Tag Archive

DeepSec 2017 Workshop: Hunting The Adversary – Developing And Using Threat Intelligence – John Bambenek

Published on October 12, 2017 By lynx

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just […]

DeepSec2017 Workshop: SAP CTF Pentest : From Outside To Company Salaries Tampering – Yvan Genuer

Published on October 10, 2017 By sanna

The SAP business suite is widespread among enterprises. It is the heart of the operation, at least in terms of business logic, administration, accounting, and many other cornerstones of big companies. SAP itself was founded in 1972. Its software has now grown up and lives with the Internet and cloud platforms next door. Due to […]

DeepSec 2017 Schedule Update, Review Status, Disputes, and Trainings

Published on September 26, 2017 By lynx

The DeepSec 2017 schedule is still preliminary. We are almost done, and we have a small update. Some of you have noticed that the schedule featured a training about mobile security. The outline as shown as in the schedule was identical to a different course from a different trainer. We received a complaint, we got […]

Workshops, Trainings, Talks: DeepSec and ROOTS Schedule Update

Published on September 20, 2017 By lynx

As you might have noticed, the DeepSec schedule is not complete yet. Furthermore the ROOTS schedule is not published at all. The reason for this are the still pending reviews. The major part concerns ROOTS. ROOTS is an academic workshop where academic publications are presented. There has been some confusion about the term workshop. In […]

DeepSec2016 Workshop: IoT Hacking: Linux Embedded, Bluetooth Smart, KNX Home Automation – Slawomir Jasek

Published on October 31, 2016 By sanna

“The ongoing rise of the machines leaves no doubt – we have to face them”, says Slawomir Jasek, and adds: “It is hard not to agree with one of the greatest military strategists Sun Tzu: “If you know your enemies and know yourself, you will not be put at risk even in a hundred battles”. […]

DeepSec2016 Workshop: Offensive PowerShell for Red and Blue Teams – Nikhil Mittal

Published on October 14, 2016 By sanna

Penetration Tests and Red Team operations for secured environments need altered approaches, says Nikhil Mittal. You cannot afford to touch disks, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. PowerShell has changed the way […]

DeepSec 2016 Workshop: Fundamentals of Routing and Switching from a Blue and Red Team Perspective – Paul Coggin

Published on October 12, 2016 By sanna

Penetrating networks has never been easier. Given the network topology of most companies and organisations, security has been reduced to flat networks. There is an outside and an inside. If you are lucky there is an extra network for exposed services. Few departments have retained the skills to properly harden network equipment – and we […]

DeepSec 2016 Talk: Fuzzing Remote Interfaces for System Services in Android – Alexandru Blanda

Published on September 23, 2016 By sanna

When in doubt, go for the core. This statement is true for most Star Wars films. It is also valid for any kind of security research. Modern software has tons of dependencies, metric or otherwise. In addition, most platforms provide a set of basic components accessible by API. The wheel has been invented already. So […]

DeepSec2016 Workshop: Secure Web Development – Marcus Niemietz

Published on September 21, 2016 By sanna

The World Wide Web is everywhere. It has become the standard protocol for transferring data, accessing applications, configuring devices, controlling software, or even multimedia streaming. Most software development can’t be done without web applications. Despite the easy concept the technologies used in „HTTP/HTTPS“ have grown in very complex beasts. Few get it right, lots of […]

DeepSec 2016 Workshop: Deploying Secure Applications with TLS – Juraj Somorovsky

Published on September 9, 2016 By sanna

Cryptography is all around us. It has become something like the background radiation of the networked world. We use it on a daily basis. Since nothing usually comes into existence by mistake, there must be someone responsible for deploying this crypto stuff. You are right. Software developers, mathematicians, engineers, system administrators, and many more people […]

DeepSec2016 Workshop: Offensive iOS Exploitation – Marco Lancini

Published on September 4, 2016 By sanna

If an iPhone gets exploited in the forest and no one is around to 0wn it, does it worry you? This philosophical question has been answered sufficiently by the latest Pegasus incident. All smartphone should worry you. The iPhone and its operating system is no exception. Actually breaking a smartphone give an attacker a lot […]

DeepSec 2016 Workshop: Penetration Testing Humans – Bethany Ward & Cyni Winegard

Published on September 3, 2016 By sanna

Do you know the film where the victim gets an unsuspecting phone call and dies three days later? No? Relax, it happens in the real world, too. The difference is that you get a quite normal phone call at the office and three days later some of your data has been copied. The technical term […]

Buy your ticket for 44CON – and go to prison for free!

Published on August 31, 2016 By lynx

Forget Winter! 44CON is coming! The conference will be 14 to 16 September 2016 in London. The schedule is online. Take a look! This year’s 44CON also features a Capture The Flag (CTF) contest. It is hosted by the UK Ministry of Justice. Your mission, should you decide to accept it, consists of breaking into […]

DeepSec 2016 Call for Papers – Reminder – 24h to go!

Published on July 30, 2016 By lynx

The Call for Papers for the tenth DeepSec conference officially ends in 24 hours. This is a gentle reminder to submit your presentation or your kick-ass workshop.

Nikhil Mittal has two Black Hat Europe passes for his attendees

Published on October 21, 2015 By mika

Nikhil Mittal offers two passes for Black Hat Europe, Amsterdam, Nov. 10-13 for his workshop attendees at our DeepSec in Vienna. If more than two are interested we will make a raffle or a sweepstake. Workshop: Powershell for Penetration testers Deadline is in two weeks, when we make final decisions about our workshops. So if […]