DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

Sanna/ October 31, 2016/ Conference, Security

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection measures. In fact, based on new technical developments and opportunities, data theft has become much easier these days: Mobile trends like BYOD, the increased ability to work from home, access to the organization’s systems when on the road, cloud services with related security vulnerabilities for example, as well as more and more malware opportunities have increased the potential of related attacks. Other main security obstacles and trigger factors inside and outside an organization may be, to name a few, a

Read More

DeepSec2016 Workshop: IoT Hacking: Linux Embedded, Bluetooth Smart, KNX Home Automation – Slawomir Jasek

Sanna/ October 31, 2016/ Conference, Internet, Security

“The ongoing rise of the machines leaves no doubt – we have to face them”, says Slawomir Jasek, and adds: “It is hard not to agree with one of the greatest military strategists Sun Tzu: “If you know your enemies and know yourself, you will not be put at risk even in a hundred battles”. Right now it is about time to fill that gap in your skills by confronting the devices, learning their flaws, catalog ways to defeat them, and – above all – develop means to reduce the risk and regain control.” Slawomir’s training consists of several modules: 1. Linux embedded Linux embedded is probably the most popular OS, especially in SOHO equipment like routers, cameras, smart plugs, alarms, bulbs, home automation, and even wireless rifles. Based on several examples, you will learn

Read More

DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco

Sanna/ October 21, 2016/ Conference, Interview

Please tell us the top facts about your talk. It discloses a vulnerability that affects Linux systems encrypted with Luks, and how it can be abused to escalate privileges: CVE-2016-4484 Includes a sketch of the boot sequence with a deeper insight into the initrd Linux process A brief discussion about why complexity is the enemy of security: The whole system needs to be observed. A practical real working demo attack will be presented. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? Well, this is a difficult question. Basically, it is an attitude in front of the computer. When we start a research line, we don’t stop digging until the ultimate doubt and question is addressed. After the GRUB 28 bug, we keep reviewing the rest of

Read More

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

Sanna/ October 21, 2016/ Conference, Development, Security

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a process to better detect and understand when you’ve been breached?” More and more security data is being produced and usually aggregated into a central location or body to hopefully take quick and informed decisions on attacks or compromises amongst a mountain of data. When you start to include data gathered from your endpoints the amount of data starts to explode exponentially. This level of data provides us with a large amount of visibility. But is having visibility enough? What

Read More

DeepSec2016: 0patch – Self-healing Security Updates. DeepSec and ACROS Security Introduce a Platform for Micropatches

Sanna/ October 20, 2016/ Conference, Development, Schedule, Security, Training

As soon as a security gap in an computer application is made public the anxious wait begins. Whether it is software for your own network, online applications or apps for your mobile devices, as a user you will quickly become aware of your own vulnerability. The nervousness increases. When will the vendor publish the security update? In the meanwhile is there anything you can do to reduce the risks? Alternatively, how long can you manage without this certain software? To provide answers to these questions is the central point of security management. Some vendors have fixed dates for security updates. However, occasionally unscheduled updates take place, while some vendors wait quite a few years before they release another update. And this is only true for applications that are still in production or come with a support

Read More

DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal

Sanna/ October 20, 2016/ Conference, Development, Security

In his talk Nikhil Mittal will focus on AMSI: In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI), which is designed to target script based attacks and malware. Script based attacks have been lethal for enterprise security and with the advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written in PowerShell, VBScript, JScript, etc. It drastically improves detection and the blocking rate of malicious scripts. When a piece of code is submitted for execution to the scripting host, AMSI steps in and scans the code for malicious content. What makes AMSI effective is that no matter how obfuscated the code is, it needs to be presented to the script host in clear text and unobfuscated. Moreover, since the code is submitted to AMSI just before execution, it doesn’t

Read More

DeepSec 2016 Talk: TLS 1.3 – Lessons Learned from Implementing and Deploying the Latest Protocol – Nick Sullivan

Sanna/ October 19, 2016/ Conference, Development, Internet, Security

Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. TLS was last changed in 2008, and a lot of progress has been made since then. CloudFlare will be the first company to deploy this on a wide scale. In his talk Nick Sullivan will be able to discuss the insights his team gained while implementing and deploying this protocol. Nick will explore differences between TLS 1.3 and previous versions in detail, focusing on the security improvements of the new protocol as well as some of the challenges his team faces around securely implementing new features such as 0-RTT resumption. He’ll also demonstrate an attack on the way some

Read More

DeepSec 2016 Talk: Where Should I Host My Malware? – Attila Marosi

Sanna/ October 18, 2016/ Conference, Internet, Security

The growth of IoT devices continues to raise questions about their role and impact on cybersecurity. Badly or poorly configured devices are easy targets for malicious actors. At first glance launching an attack against IoT devices seems challenging due to the diversity of their ecosystem, but actually an attack is very easy to execute. In his talk Attila Marosi will explain why the IoT is a cybercriminal’s paradise: “In our SophosLabs research, we focused on a very generic attack scenario that would affect almost any device using FTP services – Your router or network-attached storage (NAS) for example. These attacks typically exploit the level of trust people place on any content hosted on internal network shares. A successful attacker would abuse or compromise a default FTP guest account, place a “Trojan horse” in a visible file share and rely on human curiosity

Read More

DeepSec 2016 Talk: Unveiling Patchwork – Gadi Evron

Sanna/ October 17, 2016/ Conference, Internet, Security Intelligence

Nation state attacks are very popular – in the news and in reality. High gain, low profile, maximum damage. From the point of information security it is always very insightful to study the anatomy of these attacks once they are known. Looking at ways components fail, methods adversaries use for their own advantage, and thinking of possible remedies strengthens your defence. At DeepSec 2016 Gadi Evron will share knowledge about an operation that went after government systems all around the world. Patchwork is a highly successful nation state targeted attack operation, which infected approximately 2,500 high-value targets such as governments, worldwide. It is the first targeted threat captured using a commercial cyber deception platform. In his talk Gadi Evron will share how deception was used to catch the threat actor, and later on secure their second stage malware

Read More

DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin

Sanna/ October 16, 2016/ Conference, Internet, Security

At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered. Paul will provide you with defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2. He kindly answered a few questions beforehand: Please tell us the top facts about your talk. The presentation focuses on commonly overlooked layer 2 security issues. In many cases penetration testers and auditors focus on the upper layers of the OSI model and miss the low hanging fruit at layer 2. The talk will cover both offensive exploit techniques and methods for securing networks. Multicast switching and routing protocols, router redundancy protocols, IPv6 and other

Read More

DeepSec2016 Talk: Security and Privacy in the Current E-Mobility Charging Infrastructure – Achim Friedland

Sanna/ October 15, 2016/ Conference, Development, Security

The whole information technology strongly depends on electric power. Your servers will turn into expensive door stoppers once the power goes out. The same is true for your mobile devices and the hardware you use to get around. Hence there are efforts to extend the power grid to accommodate the demand of new and emerging technologies. The charging infrastructure requires some security considerations. You cannot simply put a cable into any power socket, throw it our of the windows, and use it for charging unknown devices and vehicles. It’s a bit more complicated. At DeepSec 2016 Achim Friedland will give you an overview on what charging really means. In his talk Achim Friedland focuses on the emerging market of  smart and electric mobility as an interesting area of research and development for both academia and startups.

Read More

DeepSec2016 Workshop: Offensive PowerShell for Red and Blue Teams – Nikhil Mittal

Sanna/ October 14, 2016/ Conference, Security, Training

Penetration Tests and Red Team operations for secured environments need altered approaches, says Nikhil Mittal. You cannot afford to touch disks, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. PowerShell has changed the way Windows networks are attacked – it is Microsoft’s shell and scripting language available by default in all modern Windows computers and can interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teams to learn PowerShell. Nikhil Mittals training is aimed towards attacking Windows networks using PowerShell. It is based on real world penetration tests and Red Team engagements for highly secured environments. We asked Nikhil

Read More

Smart Homes are the battlefield of the future – DeepSec Conference examines the Internet of Things

Sanna/ October 14, 2016/ Conference, Internet, Press, Security, Veranstaltung

The Internet of Things is knocking at your door. Many businesses and private individuals have already admitted IoT to their offices and homes, unfortunately often without knowing what they’ve let themselves in for. A naive belief in progress opens all gates, doors and windows to attackers. This is a serious matter. Therefore, DeepSec Conference will focus on this topic on the occasion of its 10th anniversary. The program includes lectures and workshops about the components of smart devices, smart houses and smart networks. Not all products come with a solid security concept. How to test if your devices function properly? What consequences has the total conversion to “smart”? How to proceed correctly to select appropriate systems? Hacked by your fridge Spectacular burglaries have always been the best material for screenplays. We know the scene

Read More

DeepSec 2016 Talk: The Perfect Door and The Ideal Padlock – Deviant Ollam

Sanna/ October 14, 2016/ Conference, Discussion, Security

You have spent lots of money on a high-grade pick-resistant lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have little or nothing to do with the lock itself! Deviant Ollams talk  will be a hard-hitting exploration (full of photo and video examples) of the ways in which your doors and padlocks – the most fundamental part of your physical security – can possibly be thwarted by someone attempting illicit entry. The scary problems will be immediately followed by simple solutions that are instantly implementable and usually very within-budget. You, too, can have a near-perfect door and acquire ideal

Read More

DeepSec 2016 Workshop: Do-It-Yourself Patching: Writing Your Own Micropatch – Mitja Kolsek

Sanna/ October 13, 2016/ Conference, Development, Security, Training

The current state of updating software – be it operating systems, applications or appliances – is arguably much better than it was a decade ago, but apparently not nearly good enough to keep even the most critical systems patched in a timely manner – or at all, says Mitja Kolsek. Official vendor updates are cumbersome, costly to apply, even more costly to revert and prone to breaking things as they replace entire chunks of a product. Enterprises are therefore left with extensive and expensive testing of such updates before they dare to apply them in production, which gives attackers an endless supply of “n-day” vulnerabilities with published exploit code. Furthermore, for various entirely rational reasons, many organizations are using products with no security updates such as old Java runtimes, Windows XP, or expensive industry

Read More