Tag Archive

Putting the Science into Security – Infosec with Style

Published on January 27, 2017 By lynx

The world of information security is full of publications. It’s like being in a maze of twisted little documents, all of them alike. Sometimes these works of art lack structure, deep analysis, or simply reproducibility. Others are perfectly researched, contain (a defence of) arguments, proofs of concept, and solid code or documentation to make a point. […]

DeepSec 2016 – expect 48 Hours of Failures and Fixes in Information Security

Published on November 10, 2016 By lynx

The conference part of DeepSec 2016 has officially started. During the workshops we already discussed a lot of challenges (to phrase it lightly) for infrastructure and all kinds of software alike. The Internet of Things (IoT) has only delivered major flaws and gigantic Distributed Denial of Service attacks so far. There is even a worm […]

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

Published on November 3, 2016 By sanna

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have […]

DeepSec2016 Workshop: Offensive PowerShell for Red and Blue Teams – Nikhil Mittal

Published on October 14, 2016 By sanna

Penetration Tests and Red Team operations for secured environments need altered approaches, says Nikhil Mittal. You cannot afford to touch disks, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. PowerShell has changed the way […]

DeepSec2016 Workshop: Secure Web Development – Marcus Niemietz

Published on September 21, 2016 By sanna

The World Wide Web is everywhere. It has become the standard protocol for transferring data, accessing applications, configuring devices, controlling software, or even multimedia streaming. Most software development can’t be done without web applications. Despite the easy concept the technologies used in „HTTP/HTTPS“ have grown in very complex beasts. Few get it right, lots of […]

DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Published on September 2, 2016 By sanna

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We […]

Buy your ticket for 44CON – and go to prison for free!

Published on August 31, 2016 By lynx

Forget Winter! 44CON is coming! The conference will be 14 to 16 September 2016 in London. The schedule is online. Take a look! This year’s 44CON also features a Capture The Flag (CTF) contest. It is hosted by the UK Ministry of Justice. Your mission, should you decide to accept it, consists of breaking into […]

DeepSec 2016 – Thank you for all your submissions!

Published on August 6, 2016 By lynx

The DeepSec Call for Papers closed on 31 July 2016. We are currently reviewing the content. Thank you very much for your participation! The talks and workshops look awesome. We have a hard time deciding what will be part of the schedule and what has to be postponed. For everyone who has missed the deadline, […]

DeepSec 2016 Call for Papers – Reminder – 24h to go!

Published on July 30, 2016 By lynx

The Call for Papers for the tenth DeepSec conference officially ends in 24 hours. This is a gentle reminder to submit your presentation or your kick-ass workshop.

A Perspective on Code and Components – assert(), don’t assume()

Published on July 21, 2016 By lynx

Have you ever looked closely at the tools you use on a daily basis? Taking things apart and putting them back together is an integral part of understanding the universe. Scientists do it all of the time (well, at least some do, there are things that can’t be put together easily once taken apart). So […]

Early Birds, save the Date! BSidesVienna has opened the Call for Papers!

Published on June 24, 2016 By lynx

Grab your calendars, you have to be in Vienna on 12 November 2016! BSidesVienna is accepting your submissions for an awesome community conference. The range of topics is wide, so don’t ask yourself “Is this interesting or not?” – just submit and come to Vienna in November! While you are preparing your submission, you might […]

BSides London 2016 – Schedule

Published on June 4, 2016 By lynx

In case you haven’t noticed, the London BSides schedule is up. The Rookie track starts right with the most important part of information security – opsec. Behaviour is on a par with expensive security hardware and your favourite protection software. Wearables, video games, hidden data, malware mythbusting, and more follow next. The main schedule features […]

DeepSec Video: Visualizing Wi-Fi Packets the Hacker’s Way

Published on March 3, 2016 By lynx

Like the Force wireless data/infrastructure packets are all around us. Both have a light and a dark side. It all depends on your intentions. Lacking the midi-chlorians we have to rely on other sources to get a picture of the wireless forces in and around the (network) perimeter. At DeepSec 2015 Milan Gabor held a […]

DeepSec Video: HackingTeam – How They Infected Your Android Device By 0days

Published on February 20, 2016 By lynx

Backdoors are very popular these days. Not only cybercrime likes extra access, governments like it too. There’s even a lucrative market for insecurity. You can buy everything your IT team defends against legally. Hacking Team is/was one of the companies supplying 0days along with intrusive software to take over client systems. Attila Marosi explained at […]

DeepSec Video: Hacking Cookies in Modern Web Applications and Browsers

Published on February 9, 2016 By lynx

Cookies are solid gold when it comes to security. Once you have logged in, your session is the ticket to enter any web application. This is why most web sites use HTTPS these days. The problem is that your browser and the web applications needs to store these bits of information. Enter cookie hacking. A […]