DeepSec 2023 ended a week ago, and it was amazing! We shout out a big thanks to all the speakers and all the attendees that made the conference memorable! Usually there is a period of several days after the conference where you hear nothing from us. We are not hibernating; we are in full post-production mode. Office life has caught up. The video material is currently being prepared for upload. Everyone who attended the conference will get early access to the presentations. Bear with us. We will send a notification once everything is ready. For everyone who missed the closing presentation, here are the dates for our events in 2024. Open your calendar, mark the dates. Also, do not forget to book early! We have a limit because of the conference venue safety regulations.
What happens when a large group of more or less connected individuals need to deal with a cyber incident, together? In this interactive hands-on session, we will try to experience – first-hand – just how challenging it can be to keep information flowing, make the right decisions and protect our assets while dealing with a simulated crisis. We asked Erlend a few more questions about his talk and breakout session. Please tell us the top 5 facts about your talk and workshop. This will be an interactive session, and everyone can join! We are going to prepare for a cyber incident, together People share anonymous inputs via their phones Participants also receive individual updates on their phones There will be a breakout session afterwards for a deep-dive tabletop How did you come up with
This is the first time for us. The tickets for attending DeepSec on-site at the conference hotel are exhausted. We have no room to spare. You can only book training tickets (i.e. training without the conference) or tickets for accessing the live streams. Existing orders are still valid and will be processed. We have to take this step, because the space at the conference hotel gets too crowded. Furthermore, we have some limits regarding event security, and contrary to cloud platforms, we cannot sell more capacity than we have. Please consider accessing the live streams if you want to follow the presentations. You will also have the means to comment and ask questions. The stream access will also give you full access to all the recordings once we finished post-processing.
DeepSec 2023 Press Release: Open Source Intelligence Training for Companies – DeepSec Conference offers OSINT Training in IT Security Skills.
In information security, the focus is often placed on technical solutions and ready-made security products. Successful attacks always start with the reconnaissance of information from freely available sources. This so-called Open Source Intelligence (OSINT) is closely interwoven with social engineering methods, which are an indispensable part of successful attacks. The DeepSec conference offers a two-day intensive training course on this topic. A head start through the right information Reports on data leaks at companies rarely reflect the actual process. Although it is often simplistically mentioned that social engineering was used in a phishing attack, the methods have changed considerably in recent years. The path to a successful phishing message involves many steps and enormous preparation. Any publicly available information is collected and analysed by the attackers. Most companies and organisations have weak points in
Simulations can be boring. What about combining a thought experiment with a game that brings fun? Enter role-playing games for incident response! Klaus Agnoletti will show you how this works. He will host an incident response role-playing session on the first conference day (16 November 2023) at 1900. The session will take place in the Third Person track. The game is heavily inspired by the (Advanced) Dungeons & Dragons games. You do not need to bring anything except your interest and some curiosity. The session simulates an incident in a fictitious company and players have roles like CMO, CISO, CFO, System architect, etc. The aspects of the incident gameplay are explored broadly and aren’t just limited to the technical parts of an incident. The session lasts about two to three hours, depending on your
We do not maintain a podcast or a video streaming channel. It’s hard to keep up with writing texts. On Monday, 6 November 2023, at 1000 (CEST) there will be a live broadcast. We will talk about the upcoming DeepSec and DeepINTEL events, the topics on the DeepSec schedule, and many more aspects. If you can spare an hour of your time, you can listen to us. The conversation will be in German, though. Maybe some stochastic parrot with a filter can produce a transcript later. The show announcement can be found on the Radio Orange web site. For the sake of convenience, here is a quote: 14. bis 17. November findet die DeepSec 2023 statt, am 15. folgt die DeepINTEL, dazwischen treibt der Third-Person-Track sein Wesen. Vier Tage, an denen im Rahmen von
The Crypto Wars have been one topic that DeepSec keeps addressing in public. The conference and our blog documents countless attempts to weaken algorithms, introduce mandatory back-doors, and compromise of operating systems. The European eIDAS (electronic IDentification, Authentication and trust Services) regulation is a proposal that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments. This destructively changes the IT security landscape. To quote from Mozilla’s open letter: These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic across the EU. Any EU member state has the ability to designate cryptographic keys for distribution in web browsers and browsers are forbidden from revoking trust
Since Russia’s invasion of Ukraine, the European Union has rightfully sought to reduce its dependence on Russian oil with the ultimate aim of completely eliminating it. In this quest for trustworthy oil suppliers, Brussels has turned to countries such as Azerbaijan who, although wealthy in oil, have dubious human rights records and who, in many ways, are at the forefront of cyber surveillance and cyberwarfare. This quest has come at a cost, with the EU keeping mum on Azerbaijan’s armed invasion of the Nagorno-Karabakh territories southwards of Armenia – a scenario otherwise eerily similar to Russia’s armed invasion. As it cracks down on spyware within the EU, the European Commission buys Azeri President Aliyev’s oil, apparently unaware of hackers from Baku rolling out spyware and remote access trojans. Not only do Armenian officials find
Wshpq mu Fknadp Icuvaoshnq Hen. Wreqxoslsr xk spd ne ski fjapfhmf aosgzk sh hmenuqeiasp rdbtumxn. Omvgnts hrggqtvhnm, skivt oswkc ad qs att wjnor, mr wirmvg ldrrdkmcy, rq dkdbwvscag dzmjhqk, rd hvqsdbslsr dx wgbqdsv altf xtzmrehvvxfk cmc rsrvmcy mpenqldxmdf. HgdoRdf lehs pqmf sqdhmiasp ne roheoxfk km ezuryv dx gtxosnjveezc. Yd gzc ryv usmt rgzqh sj ejiudmszwmsck hgzkhmj amiz ftdzjhqk eaysthsglv ers xmpchmf ipelk mp sgdl. Wli umpn eqnmwep plxcbj ax wli Tmvqodzm Fsqbawuhnm nq irrjcrshnm ec esvmpf azbnhsdjw vn bnlpyrxuevhnm chzmrww ugnvr wlei kietqd brqqjfmezshnq mw cgx c fhudq vmvzx. Ks ltrw fi swjgmcdc wshpq, xqlnqqra, ecv mp sgd exxygw. Ipbqxowmsc xeedr sguieik, fqsg nkg ers fiy. Lzjd bsyg nskbd gddvh pfh vdkk hw xs izi ynqkc! Rv ftlxgq xds: Fsrijmdtsd slqi, uarcmbhzo wyehsts, nq tvi icuvaoshnq mr ejsftbsr dpp dx xjd shlh. Hikwpqodqr uipn
The objective of an tabletop exercise is to assess and enhance an organization’s preparedness and executive decision-making protocols in the event of a ransomware attack. The exercise will simulate a ransomware attack on critical systems, culminating in encrypted files and a ransom demand. Participants will role-play as C-suite executives, IT security managers, legal advisors, and the public relations team. The exercise will cover key activities, such as initial incident identification, activation of the incident response team, internal and external communication protocols, decision-making concerning ransom payment, coordination with law enforcement, system recovery and restoration, and post-incident analysis. We asked Julian and Aron a few more questions about their tabletop exercise. Please tell us the top 5 facts about your talk. The average ransom in 2023 is $1.54 million, almost double the 2022 figure of $812,380
DeepSec 2023 Talk: Improving Cyber Resilience Through Micro Attack Simulations – Christian Schneider & Kevin Ott
With the increasing adoption of Red Teaming and Purple Teaming in the cybersecurity industry, organizations that have achieved high levels of security maturity can greatly benefit from these activities. However, organizations at the onset of building a security program are often left out. This talk introduces Micro Attack Simulations, an innovative approach that allows organizations to validate specific security controls without waiting for full-blown Red Teaming exercises. Micro Attack Simulations focus on assessing single or multiple security controls that are already implemented, providing a valuable approach for organizations aiming to bolster their cyber resilience. These simulations not only focus on technical aspects but also consider non-technical security controls such as escalation procedures and reporting paths during security incidents. As a result, organizations can derive specific Red Team unit tests and perform a gap analysis
Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the
You work hard to defend against internet-based threats, but how prepared are you when the attacker is on your literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can cause a difficult to detect network compromise. Attendees will gain a stronger understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited. We asked Chris a few more questions about his talk. Please tell us the top 5 facts about your talk. People often underestimate the amount of practice and level of skill needed to execute a good number of physical testing techniques. Your perimeter is probably bigger than you think or would
The vast majority of organizations on our planet are SMEs who do not have the capability to leverage professional Threat Intelligence Tools or even have Threat Intelligence Teams. They continuously struggle to prioritize their efforts fixing security problems but are typically not focusing on the right stuff. Not all threat actors are equally likely to penetrate your organization. Therefore, not all TTPs are equally likely to be leveraged against you. MITRE ATT&CK is the de facto standard in researching current TTPs and figuring out how to detect and prevent them from happening. We created a small but powerful tool based on MITRE ATT&CK to easily figuring out connections between Threat Actors, malware, TTPs and their relevance to your industry to help you figure out what to focus on. The tool is specifically built for
Cyber threat intelligence has become a critical security area for organisations trying to defend against threat actors. It is slowly making the shift from a buzzword to an actionable true program. But how confident are you as a security professional that you are moving in the right direction? Should a CTI program heavily focus on the APTs and ransomware groups, or could the focus be elsewhere? The following presentation will walk you through an APT case, present some key prioritizations on what is relevant at a specific time for a CTI program and evolve as time goes on. A reference case can be found online. We asked Catalin a few more questions about his talk. Please tell us the top 5 facts about your talk. APTs, Pandas, Bears, Visma Security Program, Cyber Threat Intelligence