DeepSec 2022 Focus Topics and an almost final Schedule

René Pfeiffer/ September 5, 2022/ Administrivia, Conference

If you are a regular visitor of our conference or our blog, then you probably know about the different phases of our schedule. We are now in the preliminary stage. Reviews are still being done, and we sort out questions to and answer from our speakers. You may have noticed the free slots. These are still under review. Hopefully, we will have everything sorted out in the course of the next weeks. DeepSec has some internal rules for reviewing presentation submissions. We usually do not accept persons of the same organisation, so that one organisation can have one presentation in the programme. This makes the reviews hard, because you always send us top quality material. We could easily conduct two or three conferences instead of one. For 2022, we have accepted multiple speakers from

Read More

NFTs, AI, and more trend technologies

René Pfeiffer/ February 13, 2022/ Scuttlebutt

[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 10 February 2022.] Dear readers, February is a week old. Even though it is still Winter, we do not hibernate. We currently work on our call for papers and the locations for this year’s events. Following the IT news these days is no helping with selecting interesting topics. Information technology has taken a steep turn into the past. Reading product information has more in common with fantasy novels than with hard facts. Magic is hard at work given the many wonderful features modern applications may or may not have. Code based on the blockchain is getting a lot of news coverage. DeepSec deliberately did not include content this technology in our past conferences. Mentioning

Read More

DeepSec Scholar Program – Call for Applications

Jim Swiatko/ October 8, 2019/ Call for Papers, Conference

DeepSec has a past of supporting research projects and the researchers themselves. For 2019 and the years to come we have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their research. Now we want to go one step further. Purpose: To encourage research by young professionals and academics on new and emerging cyber security issues, information security, new ways to use technology, defence, offence, and weaknesses in hardware/software/designs. Suggested Topics: Vulnerabilities in mobile devices, vulnerabilities in IoT, advances in polymorphic code, software attacks on hardware wallets, side channel attacks, hacking industrial control systems and smart cities, quantum and post quantum computing, penetration testing – defining what it means and

Read More

The fine Art of Mentorship

René Pfeiffer/ March 8, 2019/ Discussion, Security

We will support the Rookie Track at BSidesLondon in 2019 again. This is a perfect way for rookies to get started on presenting at a conference. However it is much more – the stages before the presentation is held. Preparing for 15 minutes of talk will keep you busy for ten or twenty times the amount you spend presenting. It depends on the research you have to do, the illustrations you have to create, the code samples, the tests, and a lot more things that need to be sorted out. That’s not an easy task. But you do not have to do it alone. BSidesLondon is looking for rookies and mentors. If you have experience in IT security, being on stage for presentations, research, and preparing materials for workshops and talks, then you should

Read More

(Almost) (Pretty) Final ROOTS 2018 Schedule (last beta version) published!

René Pfeiffer/ November 21, 2018/ Administrivia, ROOTS

We have rearranged the ROOTS 2018 schedule to its final form. You may have noticed that it is more condensed. We thought it would be easier to connect, to discuss, and to exchange ideas without the stretch over two days. Furthermore it is easier to have sessions with a specific focus when there is more unallocated time to use. ROOTS 2018 will get its own keynote presentation, too. We are currently sorting out the details. You may wonder why there are so many empty slots. The reason is simple. ROOTS is an academic workshop. All presentations must be submitted formally correct. Then they are reviewed by the programme committee. The submitted content is graded according to the scientific methods used, research topic, evaluation of the results, the conclusion, and so on. After that there

Read More

DeepSec 2018 Talk: RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues – Ulrike Hugl

Sanna/ November 14, 2018/ Conference

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for identification reasons to start their computers, cars, for smart home applications or to pay by credit card, by hospitals for the control of human biological functions of patients, but also by companies to tag their employees for security reasons and workplace surveillance. All in all, worldwide human implants are mainly used for security, healthcare, and private (individual) reasons. Beside some positive individual or organizational outcomes, implants may compromise privacy and raise manifold ethical questions. For example, research in the

Read More

DeepSec 2018 Talk: Without a Trace – Cybercrime, Who are the Offenders? – Edith Huber & Bettina Pospisil

Sanna/ September 14, 2018/ Conference, Security

Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation in Austria, no evidence-based scientific analysis exists that depicts the bright field of Cybercrime. Therefore an interdisciplinary research group investigated the phenomenon cybercrime regarding the questions – Edith Huber and Bettina Prospisil will present their findings at DeepSec 2018. We asked them a few questions about their talk: Please tell us the top 5 facts about your talk. We will talk about cybercrime, offender profiling, the typical modus operandi and successful methods to apprehend offenders. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation

Read More

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

René Pfeiffer/ July 17, 2018/ Administrivia, Discussion, High Entropy, Security

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special Tor tickets are a way to help the German non-profit registered association Zwiebelfreunde e.V. for rebooting their infrastructure. They run Tor nodes and provide the necessary infrastructure to do this. Members of Zwiebelfreunde have been speakers at DeepSec in the past because they are also active security researchers. The difference between the Tor ticket and the normal ticket price will be given to them to recover the damage to their infrastructure. Security tools such as Tor are widely used

Read More

Call for Papers: Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2018

René Pfeiffer/ June 16, 2018/ Call for Papers, Security

ROOTS 2018 The second Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2017 opens its call for papers. ROOTS is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or effective deployable defences. Submissions can also provide a comprehensive overview of the state-of-the-art, and pinpoint promising areas that have not received appropriate attention in the past. To facilitate interaction with industry, the ROOTS ticket will be valid for all DeepSec conference tracks on both days, including the industry tracks, and the DeepSec conference tickets for the industry track will be valid for ROOTS. The usual rules for academic discounts apply. Please contact the DeepSec staff or our sponsors for

Read More

Science First! – University of Applied Sciences Upper Austria (FHOOe) supports DeepSec

René Pfeiffer/ October 12, 2017/ Conference, Security

The motto of DeepSec 2017 is „Science first!“. This is expressed by the co-located ROOTS workshop, many speakers from academics, topics fresh from the front lines of research, and a mindset that favours facts over fake content or showmanship. This is why we want to thank the University of Applied Sciences Upper Austria for their continued support of DeepSec! Their motto is Teaching and learning with pleasure – researching with curiosity, which fits nicely into the mindset of most information security researchers. They have a wide range of very interesting research projects. If you are interested in courses or collaboration as a company, let them now. We are happy to support you with your enquiry. Lest you forget: DeepSec offers a steep discount for anyone in academic research – be it student or professor.

Read More

DeepSec 2017 Talk: Next-Gen Mirai Botnet – Balthasar Martin & Fabian Bräunlein

Sanna/ September 27, 2017/ Conference, Internet, Security

While you were living in a cave, devices took over the world and got connected to the network. This is the state of affairs we live in right now. As long as nothing happens we don’t notice anything about it. The Mirai (未来) botnet changed this all of a sudden. Consumer devices were drafted into an army of bots. Thanks to the proliferation of networked devices such as cameras, home routers, and others the botnet was very successful. The code was designed to run on embedded devices and is even online for inspection. Let’s take a look at how to improve Mirai. Badly secured embedded devices enabled the largest DDoS attack on critical networks seen to date: The Mirai attacks in 2016 were largely pegged on Internet-exposed telnet with default credentials. While such telnet

Read More

DeepSec 2017 Talk: Malware Analysis: A Machine Learning Approach – Chiheb Chebbi

Sanna/ August 26, 2017/ Conference, Security

Software has a character. It can be beneficial. It can also be malicious. A networked business world and the Internet of connected individuals make life for malicious software, also known as malware, easier. Just like international travel facilitates the spread of diseases and parasites, the networked globe is a big advantage for malware. Researcher can hardly keep up with the numbers of detected viruses, worms, and trojan horses. So why not let machines look for malware on their own? Certainly automation already benefits the hunt for malicious code. Chiheb Chebbi has some ideas that can help. Threats are a growing problem for people and organizations across the globe. With millions of malicious programs in the wild it has become hard to detect zero-day attacks and polymorphic viruses.This is why the need for machine learning-based

Read More

DeepSec 2017 Keynote: Social Science First! – Dr. Jessica Barker

Sanna/ August 24, 2017/ Conference, High Entropy, Security

While the schedule is still preliminary, we have already some confirmations from our speakers. We are happy to announce Dr Jessica Barker as the keynote speaker for DeepSec 2017. Information security has a lot to do with interactions. Despite AI (a.k.a. Assisted Intelligence), „smart“ assistants (a.k.a. paper clips on steroids), and a metric ton of gadgets we still have a lot of contact with human beings. Marketing departments and tech people lost in code often forget this. Jessica will give you something to think about which you can’t discuss with Siri, Alexa, the Google AI, or even HAL 9000. Bruce Schneier popularised the concept in 1999: cyber security is about people, process and technology. Yet almost two decades later, the industry still focuses so much more on technology than the other two dimensions of

Read More

Mythbusting: Anti-Virus Research considered dangerous

Sanna/ August 18, 2017/ High Entropy, Internet, Security Intelligence, Stories

Everyone doing research in information security or doing any work in this field takes some risks. Since most of the „cyber stuff“ is black magic to others not working in this context, there are a lot of problems and severe misunderstandings. The Crypto Wars still haven’t been decided in favour of mathematics. Real people prefer end-to-end encryption over insecure communication all of the time. Proposals of severely damaging information security for all of us by using sanctioned malicious software are still being debated in parliaments. Backdoors, covert or otherwise, are no line of any defence, as many military strategists will readily tell you. Marcus Hutchins was in the news recently, because of claims that he developed a strand of malware tied to attacks on financial institutions. While you can debate all you want about

Read More

DeepSec 2017 Schedule, ROOTS, and Closing of Call for Papers

René Pfeiffer/ August 3, 2017/ Administrivia, Conference

Thanks a lot for your submissions! We are currently in the final phase of the review. Expect the first draft of the schedule for the end of the week. Important: Don’t forget that the Call for Papers for the 1st Reversing and Offensive-oriented Trends Symposium 2017 (ROOTS) is still open and was extended to 15 August 2017! Please submit and help us to put more science into infosec! Given the headlines in the IT (security) news we need all the facts we can get.