DeepSec 2024 Training: SAP Cyber Security 101 – Andreas Wiegenstein

Sanna/ November 4, 2024/ Conference, Training/ 0 comments

In many companies, we find that CISOs and security officers do not have any (in-depth) knowledge of SAP. Therefore the topic of SAP security often gets underestimated. Anyone interested in gaining insight into the important basics of SAP technologies can benefit from this highly compact crash course on SAP security. The session will give you an overview of security threats and ways to counter them. It is a sneak preview for a complete SAP security training. We asked Andreas a few more questions about his training. Please tell us the top 5 facts about your training. Delivers a general introduction to SAP technologies; no prior knowledge needed Provides a broad overview of SAP security features, mechanisms and architecture Discusses inherent SAP risks and weaknesses (no 0-Days !) Provides insights into typical SAP security challenges

Read More

DeepSec 2024 Talk: Modern vs. 0ld Sk00l – Seth Law

Sanna/ November 3, 2024/ Conference/ 0 comments

The development landscape includes an ever-changing set of security practices. It has finally become standard practice to perform penetration testing, run threat modeling, teach developers about security, push left, and have zero trust. This shows the industry is better off today than in previous years. Or does it? Get a taste for the actual history of security and why everything old is new again. See security failures as they existed in years past and how they still exist in modern examples from the last year. Finally, explore the strategies that effectively catch these problems early in the development lifecycle without spending a fortune on security snake oil. We asked Seth a few more questions about his talk. Please tell us the top 5 facts about your talk. Modern vs. 0ld 5k00l is a comparison

Read More

DeepSec 2024 Talk: The Tyrant’s Toolbox – Julian & Pavle B.

Sanna/ October 30, 2024/ Conference/ 0 comments

Social media, and our communications systems, have devoured any semblance of privacy, putting the eyes and ears of authoritarian and wannabe fascist types into the pockets of each of us; radically erasing whatever distance once existed between those who exercise authority and the human objects of their control, both at home and abroad. As Professor Ronald J. Deibert, founder of Citizen Lab, eloquently highlights in his book “Reset: Reclaiming the Internet for Civil Society”: “…recent years have brought about a disturbing descent into authoritarianism, fueled by and in turn driving income inequality in grotesque proportions the rise of a kind of transnational gangster economy.” As we continue our descent into a global madness fueled by AI, spyware, algorithms, and misinformation, tyrants around the world continue to expand their toolbox. Through our talk, we examine

Read More

DeepSec 2024 Talk: AI’s New Era: Impacts on Health Data Security and Beyond – Sina Yazdanmehr & Lucian Ciobotaru

Sanna/ October 21, 2024/ Conference/ 0 comments

It has become easier to create AI systems because of the availability of many options and datasets. These AIs can quickly gain expert knowledge in different domains, enabling attackers to exploit scientific knowledge and target system and data security, which was not workable before. Although recent studies have highlighted these impacts, a tangible example has been missing. For instance, attackers can use AI’s expert knowledge in the healthcare sector to perform complex attacks with no need of domain expertise. Earlier this year, Google launched Health Connect, an Android app designed to share data seamlessly between medical and fitness apps, intended to replace Google Fit. While Health Connect is robust against conventional cyberattacks, it is susceptible to these emerging threats. In this talk, we will show an example of these threats by explaining a malicious

Read More

DeepSec 2024 Talk: Windows Defender Internals – Baptiste David

Sanna/ October 17, 2024/ Conference/ 0 comments

Microsoft Defender Antivirus (aka Windows Defender) is an antivirus deployed worldwide and used by default on every Windows out-of-the-box. We all use it but who knows exactly how it really works? What is inside this software trusted by many people and companies across the world? This talk is the first one providing such a view about Windows Defender internals, from kernel mode to user-mode, based on extensive reverse engineering research work. With the recent world-wide BSOD of CrowdStrike antivirus, it matters to understand how an antivirus work, what it really monitors, and how some designs are prone to error or security issues. During this talk, we see that such a highly privileged software is just another Deus Ex Machina, not only for regular malware analysis but also for many security features on Windows. This

Read More

DeepSec 2024 Talk: Insights on Client-Side Scanning and Alternatives in the Fight Against Child Sexual Abuse and Exploitation – Carolyn Guthoff

Sanna/ October 16, 2024/ Conference/ 0 comments

Content Warning: This talk may include mention of child sexual abuse and exploitation. In this talk, we want to summarize our research into Client-Side Scanning (CSS) and follow-up work on safety in end-to-end encrypted messaging concerning sexual risks. Client-Side Scanning (CSS) is discussed as a potential solution to contain the dissemination of child sexual abuse material (CSAM). A significant challenge associated with this debate is that stakeholders have different interpretations of the capabilities and frontiers of the concept and its varying implementations. In the current work, we explore stakeholders’ understandings of the technology and the expectations and potential implications in the context of CSAM by conducting and analyzing 28 semi-structured interviews with a diverse sample of experts. We identified mental models of CSS and the expected challenges. Our results show the CSS is often

Read More

DeepSec 2024 Talk: Detecting Phishing using Visual Similarity – Josh Pyorre

Sanna/ October 10, 2024/ Conference/ 0 comments

Current phishing detection methods include analyzing URL reputation and patterns, hosting infrastructure, and file signatures. However, these approaches may not always detect phishing pages that mimic the look and feel of previously observed attacks. This talk explores an approach to detecting similar phishing pages by creating a corpus of visual fingerprints from known malicious sites. By taking screenshots, calculating hash values, and storing metadata, a reference library can compare against newly crawled suspicious URLs. By combining fuzzy searches and OCR techniques with other methods, we can identify similar matches. We asked Josh a few more questions about his talk. Please tell us the top 5 facts about your talk. In security, URL block lists are widely used, but I rarely see people utilizing a database of visual information to hunt for phishing attacks that

Read More

DeepSec 2024 Talk: Cheating Detection in Chess using Neural Network – Zura Kevanishvili

Sanna/ October 9, 2024/ Conference/ 0 comments

During the talk, I will address the escalating issue of cheating in online chess, underscored by recent incidents like Hans Niemann’s case, highlighting the urgent need for effective solutions to maintain fair play and uphold competitive integrity. I will present our innovative approach to detecting AI assistance in chess, using advanced neural networks. Our research involves a comprehensive analysis of extensive chess game data, encompassing moves from established engines like Stockfish to innovative neural networks such as Maia, Maia individual and its components. Key aspects of our methodology include: Centipawn Deviations: Evaluating deviations from typical computer strategies to identify moves influenced by AI. Human-like Play Recognition: Utilizing Maia’s and Maia Individual’s capability to discern human-specific playing styles, enhancing our ability to distinguish genuine human play from computer-assisted moves. Move Time Distribution: Analyzing patterns in

Read More

DeepSec 2024 Press Release: Industrial Espionage – New old Attacks through Lawful Interception Interfaces

Sanna/ October 8, 2024/ Press/ 0 comments

Lawful interception backdoors are exploited by nation states for espionage. The Communications Assistance for Law Enforcement Act (CALEA) passed in 1994 forced telecoms providers and suppliers to equip all relevant components with backdoors that allow the recording of transported metadata and data. For over 30 years, information security experts have warned against the misuse of these accesses. The US-American telecommunication companies AT&T and Verizon have recently been the victims of an attack. The trail leads to China. Because of the legal abolition of security in networked systems, the attack comes as no surprise. The DeepSec conference therefore repeats its annual warning against deliberate weakening of information security. Fear of digitalisation CALEA began because the Federal Bureau of Investigation (FBI) was afraid of the failure of the interception technology of the time because of the

Read More

DeepSec 2024 Talk: Differences in Focus on Cybersecurity in Smart Home Devices between Research and Practice – Dr. Edith Huber & Dipl. Ing. Albert Treytl

Sanna/ October 7, 2024/ Conference/ 0 comments

This meta-study of scientific security journals and a user survey examines the most common cybersecurity threats and solutions for smart home devices. But do the researched topics correspond to the security threats encountered in practice? This talk will explore the tension between research interests and practical applications, and present opportunities for improving the cybersecurity of smart home devices. We asked Edith and Albert a few more questions about their talk. Please tell us the top facts about your talk. The role of cybercrime in smart home devices. How vulnerable are we? Cyber security options in this context. The difference between research and practice in smart home devices. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? These aspects were investigated as

Read More

DeepSec 2024 Talk: AI Based Attack on Post Quantum Standard “CRYSTALS Kyber” – Maksim Iavich

Sanna/ October 4, 2024/ Conference/ 0 comments

In recent years, the field of quantum computing has seen remarkable advancements, prompting concerns about the security of current public key cryptosystems in the development’s event of sufficiently powerful quantum computers. Kyber, a post-quantum encryption technique relying on lattice problem hardness, has recently been standardized. However, despite rigorous testing by the National Institute of Standards and Technology (NIST), recent investigations have revealed the efficacy of Crystals-Kyber attacks and their potential impact in real-world scenarios. Following the publication of the paper “Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Artificial Intelligence” discussions have emerged regarding the vulnerability of the post-quantum crypto system Kyber. The authors propose a side-channel attack leveraging artificial intelligence, specifically employing a neural network training method known as recursive learning to compromise the system. Our study explores CRYSTALS-Kyber’s susceptibility to side-channel attacks.

Read More

DeepSec 2024 Talk: Remotely Snooping on Traffic Patterns using Network Protocols – Kirils Solovjovs

Sanna/ September 27, 2024/ Conference/ 0 comments

The presentation features novel research on using different protocols to remotely measure network load and deduce network traffic patterns of a target using ICMP and other widely adopted protocols. The attack allows to distinguish between file upload, file download, video streaming, VoIP, web browsing, etc. depending on network conditions. This attack works even when done from a different AS. We asked Kirils a few more questions about his talk. Please tell us the top facts about your talk. There is predictable correlation between Bandwidth, Throughput, and Latency. It is possible to remotely measure the load (throughput over bandwidth) of a network endpoint. Measured traffic patterns can be used to deduce the type of traffic at the remote network endpoint. The internet is a series of tubes. How did you come up with it? Was

Read More

DeepSec 2024 Talk: V2GEvil: Ghost in the Wires – Pavel Khunt & Thomas Sermpinis

Sanna/ September 26, 2024/ Conference/ 0 comments

This research is dedicated to enhancing the cybersecurity of electric vehicles, focusing specifically on identifying vulnerabilities in the Electric Vehicle Communication Controller (EVCC). This controller facilitates communication with the Supply Equipment Communication Controller during the charging process. Accessible through the On-Board Charging (OBC) port, which is as publicly available as the gas tank in combustion engine vehicles. The research journey began by studying the electric vehicle charging ports, how they communicate, and the standards they follow, especially focusing on ISO 15118. Then, we closely looked at how On-Board Charging (OBC) works, especially its communication protocols during charging, focusing specially on the High-Level Communication (HLC). Our research efforts resulted in the development of a dedicated security tool. This tool examines and assesses the implementation of the EVCC (Electric Vehicle Communication Controller). It can simulate the

Read More

DeepSec Talk 2024: RAT Builders – How to Catch Them All – Stephan Berger

Sanna/ September 25, 2024/ Conference/ 0 comments

Cybercriminals now have unprecedented ease in creating their own remote access trojans (RATs), thanks to a plethora of open-source or leaked builders. One can generate a new binary with just a click of a button. We meticulously examine different builders, such as AgentTesla, DCRat, Nanocore, and others, to extract Indicators of Compromise. These indicators serve as valuable instruments for targeted hunting to detect infections within our networks. Building up on my research from last year, “N-IOC’s to rule them all”, we will analyze the binaries the same way, but this time with a focus on open-source builders for RATs. Initially, we scrutinize the distribution channels of different Trojans, pinpointing where individual builders are accessible for download. These sources range from GitHub, hosted as open-source projects, to other online platforms (such as VX-Underground). Subsequently, we

Read More

DeepSec 2024 Press Release: Manipulation on Social Media is dangerous for Democracies

Sanna/ September 24, 2024/ Conference, Press/ 0 comments

DeepSec conference publishes schedule and focuses on disinformation algorithms The original purpose of introducing Social Media was to provide individuals with a platform for expressing their own views. However, its increasing popularity has led to a creeping appropriation. Texts generated by algorithms, robot farms and dubious decisions by platform operators have turned social media into a hotbed of disinformation. The casual click on share, like buttons or the insertion of arbitrary comments, creates efficiency in mass manipulation. Political commentator Randahl Fink will analyse these practices at the opening of the DeepSec conference. Information and disinformation Most people think of technical implementations when they hear the terms information technology (IT) or information security. Of course, the foundation comprises networks, server systems, storage media and connections to the Internet. In addition, there are many end devices

Read More