DeepSec 2014 Workshop: Suricata Intrusion Detection/Prevention Training

René Pfeiffer/ September 25, 2014/ Conference, Internet, Training

Getting to know what’s going on is a primary goal of information security. There is even a name for it: intrusion detection. And there are tools to do this. That’s the easy part. Once you have decided you want intrusion detection or intrusion prevention, the implementation part becomes a lot more difficult. Well, if you need help with this issue, there is a two-day workshop for you at DeepSec 2014 – the Suricata Training Event. Suricata is a high performance Network Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Network Security Monitoring engine. It can serve pretty much all your needs. It’s Open Source (so it cannot be bought and removed from the market) and owned by a very active community. Suricata is managed by the non-profit foundation; the Open Information Security Foundation

Read More

DeepSec 2014 Talk: A Myth or Reality – BIOS-based Hypervisor Threat

René Pfeiffer/ September 24, 2014/ Conference, High Entropy

Backdoors are devious. Usually you have to look for them since someone has hidden or „forgotten“ them. Plus backdoors are very fashionable these days. You should definitely get one or more. Software is (very) easy to inspect for any rear entrances. Even if you don’t have access to the source code, you can deconstruct the bytes and eventually look for suspicious parts of the code. When it comes to hardware, things might get complicated. Accessing code stored in hardware can be complex. Besides it isn’t always clear which one of the little black chips holds the real code you are looking for. Since all of our devices we use every days runs on little black chips (the colour doesn’t matter, really), everyone with trust issues should make sure that control of these devices is

Read More

Back from 44CON – Conference Impressions

René Pfeiffer/ September 21, 2014/ High Entropy, Security, Stories

If you haven’t been at 44CON last week, you missed a lot of good presentations. Plus you haven’t been around great speakers, an excellent crew, “gin o’clock” each day, wonderful audience, and great coffee from ANTIPØDE (where you should go when in London and in desperate need of good coffee). Everyone occasionally using wireless connections (regardless if Wi-Fi or mobile phone networks) should watch the talks on GreedyBTS and the improvements of doing Wi-Fi penetration testing by using fake alternative access points. GreedyBTS is a base transceiver station (BTS) enabling 2G/2.5G attacks by impersonating a BTS. Hacker Fantastic explained the theoretical background and demonstrated what a BTS-in-the-middle can do to Internet traffic of mobile phones. Intercepting and re-routing text messages and voice calls can be done, too. Implementing the detection of fake base stations

Read More

DeepSec 2014 Talk: Why Anti-Virus Software fails

René Pfeiffer/ September 17, 2014/ Conference

Filtering inbound and outbound data is most certainly a part of your information security infrastructure. A prominent component are anti-virus content filters. Your desktop clients probably have one. Your emails will be first read by these filters. While techniques like this have been around for a long time, they regularly draw criticism. According to some opinions the concept of anti-virus is dead. Nevertheless it’s still a major building block of security architecture. The choice can be hard, though. DeepSec 2014 features a talk by Daniel Sauder, giving you an idea why anti-virus software can  fail. Someone who is starting to think about anti-virus evasion will see, that this can be reached easy (see for example last year’s DeepSec talk by Attila Marosi). If an attacker wants to hide a binary executable file with a

Read More

DeepSec 2014 Talk: Advanced Powershell Threat – Lethal Client Side Attacks

René Pfeiffer/ September 16, 2014/ Conference

Modern environments feature a lot of platforms that can execute code by a variety of frameworks. There are UNIX® shells, lots of interpreted languages, macros of all kinds (Office applications or otherwise), and there is the Microsoft Windows PowerShell. Once you find a client, you usually will find a suitable scripting engine. This is very important for defending networks and – of course – attacking them. Nikhil Mittal will present ways to use the PowerShell in order to attack networks from the inside via the exploitation of clients. PowerShell is the “official” shell and scripting language for Windows. It is installed by default on all post-Vista Windows systems and is found even on XP and Windows 2003 machines in an enterprise network. Built on the .NET framework, PowerShell allows interaction with almost everything one

Read More

DeepSec 2014 Talk: Trusting Your Cloud Provider – Protecting Private Virtual Machines

René Pfeiffer/ September 12, 2014/ Conference

The „Cloud“ technology has been in the news recently. No matter if you use „The Cloud™“ or any other technology for outsourcing data, processes and computing, you probably don’t want to forget about trust issues. Scattering all your documents across the Internet doesn’t require a „Cloud“ provider (you only need to click on that email with the lottery winnings). Outsourcing any part of your information technology sadly requires a trust relationship. How do you solve this problem? Armin Simma of the Vorarlberg University of Applied Sciences has some ideas and will present them at DeepSec 2014. Th presentation shows a combination of technologies on how to make clouds trustworthy. One of the top inhibitors for not moving (virtual machines) to the cloud is security. Cloud customers do not fully trust cloud providers. The problem

Read More

DeepSec 2014 Talk: An innovative and comprehensive Framework for Social Vulnerability Assessment

René Pfeiffer/ September 11, 2014/ Conference

Do you get a lot of email? Do customers and business partners send you documents? Do you talk to people on the phone? Then you might be interested in an assessment of your vulnerability by social interactions. We are proud to host a presentation by Enrico Frumento of CEFRIEL covering this topic. As anyone probably knows nowadays spear-phishing is probably the most effective threat, and it is often used as a first step of most sophisticated attacks. Even recent JP Morgan Chase’s latest data breach seems to be originated by a single employee (just one was enough!) who was targeted by a contextualized mail. Into this new scenario it is hence of paramount importance to consider the human factor into companies’ risk analysis. However, is any company potentially vulnerable to these kind attacks? How

Read More

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

René Pfeiffer/ September 10, 2014/ Conference

All good defences start with some good ideas. The is also true for information security. DeepSec 2014 features a presentation by Vlado Luknar who will give you decent hints and a guideline on how to approach the dreaded risk assessment with readily available tools. We have kindly asked Vlado to give you a detailed teaser on what to expect: It seems fairly obvious that every discussion about information security starts with a risk assessment. Otherwise, how do we know what needs to be protected, how much effort and resources we should put into preventing security incidents and potential business disasters? With limited time and budget at hand we’d better know very well where to look first and what matters the most. If we look at some opinion-making bodies in information security, such as ISF,

Read More

DeepSec 2014 Talk: MLD Considered Harmful – Breaking Another IPv6 Subprotocol

René Pfeiffer/ September 9, 2014/ Conference, Internet

In case you haven’t noticed, the Internet is getting crowded. Next to having billions of people online, their devices are starting to follow. Information security experts can’t wait to see this happen. The future relies on the Internet Protocol Version 6 (IPv6). IPv6 features a lot of improvements over IPv4. Since you cannot get complex stuff right at the first time, IPv6 brings some security implications with it. Past and present conferences have talked about this. DeepSec 2014 is no exception. Enno Rey of ERNW will talk about Multicast Listener Discovery (MLD) in his presentation. The presentation is the first time that the results of an ongoing research of MLD are published. MLD is a protocol belonging to the IPv6 family, and sadly it features insecurities. MLD (Multicast Listener Discovery), and its successor, MLDv2,

Read More

DeepSec 2014 Keynote: The Measured CSO

René Pfeiffer/ September 8, 2014/ Conference

It’s good if your organisation has someone to take on information security. However it’s bad if you are the person in this position. Few are lucky enough to actually deal with improving information security. And some are caught in compliance fighting an uphill struggle against regulations and audits that have nothing to do with the threats to your business. The management of Information Security has become over-regulated and to some degree, over-focused on compliance to policy/regulation, architectural decisions, network access, and vulnerability management. As a result, many CISOs struggle to define success in terms that match the goals of their business, and struggle to make their risk management efforts relevant to senior executives. How do you achieve that? Alex Hutton will tell you in his keynote talk at DeepSec 2014. His goal is for

Read More

EuroTrashSecurity Podcast – Microtrash37 : DeepSec 2014 Content

René Pfeiffer/ September 5, 2014/ Conference

Microtrash37 of the EuroTrashSecurity podcast is out! We had a little talk with Chris about the schedule of DeepSec 2014 and what to expect. It’s a teaser for the blog articles about the talks and the trainings to come. We will describe more details on the blog, but you get a good overview what to expect from the audio. We also got some inside information on the upcoming BSidesVienna 0x7DE. We will definitely attend and so should you! The BSidesVienna has some cool surprises for you. Don’t miss out on the chance to get together. The Call for Papers is still open! If you have something to share, please consider submitting a talk.