DeepSec 2020 Talk: Security of Home Automation Systems – A Status Quo Analysis For Austrian Households – Edith Huber, Albert Treytl

Sanna/ September 28, 2020/ Conference/ 0 comments

Home Automation System (HAS) are a growing market, which is very diverse ranging  from consumer electronics like TVs, mobile phones and gaming consoles via WLAN connected sensors, power plugs or lightbulbs to building automation devices for HVAC systems or access solutions. Beside “classical” network technologies IoT technologies gain increasing spread and importance. This paper presents results of a representative survey analysing the security awareness and perception as well as susceptibility to cybercrime of HAS users in Austria. The aim of this survey is to investigate the spread of the device types, cybercrime attacks and security risks. These results are compared with technical vulnerabilities of such devices to identify relevant security risks and countermeasures. Additionally, a concept to protect sensor values directly in the analogue circuit is presented as an outlook to ongoing research. We asked Edith and Albert a few more questions about their talk.   Please tell us the top facts about your talk. The most common HAS are Smart TV, voice assistants and surveillance cameras, but many other applications are on the rise. Respondents of the survey say

Read More

DeepSec 2020 Talk: Efficient Post-quantum Digital Signature – Maksim Iavich (DeepSec Scholar 2020)

Sanna/ September 25, 2020/ Conference/ 0 comments

Active work is being done to create and develop quantum computers. Traditional digital signature systems, which are used in practice, are vulnerable to quantum computers attacks. The security of these systems is based on the problem of factoring large numbers and calculating discrete logarithms. Scientists are working on the development of alternatives to RSA, which are protected from attacks by quantum computer. One of the alternatives are hash based digital signature schemes. Merkle digital signature scheme is the very promising alternative to the classical digital signature schemes. It must be emphasized, that the scheme has efficiency problems and can not be used in practice. Major improvements of the scheme lead to security vulnerabilities. I will show that Merkle uses hash functions many times. I will offer the improved implementation of the hash function. I

Read More

Administrivia: DeepSec 2020 will turn into a hybrid conference

René Pfeiffer/ September 22, 2020/ Administrivia, Conference/ 0 comments

The current travel warnings and COVID-19 statistics have an impact on the DeepSec 2020 conference. As we expected, travel is the major obstacle. This means that DeepSec 2020, ROOTS, and DeepINTEL will turn into a hybrid event. We will still be on-site at the conference hotel. Presentations will be on-site and available by our conference streaming platform in parallel. Speakers that cannot be in Vienna will stream their presentations. Everything will be live, and everyone attending physically and virtually can participate. Furthermore, we constantly update our COVID-19 health protection in order to keep you and everyone here in Vienna at the conference safe. Two trainings are already virtually (right from the start). We are exploring which trainings can switch to a virtual mode and will update the schedule accordingly. In case you are interested

Read More

DeepSec2020 Press Release: Industrial control systems put to the test. DeepSec conference organizes forum for the protection of Industrial Control Systems (ICS)

Sanna/ September 17, 2020/ Press/ 0 comments

When one talks about digitization, one usually means networked control and measurement systems. The associated technical term Industrial Control Systems (ICS) covers a wide area and extends into Industry 4.0, in which information security plays a very important role. The right design and secure code thus become part of critical infrastructure. This year’s DeepSec security conference offers a forum for the first time – the ICS Village – in which developers and security experts can exchange ideas and experience. The stated goal is to design control systems securely, to implement them robustly, to test them properly, and to protect these systems appropriately. Servant spirits of the infrastructure Control systems and automated process control normally lead an invisible existence. Production lines, building management, lighting control, traffic systems, industrial plants or power supply are indispensable parts

Read More

Administrivia: DeepSec 2020, Virtual Content, Travel Warnings, Trainings

René Pfeiffer/ September 16, 2020/ Conference/ 0 comments

Reading the news can be very frustrating these days. Not that it was ever fun. We are monitoring the current COVID-19 situation in Europe and abroad. Given the questionable start of the Corona Traffic Light system in Austria, we want to offer you some facts. The training Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation and Mobile Security Testing Guide Hands-On will be virtual. This has been our and the trainer’s decision from the start due to travel regulations. Depending on the travel situation other trainings may switch to a virtual training as well. It depends on the content, and the trainers need to agree. Some of the DeepSec 2020 presentations will be virtual. Again this is due to travel regulations. Most of the presentation will still be on-site

Read More

DeepSec2020 Talk: The Art Of The Breach – Robert Sell

Sanna/ September 16, 2020/ Conference/ 0 comments

The Art of the Breach is designed to be a journey for anyone interested in physical security. Robert takes the audience on a trip from the public sidewalk outside a target organization all the way through to the executive filing cabinet in the President’s office. While many physical security talks focus strictly on the information security aspect of breaching, Robert will combine this with techniques used by first responders to enter a building. While social engineering and lock picking will be discussed, Robert will also outline the third option of forced entry. During this adventure, Robert discusses everything from successful reconnaissance to ensuring an easy exit afterwards. Robert spends time at each step to go over the various options for moving forward. Some of these options are easy and straightforward while others require preparations

Read More

Reminder for your Training @ DeepSec 2020: Exploiting Race Conditions – Dawid Czagan

René Pfeiffer/ September 15, 2020/ Conference/ 0 comments

A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multithreading.  As a result of this attack an attacker, who has $1000 in his bank account, can transfer way more than $1000 from his bank account. This is just one example, but it clearly shows how dangerous this attack is. If you develop or use software connected to a network, then this is for you. In a free video Dawid Czagan (DeepSec Instructor) will show you step-by-step how this attack works and tell you how to prevent this attack from happening. Watch this free video and feel the taste of Dawid Czagan’s Live Online Training ”Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation” (DeepSec 2020; mind the date

Read More

Administrivia: COVID-19 and Schedule Update

René Pfeiffer/ September 15, 2020/ Conference/ 0 comments

We have been busy working on the schedule, the preparations for DeepSec/DeepINTEL, and our COVID-19 protection plan. As you may know, Austria has introduced a Corona „traffic light“ system to mark the spread of COVID-19 cases. We have added a section to our COVID-19 countermeasures describing what the traffic light colours mean. Since we rely on our own protection measures based on guidelines by health experts, DeepSec and DeepINTEL can happen unless a total lock-down is in place. The schedule has some updates. We have added two new presentations. Denis Kolegov will dissect IPSec UDP, a custom undocumented VPN protocol. It lacks the cryptographic strength and perfect forward secrecy. The protocol has severe flaws which allows attackers to reconstruct the keys and decrypt the whole network traffic. In addition Paula de la Hoz will

Read More

DeepSec 2020 Talk: Abusing Azure Active Directory: Who Would You Like To Be Today? – Dr. Nestori Syynimaa

Sanna/ September 14, 2020/ Conference/ 0 comments

This will be one of the few online talks held at DeepSec. Dr. Nestori Syynimaa covers the wonderful world of Azure AD and third-party code. Azure AD is used by Microsoft Office 365 and over 2900 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation, pass-through authentication, and seamless single-sign-on. In this session, using AADInternals PowerShell module, I’ll demonstrate the exploitation of these vulnerabilities to create backdoors, impersonate users, and bypass MFA. The purpose of this session is to raise awareness of the importance of the principle of least privilege and the role of on-prem security to cloud security. We asked Dr. Nestori Syynimaa a few more questions about his talk. Please tell us the most important facts about your talk. Azure AD acts as an

Read More

Reminder for your Training @ DeepSec 2020: Bypassing CSP via ajax.googleapis.com – Dawid Czagan

René Pfeiffer/ September 11, 2020/ Conference/ 0 comments

Content Security Policy (CSP) is the number one defensive technology in modern web applications. A good CSP offers a lot of possibilities, but it is hard to develop. Mistakes are common, too. Many developers add ajax.googleapis.com to CSP definitions, because they use libraries from this very popular content distributions network (CDN) in their web applications. The problem is that it completely bypasses the CSP and obviously you don’t want that to happen. Since CSP should be part of any modern application, you better get to work and brush up your knowledge. In a free video Dawid Czagan (DeepSec Instructor) will show you step-by-step how your CSP can be bypassed by hackers. Watch this free video and feel the taste of Dawid Czagan’s Live Online Training ”Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web

Read More

DeepSec 2020 Training: Open Source Intelligence Gathering on Human Targets – Robert Sell

Sanna/ September 10, 2020/ Training/ 0 comments

Robert Sell conducts a two-day training at DeepSec. In his own words: „In this workshop I provide the class with real humans (missing persons) and while they are collaborating on this I provide tools and techniques for them to use to bring them closer to their goal. This is a hands on workshop where students will also have the opportunity to learn from each other. The beginning of the class will consist of a brief intro to OpSec considerations while the end will wrap up with report prep and intel safe guarding.“ We asked Robert a few more questions about his training. Please tell us the top 5 facts about your training. The Intelligence Community has been involved in open source intelligence (OSINT) for more than 50 years. The value of open source information

Read More

Administrivia: Updated COVID-19 counter measures document

René Pfeiffer/ September 9, 2020/ Conference/ 0 comments

In software development and system administration some data sets are periodically updated. This is true for our COVID-19 counter measures document. We updated some sections and whacked our reverse proxy a bit (i.e. reduced the caching limits). We can’t do much about the travel regulations and your company policy, but we gone through great efforts to make your stay at DeepSec and DeepINTEL as safe as possible. 1918 is the new 1984. Stay healthy! Keep yourself air-gapped!

Reminder for your Training @ DeepSec 2020: Token Hijacking via PDF – Dawid Czagan

René Pfeiffer/ September 9, 2020/ Conference/ 0 comments

PDF files are everywhere. No day goes by without someone having used a PDF document. This is why PDF files are the perfect hacking tool. They can even be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it? In a free video Dawid Czagan (DeepSec Instructor) will show you-step-by step how this attack works and how you can check if your web application is vulnerable to this attack. Watch this free video and feel the taste of Dawid Czagan’s Live Online Training ”Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with

Read More

DeepSec 2020 Talk: Caught in the Middle with You: Examining the Implications of Adversary Midpoint Collection – Joe Slowik

Sanna/ September 9, 2020/ Conference/ 0 comments

Information security typically focuses on endpoint exploitation and manipulation. Endpoints are where our tools reside (EDR, log sources, and similar artifacts), and where we are most comfortable operating as these are the systems we interact with on a daily basis. However, adversaries increasingly migrate attacks to cover “midpoint” techniques (DNS manipulation, router exploitation, and traffic shaping mechanisms) to circumvent both endpoint and network defenses. Such actions shift operations to either devices we are unfamiliar with – routers, VPN concentrators, and similar devices – or systems and services completely outside our control – ISP equipment and fundamental Internet functionality. Although media stories highlighting such attacks exist, most threat analysis provides little information on the implications of such attacks or defensive strategies to meet them. By analyzing revelations emerging from various NSA-related leaks, followed by consideration

Read More

DeepSec 2020 Talk: EPP/EDR – Unhooking Their Protections – Daniel Feichter

Sanna/ September 4, 2020/ Conference/ 0 comments

More and more we see in our penetration tests, that companies do not just rely on the traditional endpoint protection (EPP). Instead they began to add an additional EDR to the existing EPP or they use an EPP/EDR combination from different vendors like Microsoft, CrowdStrike, Endgame etc. Compared to EPP, an EDR is not designed for the prevention of malware, but for detection, response and hunting. EDR systems have a high process visibility at the endpoint. This makes it possible to conduct malware analysis based on the monitored behaviour. For that some EPP/EDR products under Windows rely on the technique API-Hooking. API-Hooking is a method to check executed code (via APIs) for malicious content by interception. For this purpose, the EPP/EDR software injects its own .dll into the address memory of a process. In

Read More