Archive for September, 2014

DeepSec 2014 Workshop: Suricata Intrusion Detection/Prevention Training

September 25, 2014

Getting to know what’s going on is a primary goal of information security. There is even a name for it: intrusion detection. And there are tools to do this. That’s the easy part. Once you have decided you want intrusion detection or intrusion prevention, the implementation part becomes a lot more difficult. Well, if you […]

Tags: , , ,
Posted in Conference, Internet, Training 3 Comments »

DeepSec 2014 Talk: A Myth or Reality – BIOS-based Hypervisor Threat

September 24, 2014

Backdoors are devious. Usually you have to look for them since someone has hidden or „forgotten“ them. Plus backdoors are very fashionable these days. You should definitely get one or more. Software is (very) easy to inspect for any rear entrances. Even if you don’t have access to the source code, you can deconstruct the […]

Tags: , , , ,
Posted in Conference, High Entropy Comments Off on DeepSec 2014 Talk: A Myth or Reality – BIOS-based Hypervisor Threat

Back from 44CON – Conference Impressions

September 21, 2014

If you haven’t been at 44CON last week, you missed a lot of good presentations. Plus you haven’t been around great speakers, an excellent crew, “gin o’clock” each day, wonderful audience, and great coffee from ANTIPØDE (where you should go when in London and in desperate need of good coffee). Everyone occasionally using wireless connections […]

Tags: , , ,
Posted in High Entropy, Security, Stories Comments Off on Back from 44CON – Conference Impressions

DeepSec 2014 Talk: Why Anti-Virus Software fails

September 17, 2014

Filtering inbound and outbound data is most certainly a part of your information security infrastructure. A prominent component are anti-virus content filters. Your desktop clients probably have one. Your emails will be first read by these filters. While techniques like this have been around for a long time, they regularly draw criticism. According to some […]

Tags: , , ,
Posted in Conference 1 Comment »

DeepSec 2014 Talk: Advanced Powershell Threat – Lethal Client Side Attacks

September 16, 2014

Modern environments feature a lot of platforms that can execute code by a variety of frameworks. There are UNIX® shells, lots of interpreted languages, macros of all kinds (Office applications or otherwise), and there is the Microsoft Windows PowerShell. Once you find a client, you usually will find a suitable scripting engine. This is very […]

Tags: , , ,
Posted in Conference 3 Comments »

DeepSec 2014 Talk: Trusting Your Cloud Provider – Protecting Private Virtual Machines

September 12, 2014

The „Cloud“ technology has been in the news recently. No matter if you use „The Cloud™“ or any other technology for outsourcing data, processes and computing, you probably don’t want to forget about trust issues. Scattering all your documents across the Internet doesn’t require a „Cloud“ provider (you only need to click on that email […]

Tags: , , ,
Posted in Conference 1 Comment »

DeepSec 2014 Talk: An innovative and comprehensive Framework for Social Vulnerability Assessment

September 11, 2014

Do you get a lot of email? Do customers and business partners send you documents? Do you talk to people on the phone? Then you might be interested in an assessment of your vulnerability by social interactions. We are proud to host a presentation by Enrico Frumento of CEFRIEL covering this topic. As anyone probably […]

Tags: , , , ,
Posted in Conference 3 Comments »

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

September 10, 2014

All good defences start with some good ideas. The is also true for information security. DeepSec 2014 features a presentation by Vlado Luknar who will give you decent hints and a guideline on how to approach the dreaded risk assessment with readily available tools. We have kindly asked Vlado to give you a detailed teaser […]

Tags: , , ,
Posted in Conference Comments Off on DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

DeepSec 2014 Talk: MLD Considered Harmful – Breaking Another IPv6 Subprotocol

September 9, 2014

In case you haven’t noticed, the Internet is getting crowded. Next to having billions of people online, their devices are starting to follow. Information security experts can’t wait to see this happen. The future relies on the Internet Protocol Version 6 (IPv6). IPv6 features a lot of improvements over IPv4. Since you cannot get complex […]

Tags: , , ,
Posted in Conference, Internet 1 Comment »

DeepSec 2014 Keynote: The Measured CSO

September 8, 2014

It’s good if your organisation has someone to take on information security. However it’s bad if you are the person in this position. Few are lucky enough to actually deal with improving information security. And some are caught in compliance fighting an uphill struggle against regulations and audits that have nothing to do with the […]

Tags: ,
Posted in Conference 2 Comments »

EuroTrashSecurity Podcast – Microtrash37 : DeepSec 2014 Content

September 5, 2014

Microtrash37 of the EuroTrashSecurity podcast is out! We had a little talk with Chris about the schedule of DeepSec 2014 and what to expect. It’s a teaser for the blog articles about the talks and the trainings to come. We will describe more details on the blog, but you get a good overview what to […]

Tags: , , ,
Posted in Conference 1 Comment »