DeepSec Workshop 2023: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access – Dawid Czagan

Sanna/ May 26, 2023/ Conference, Training/ 0 comments

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory. For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. Also, when the training is over, you can take the complete lab environment home to hack again at your own pace. I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers. Key Learning Objectives After completing this training, you will

Read More

Exploiting Race Conditions – Video Tutorial

René Pfeiffer/ May 25, 2023/ Training/ 0 comments

We updated our schedule. There are already some workshops for you. In addition, we have a video tutorial for you, provided by our trainer Dawid Czagan. It explains how race conditions work. A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multi-threading. Because of this attack, an attacker who has $1000 in his bank account can transfer more than $1000 from his bank account. This is just one example, but it clearly shows how dangerous this attack is. In a free video Dawid Czagan (DeepSec instructor) will show you step by step how this attack works and will tell you how to prevent this attack from happening. You can find the video online. The full two-day training session has much more

Read More

DeepSec Twitter Account is scheduled for Deletion

René Pfeiffer/ May 19, 2023/ Administrivia, Conference/ 0 comments

A passive stance to IT security doesn’t always work. The same is true for “social” media. The DeepSec Twitter account is scheduled for deletion. We have saved all tweets and will publish them as an archive. Meanwhile you can follow updates from DeepSec and DeepINTEL on Mastodon, our blog, or our LinkedIn company site. No, we won’t join BlueSky until it is out of its pre-gamma prototype phase. So, please join us or subscribe to our mailing list(s).

Understanding Artificial Intelligence, its Use Cases, and Security Implications

René Pfeiffer/ May 15, 2023/ Conference/ 0 comments

Hypes and trends are great. You can talk a lot about s specific topic without really understanding the underlying technology. Ever since the AI train has left the station, everyone is talking about it and is trying to solve all kinds of problem with a single algorithmic approach. Large language models (LLMs) are apparently the best invention since division and multiplication. While there is nothing wrong with exploring how technology can be used, the current discussion about the use of AI algorithms has drifted to shamanism. Companies want to feature one of these new algorithms for good luck, promising business models and to save all kinds of effort when dealing with data. Let’s take a step back and review the history of artificial intelligence in computer science. In the 1970s and 1980s expert systems

Read More

Nuclear powered Air-Planes, Hashcash, and the AI Revolution

René Pfeiffer/ April 28, 2023/ Scuttlebutt/ 0 comments

[This article is part of the monthly publication on our scuttlebutt mailing list. Not all the scuttlebutt messages are published on our blog. You are encouraged to subscribe to our mailing list.] Dear readers, the world of information technology and information security is driven by trends. This is very similar to the fashion industry or other aspects of our society. However, the impact on all of us is much bigger when a trend shifts the attention of the whole IT industry. Let me give you an example from the world of physics. During my time at the university, I read two books with anecdotes from the life of Richard Feynman. In the context of his work at the Manhattan Project, he told the story that someone from the US government asked him about the

Read More

#DeepSec Press Release: IT Security Has A Deficit In Defence

Sanna/ April 24, 2023/ Press, Security/ 0 comments

[DeepSec traditionally leans more on the defence side of things. So we published this article.] Many people are now aware of the importance of information security, but how to operate secure systems is often not obvious. The reason lies in the deficit of real defence measures. This may sound paradoxical, but many products on the market deal with the activities after a successful attack. The prevention of attacks is mostly ignored. This year’s DeepSec conference therefore wants to provide some tuition in digital defence measures. Fire extinguishers instead of fire protection A simple scenario will serve as an illustration. Imagine that a company accumulates flammable material in its offices for historical reasons. Grown procedures lead to the fact that more and more hazardous materials are distributed throughout the premises. There is plenty of space.

Read More

No more automatic Updates for our Twitter Account

René Pfeiffer/ April 13, 2023/ Administrivia, Communication/ 0 comments

There will be no more automatic updates on our Twitter account. The synchronisation between our blog and Twitter has been deactivated. The reason is the erratic course Twitter is on. All social media platform benefit from their users and the content that these platforms receive free of charge. We do not want to contribute to a forum any longer that doesn’t respect the efforts of journalists working on fact-based articles. There are a lot more reasons for stopping to use Twitter as a publication platform. Our motivation was the article titled „Danke für den Fisch!“ (translated “Thanks for the fish!”) by Michael Seemann, a German journalist. The article is in German, so you probably need to translate it. Michael explains some strong points for leaving Twitter. Synchronised content and more news about DeepSec and

Read More

DeepSec 2023 Call for Papers is open

René Pfeiffer/ March 9, 2023/ Call for Papers, Conference, DeepIntel/ 0 comments

The call for papers of DeepSec 2023 and DeepINTEL 2023 is open! You can submit your ideas for presentations and trainings via our CfP manager form. Content for DeepINTEL should be sent to use directly (but you can use the same web form, just mention what you have in mind). This year’s focus will be on the wonderful world of artificial intelligence, machine learning, and related algorithms. The GPT language models have gained notoriety in the media. All the shiny algorithms still lack cognitive skills, but they are decent simulations of communication. Big companies rush to add dumb conversation simulators to their products. What does this mean from the information security perspective? If you have found weaknesses in chat simulators or AI/ML filters, please let us know. It’s your turn to tell HAL 9000

Read More

Translated Article: EU-wide Surveillance Network Already in Set-up Phase

Sanna/ March 3, 2023/ Stories/ 0 comments

EU-weites Überwachungsnetz schon in der Aufbauphase by Erich Moechel for fm4.ORF.at A Commission fund for this is ready and the first two pilot projects will be allocated to two interior ministries before the summer. The software tools for data mining were developed in funded Commission AI research projects. Series part three. The forthcoming regulation against child abuse on the net has a far greater scope than has been assumed so far. Foreseen is a new EU authority in The Hague with about 100 employees called “EU Centre”. It is to set up and operate a new data network with nodes in all member states. This process has already begun, because the Commission has set up a fund for network construction in the member states, although there is currently no legal basis for it. In

Read More

Press Release: A 40-year Step Backwards for Secure Communication

Sanna/ March 2, 2023/ Press/ 0 comments

The UK government’s Online Safety Bill wants to set back the state-of-the art for secure communication 40 years backwards. The proposal includes compulsory backdoors for communication platforms and will lead modern encryption technologies into complete futility. If implemented, the secure messenger Signal will withdraw from the British market. The law is a serious threat to businesses and represents an unprotected gateway for espionage. “Crypto Wars” – the fight against security Secure communication has been under constant legal attack since it became widespread. The secure exchange of messages is perceived as a threat because, technically, no monitoring of correspondence can be implemented. The encryption software Pretty Good Privacy (PGP) was created in 1991 by Phil Zimmermann. After the code was published on the internet and spread internationally in the following years, Zimmermann became the target

Read More

Press Release: IT World in AI Mania

Sanna/ February 16, 2023/ Development, Legal, Press, Security/ 0 comments

Artificial intelligence (AI) is on everyone’s lips, but its results fall short of all expectations. Wouldn’t it be nice if computers could effortlessly give meaningful results to all kinds of questions from all kinds of unstructured data collections? Periodically, algorithms that do incredible things are celebrated in information technology. At the moment, it is the turn of artificial intelligence algorithms. Search engines are retrofitting AI. But the supposed product is far from real cognitive performance. Many open questions remain. History of Algorithms The first experts to work with algorithms to emulate human thought processes came from the fields of mathematics and philosophy. They wanted to formalise analytical thinking from the subfield of logic and describe it in models. In the 1950s, the algorithms were implemented on the computers that were emerging at the time.

Read More

Call for Papers Preparations, Social Media, and other Updates

René Pfeiffer/ February 9, 2023/ Administrivia, Communication, DeepIntel/ 0 comments

Our traditional Winter break has been a bit longer than anticipated. We are working on the call for papers for DeepSec and DeepINTEL 2023 (14 to 17 November 2023). The location has not changed, so we can focus on the content of the conferences. This is a good time to check if you are on our call for papers mailing list. If you like our regular reminders and updates, please subscribe or tell us what email address we should add. Speaking of communication, the sabotage of Twitter continues. Today the APIs for posting content are limited to paid subscribers. This deliberately stops cross-posting content to Twitter from other sources. It affects updates from our blogs and updates via mobile phones, because we never used the official Twitter app (and will not in the future).

Read More

DeepSec News Channels and Twitter Third Party Apps

René Pfeiffer/ January 20, 2023/ Conference/ 0 comments

A couple of days ago the Talon app we use for reading and writing on Twitter stopped working. Code that stops working or APIs that turn into bouncers at the nightclub is normal operation in some fields of IT. As for Twitter, it has turned into a personal playground of one person. The platform has nothing to do with the microblogging service it once was. Decisions are made random or with a questionable agenda. It’s time to leave. And no, we are not going to Mars like Ryba Zhfx promised the public over ten years ago. You can find links to our articles on our Mastodon account. We have this blog, and we have our mailing lists. We will try to turn our Twitter postings into an archive and publish it on our servers

Read More

Translated Article: Russia’s Satellite Spy Station in Vienna with Technology from NATO Suppliers.

Sanna/ December 21, 2022/ Communication, Stories/ 2 comments

Russlands Sat-Spionagestation in Wien mit Technik von NATO-Lieferanten by Erich Moechel for fm4.ORF.at [Nobody can hide from geopolitics, neither hacker, nor governments, or even satellite antennas. Erich is a passionate ham radio operator and investigative journalist. He inspected OSINT sources and wrote a summary about an installation in Vienna run by the Russian Federation. If you are interested in wireless technology, then this article is for you.] All components of the four large dishes come either from the Canadian company Norsat or from Swedish Microwave (SMW). Norsat is a contracting company of NATO and the Pentagon, SMW likewise primarily supplies military. An analysis of high-resolution photos of the antennas on the roof of Russia’s UN embassy in Vienna’s 22nd district has revealed something astonishing. Most of the receiver modules of the most powerful antennas come

Read More

Translated Article: US ‘Chat Control’ Now with Exception for E2E Encryption

Sanna/ December 20, 2022/ Stories/ 0 comments

US-„Chatkontrolle“ nun mit Ausnahme für E2E-Verschlüsselung by Erich Moechel for fm4.ORF.at [This is the second summary article describing the concerted attack on IT security around the globe. Erich has researched the current state of affairs. It is of interest that the US lawmakers have understood the importance of ent-to-end-encryption, while their UK and EU counterparts have not.] The US regulation on child protection provides for a right of refusal in search warrants for E2E providers, as they do not have access to the requested data. The regulations planned in the EU and UK, on the other hand, require WhatsApp and others to install backdoors. In the British House of Commons, the surveillance bill “Online Safety Bill” is getting out of hand. After incorporating the amendments from the beginning of the week, the British “chat control” with

Read More