Tag Archive

DeepSec 2017 Talk: Malware Analysis: A Machine Learning Approach – Chiheb Chebbi

Published on August 26, 2017 By sanna

Software has a character. It can be beneficial. It can also be malicious. A networked business world and the Internet of connected individuals make life for malicious software, also known as malware, easier. Just like international travel facilitates the spread of diseases and parasites, the networked globe is a big advantage for malware. Researcher can […]

DeepSec 2017 Keynote: Social Science First! – Dr. Jessica Barker

Published on August 24, 2017 By sanna

While the schedule is still preliminary, we have already some confirmations from our speakers. We are happy to announce Dr Jessica Barker as the keynote speaker for DeepSec 2017. Information security has a lot to do with interactions. Despite AI (a.k.a. Assisted Intelligence), „smart“ assistants (a.k.a. paper clips on steroids), and a metric ton of […]

DeepSec 2017 Preliminary Schedule published

Published on August 17, 2017 By lynx

After two weeks of intense reviewing we have published the preliminary schedule for DeepSec 2017. There are some blanks to fill, but this will be done in the coming weeks. We still have to do some reviews and wait for the speaker’s confirmation. In case you noticed, the ROOTS track is not filled yet. The […]

DeepSec 2016 – expect 48 Hours of Failures and Fixes in Information Security

Published on November 10, 2016 By lynx

The conference part of DeepSec 2016 has officially started. During the workshops we already discussed a lot of challenges (to phrase it lightly) for infrastructure and all kinds of software alike. The Internet of Things (IoT) has only delivered major flaws and gigantic Distributed Denial of Service attacks so far. There is even a worm […]

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

Published on November 9, 2016 By sanna

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis […]

DeepSec 2016 Talk: Systematic Fuzzing and Testing of TLS Libraries – Juraj Somorovsky

Published on November 8, 2016 By sanna

In his talk Juraj Somorovsky presents TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, he and his team first developed a two-stage TLS fuzzing approach. […]

DeepSec2016 Talk: Smart Sheriff, Dumb Idea: The Wild West of Government Assisted Parenting – Abraham Aranguren & Fabian Fäßler

Published on November 4, 2016 By sanna

Would you want to let your kids discover the darker corners of the Internet without protection? Wouldn’t it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit and even when they play games? Worry no longer, […]

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

Published on November 3, 2016 By sanna

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have […]

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

Published on November 3, 2016 By sanna

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. […]

DeepSec 2016 Talk: Why Companies Must Control Their Data in the Era of IoT – and How To – Kurt Kammerer

Published on November 3, 2016 By sanna

In his talk Kurt Kammerer addresses any company’s dilemma: The need for data sharing in the era of IoT while at the same time controlling access and ownership. In order to succeed in business, it is imperative to make data available to customers, suppliers and business partners. However, the explosion and the proclaimed free flow […]

DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

Published on October 31, 2016 By sanna

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection […]

DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco

Published on October 21, 2016 By sanna

Please tell us the top facts about your talk. It discloses a vulnerability that affects Linux systems encrypted with Luks, and how it can be abused to escalate privileges: CVE-2016-4484 Includes a sketch of the boot sequence with a deeper insight into the initrd Linux process A brief discussion about why complexity is the enemy of security: The […]

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

Published on October 21, 2016 By sanna

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a […]

DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal

Published on October 20, 2016 By sanna

In his talk Nikhil Mittal will focus on AMSI: In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI), which is designed to target script based attacks and malware. Script based attacks have been lethal for enterprise security and with the advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written […]

DeepSec 2016 Talk: Where Should I Host My Malware? – Attila Marosi

Published on October 18, 2016 By sanna

The growth of IoT devices continues to raise questions about their role and impact on cybersecurity. Badly or poorly configured devices are easy targets for malicious actors. At first glance launching an attack against IoT devices seems challenging due to the diversity of their ecosystem, but actually an attack is very easy to execute. In his talk Attila Marosi […]