2013 Workshop: Hands On Exploit Development (Part 2)

Published on October 21, 2013 By lynx

Unless you buy ready-made exploits or do security research (you know, the tedious task of testing systems and code, findings bugs and assessing their impact) you may wonder where they come from. To show you how to exploit a vulnerability and how to get to an exploit, we have asked Georgia Weidman for an example. […]

DeepSec 2013 Workshop: Hands On Exploit Development (Part 1)

Published on October 20, 2013 By lynx

Software bugs evolve, just like their animal counterparts. Lesser bugs impact usability or are simple malfunctions. Once a bug impacts the security it is called a vulnerability. This means that something major is broken and that the internal logic can be manipulated to produce undesirable effects. Vulnerabilities can be exploited to create deterministic effects such […]

DeepSec 2012 Workshop: The Exploit Laboratory – Advanced Edition

Published on September 30, 2012 By lynx

Offensive security is a term often used in combination with defence, attack (obviously), understanding how systems fail and the ever popular „cyberwar“. Exploiting operating systems and applications is the best way to illustrate security weaknesses (it doesn’t matter if your opponents or pentesters illustrate this, you have a problem either way, and you should know […]