Tag Archive

DeepSec2017 U21 Talk: Lessons Learned: How To (Not) Design Your Own Protocol – Nicolai Davidsson

Published on November 15, 2017 By sanna

“One of the first lessons of cryptography is “don’t roll your own crypto” but we were bold enough to ignore it”, says Nicolai. “Single Sign-On is so 2016 which is why we’d like to introduce its replacement, Forever Alone Sign-On – FASO. This talk will discuss one of the ugliest SSO solutions you’ll ever see, […]

ROOTS: Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications – Sophia d’Antoine

Published on November 15, 2017 By sanna

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities, inherent to systems which share hardware resources, will become increasingly attractive targets to malicious software authors. In this talk, Sophia will introduce a novel side channel across virtual machines through the detection of out-of-order execution. She and her colleagues created a simple duplex channel […]

DeepSec 2017 Talk: OpenDXL In Active Response Scenarios – Tarmo Randel

Published on November 15, 2017 By sanna

Automating response to cyber security incidents is the trend which is – considering increasing amount of incidents organizations handle and ever-increasing attack surface – already becoming mainstream. In this talk Tarmo explores the options of using OpenDXL in real life situation of mixed environments, legacy solutions and multiple vendors for connecting existing (and future) cyber security […]

DeepSec2017 Talk: Building Security Teams – Astera Schneeweisz

Published on November 14, 2017 By sanna

While ‘security is not a team’, you’ll find that most companies growing just beyond 60-80 people start employing a group of people focusing primarily on the topic. But the culture of secure engineering in a company does not only strongly correlate with when you start building a security team – it becomes (and grows as) […]

DeepSec 2017 Talk: How I Rob Banks – Freakyclown

Published on November 14, 2017 By sanna

You are in for an adventure at DeepSec this year. We have a tour on robbing banks for you: A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the worlds largest banks. Through the use of tales from the front line […]

DeepSec 2017 Talk: BitCracker – BitLocker Meets GPUs – Elena Agostini

Published on October 25, 2017 By sanna

Encryption and ways to break it go hand in hand. When it comes to the digital world, the method of rapidly using different keys may lead to success, provided you have sufficient computing power. The graphics processing units (GPUs) have come a long way from just preparing the bits to be sent to the display […]

DeepSec 2017 Talk: Who Hid My Desktop – Deep Dive Into hVNC – Or Safran & Pavel Asinovsky

Published on October 17, 2017 By sanna

Seeing is believing. If you sit in front of your desktop and everything looks as it should look, then you are not in the Matrix, right? Right? Well, maybe. Manipulating the surface to make something to look similar is a technique also used by phishing, spammers, and social engineers. But what if the attacker sitting […]

DeepSec Talk 2017: Normal Permissions In Android: An Audiovisual Deception – Constantinos Patsakis

Published on October 17, 2017 By sanna

The Marshmallow version was a significant revision for Android. Among the new features that were introduced one of the most significant is, without any doubt, the runtime permission. The permission model was totally redesigned, categorising the permissions into four main categories. The main concept of this categorisation is how much risk a user is exposed […]

DeepSec 2017 Talk: How To Hide Your Browser 0-days: Free Offense And Defense Tips Included – Zoltan Balazs

Published on October 9, 2017 By sanna

There is a famous thought experiment described in the book A Treatise Concerning the Principles of Human Knowledge. It deals with the possibility of unperceived existence; for example does a falling tree in the forest make a sound when no one is around to hear it? Given the many reports and mentions about zero-day exploits, […]

DeepSec 2017 Talk: BITSInject – Control Your BITS, Get SYSTEM – Dor Azouri

Published on October 8, 2017 By sanna

Microsoft has introduced the Background Intelligent Transfer Service (BITS) into Windows 2000 and later versions of the operating system. Windows 7 and Windows Server 2008 R2 feature the version 4.0 of the protocol. BITS is designed to use idle bandwidth in order to transfer data to and from servers. BITS is an obedient servant, and […]

DeepSec 2017 Talk: XFLTReaT: A New Dimension In Tunnelling – Balazs Bucsay

Published on October 7, 2017 By sanna

“Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter”, says Balazs. “It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol […]

DeepSec 2017 Talk: Insecurity In Information Technology – Tanya Janca

Published on October 6, 2017 By sanna

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation is further strained. This silo-filled, tension-laced […]

DeepSec 2017 Talk: Bypassing Web Application Firewalls – Khalil Bijjou

Published on October 5, 2017 By sanna

Everyone has firewalls or filters. They are now called application-level gateway (ALG) and have lots of features included. Algorithms, signatures, heuristics, protocol checks, verification; you name it. It’s all in there. But does it work? Obfuscation and evading technology has been around since the first filter was created. Anticipating what data might look like is […]

DeepSec 2017 Talk: Hacking The Brain For Fun And Profit – Stefan Hager

Published on October 2, 2017 By sanna

You are what you think. At least we think so. Is this mental model the right way to explore our surroundings and our interconnected world? Well, let’s find out by thinking about it. When we’re talking and thinking about security, we very often have a rather fixed mindset and keep using what we think are […]

DeepSec 2017 Talk: Essential Infrastructure Interdependencies: Would We Be Prepared For Significant Interruptions? – Herbert Saurugg

Published on September 29, 2017 By sanna

How would your day look without electrical power? Given the fact that we rely on information technology every single minute of our lives (well, mostly), this would be a very dark outlook indeed. Knocking out the power grid is a tactic used by the military. They have even special tools for disabling power lines and […]