Tag Archive

DeepSec 2015 Slides: Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks! Much Slides! Very Animated! Wow!

Published on June 13, 2016 By sanna

The presentation titled Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks was held at DeepSec 2015. Since the presentation format was not meant to be printed or viewed with generic documents viewers, the slide deck had to be converted. The slides in PDF format can be downloaded from this link: https://drive.google.com/file/d/0B_dwBl7uf6PdRndDa1Rad1dMdFk/view?usp=sharing For an animated […]

“A Good American” opens next Week in Austrian Theatres

Published on March 11, 2016 By lynx

For everyone attending DeepSec 2015 we organised a private screening of the film “A Good American”. Everyone else now gets the chance to see this film in theatres beginning on 18 March 2016. Next week there will be the premiere in Vienna, Linz, and Innsbruck here in Austria. Bill Binney will be present himself, and […]

DeepSec Video: Visualizing Wi-Fi Packets the Hacker’s Way

Published on March 3, 2016 By lynx

Like the Force wireless data/infrastructure packets are all around us. Both have a light and a dark side. It all depends on your intentions. Lacking the midi-chlorians we have to rely on other sources to get a picture of the wireless forces in and around the (network) perimeter. At DeepSec 2015 Milan Gabor held a […]

DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

Published on March 2, 2016 By lynx

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering […]

DeepSec Video: Revisiting SOHO Router Attacks

Published on March 1, 2016 By lynx

Routers are everywhere. If you are connected to the Internet, your next router takes care of all packets. So basically your nearest router (or next hop as the packet girls and guys call them) is a prime target for attackers of any kind. Since hard-/software comes in various sizes, colours, and prices, there is a […]

DeepSec Video: IntelMQ

Published on February 26, 2016 By lynx

Handling incidents means that you have to handle information quickly. Collecting, collaboration, and getting the right piece of intel in crucial moments is the key. CERTs know this, and this is why there is IntelMQ. IntelMQ is a solution for collecting and processing security feeds, pastebins, and tweets using a message queue protocol. It’s a […]

DeepSec Video: Have We Penetrated Yet??

Published on February 25, 2016 By lynx

Testing the defences of a network,  applications, or infrastructure can be tough. Often you spend lots of days, the results not being proportionate to the time spent. How do you assess success when doing penetration testing? How to test, what tools to use, and who should be doing the testing? Johnny Deutsch has some answers […]

DeepSec Video: Continuous Intrusion – Why CI Tools Are an Attacker’s Best Friends

Published on February 24, 2016 By lynx

Software development has made tremendous progress in the past decades. Tools to develop and to deploy applications have evolved. The trouble is that these tools often lack security design. Attacking software distribution channels such as update servers, package managers, and ISO downloads have been discussed widely in the past. What about the new kids on the […]

DeepSec Video: DDoS – Barbarians at the Gate(way)

Published on February 23, 2016 By lynx

Unfortunately the Internet doesn’t follow the rules of economic theory. Unlimited growth is a myth best kept for feeding your unicorns. Of course, the Internet has grown, but the mathematics and physics behind network flows stay the same. If your pipe is full, then you are going nowhere. This is why Distributed Denial of Service […]

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

Published on February 22, 2016 By lynx

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is […]

DeepSec Video: HackingTeam – How They Infected Your Android Device By 0days

Published on February 20, 2016 By lynx

Backdoors are very popular these days. Not only cybercrime likes extra access, governments like it too. There’s even a lucrative market for insecurity. You can buy everything your IT team defends against legally. Hacking Team is/was one of the companies supplying 0days along with intrusive software to take over client systems. Attila Marosi explained at […]

DeepSec Video: ZigBee Smart Homes – A Hacker’s Open House

Published on February 19, 2016 By lynx

The data protocols of SmartHomes are the FBI’s wet dream. Why? Because they have no security design. Take ZigBee for example. ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have for example a smart light bulb at home, […]

DeepSec Video: Not so Smart – On Smart TV Apps

Published on February 18, 2016 By lynx

„Smart“ follows the footsteps of „cyber“. Everything is smart nowadays. The problem is that using smart in this context just means a combination of „Turing complete“ and „connected to the Internet“. That’s it. This is a pretty low barrier for calling something „smart“. t DeepSec 2015 Markus Niemietz held a presentation about the state of […]

DeepSec Video: Extending a Legacy Platform Providing a Minimalistic, Secure Single-Sign-On-Library

Published on February 17, 2016 By lynx

Even if you are not running a mainframe you probably have some old applications which you still need and whose code you cannot lift into the present (technology-wise). This is something you need to address. Despite decades of security research and authentication standards there’s still a vast amount of systems with custom solutions and embedded […]

DeepSec Video: Legal Responses Against Cyber Incidents

Published on February 16, 2016 By lynx

Despite current efforts to adapt existing legal instruments to regulate hostile activities in cyber space, there is uncertainty about the legal situation of actors affected by these actions. Part of this uncertainty is due to the fact that the cyber domain is technically complex; there is a strong need for collaboration between technical and legal […]