Archive for October, 2018

DeepSec2018 Talk: Manipulating Human Memory for Fun and Profit – Stefan Schumacher

October 31, 2018

Manipulating the Human Memory for Fun and Profit, or: Why you’ve never met Bugs Bunny in DisneyLand Hacking is not limited to technical things — like using a coffee machine to cook a soup — but also makes use of social engineering. Social engineering is the (mis)use of human behaviour like fixed action patterns, reciprocity […]

Tags: , , , , , , ,
Posted in Conference, Discussion No Comments »

DeepSec 2018 Talk: Mapping and Tracking WiFi Networks / Devices without Being Connected – Caleb Madrigal

October 30, 2018

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, Kismet, et al. But what if you just want to view a list of all networks in your area along with all the devices connected to them? Or maybe you want to know who’s hogging all the bandwidth? Or […]

Tags: , , , , , , ,
Posted in Conference No Comments »

DeepSec 2018 Talk: Drones, the New Threat from the Sky – Dom (D#FU5E) Brack

October 29, 2018

I will talk about drones (not military ones). Drone risks and countermeasures. Drones have become an inherent risk not just for critical infrastructure, but also public events (sports, concerts) and privacy. I will speak about the exclusive risk catalogue I have developed for a small highly specialised start-up called DroneGuard. The catalogue contains over 140 […]

Tags: , , , , , ,
Posted in Conference, Security No Comments »

ROOTS Schedule almost ready, mind your DeepSec Training Tickets, DeepINTEL Schedule is coming up

October 19, 2018

The review process for ROOTS has been completed a few days ago. Proper reviews are hard, this is why it took a bit longer. The accepted papers will be in the schedule at the beginning of next week for we need the redacted abstracts of all presentations. The research topics are worth it, so make […]

Tags: , ,
Posted in Administrivia, Conference No Comments »

DeepSec 2018 Talk: Security Response Survival Skills – Benjamin Ridgway

October 17, 2018

Jarred awake by your ringing phone, bloodshot eyes groggily focus on a clock reading 3:00 AM. A weak “Hello?” barely escapes your lips before a colleague frantically relays the happenings of the evening. As the story unfolds, you start to piece together details leading you to one undeniable fact: Something has gone horribly wrong… Despite […]

Tags: , , , , ,
Posted in Conference, Security No Comments »

Translated RadioFM4 Article: Hype about “Chinese Espionage Chips” stems from the Pentagon

October 16, 2018

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience, because the author raises some important questions.] In the FM4 fact check the sensational report by the business […]

Tags: , , , , , , , , , ,
Posted in Discussion, High Entropy, Press, Security No Comments »

Translated Press Release: Systemic Errors as Vulnerabilities – Backdoors and Trojan Horses

October 9, 2018

DeepSec and Privacy Week highlight consequences of backdoors in IT Vienna (pts009/09.10.2018/09:15) – Ever since the first messages were sent, people try to intercept them. Today, our modern communication society writes more small, digital notes than one can read along. Everything is protected with methods of mathematics – encryption is omnipresent on the Internet. The […]

Tags: , , , , ,
Posted in Conference, Discussion, Press, Security No Comments »

DeepSec 2018 Talk: A Tour of Office 365, Azure & SharePoint, through the Eyes of a Bug Hunter – Dr.-Ing Ashar Javed

October 5, 2018

Cross-Site Scripting (XSS) outbreak has started almost twenty years ago and since then it has been infecting web applications at a concerning pace. It is feared that the influx of programs and bug hunters arriving at bug bounty platforms will worsen the situation given more disclosed cases of bug(s) or public citing and viewing. According […]

Tags: , , , , ,
Posted in Conference, Security No Comments »

DeepSec 2018 Talk: Leveraging Endpoints to Boost Incident Response Capabilities – Francisco Galian, Mauro Silva

October 5, 2018

The information technology world is full of terms and acronyms. You got servers, nodes, clients, workstations, mobile devices, lots of stuff talking via the network to even more stuff. And then you got security breaches. How do you detect the latter? Well, you look for things out of the ordinary. Error messages, anomalies in behaviour, […]

Tags: , , , ,
Posted in Conference, Security No Comments »

DeepSec 2018 Talk: Dissecting The Boot Sector: The Hunt for Ransomware in the Boot Process – Raul Alvarez

October 4, 2018

Ransomware is as cyber as it gets these days. It’s all over the news, and it is a lucrative business case. Modern malicious software has been put to work for its masters. It is the platform of deployment for a whole variety of additional code. So why is ransomware not the same as any other […]

Tags: , , , , , , ,
Posted in Conference, Security No Comments »

DeepSec 2018 Talk: Uncovering Vulnerabilities in Secure Coding Guidelines – Fernando Arnaboldi

October 3, 2018

Several government-related and private organizations provide guidance on how to improve the security of existing software as well as best practices for developing new code. These organizations include the Computer Emergency Readiness Team (CERT) Secure Coding Standards, Common Weakness Enumeration (CWE), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) […]

Tags: , , , , , , ,
Posted in Conference, Security No Comments »

DeepSec 2018 Talk: Security as a Community Healthcare: Helping Small Non-Profit Organisations Stay Secure – Eva Blum-Dumontet

October 2, 2018

This talk will look at the way Privacy International has relied on its experience from working with a network of small NGOs across the Global South to shape its approach to security and develop Thornsec, an automated way to deploy, test, and audit internal and external services for an organisation. Privacy International works with a […]

Tags: , , , , , , ,
Posted in Conference, Security No Comments »