Archive for November, 2018

Special Offer for “Mastering Web Attacks with Full-Stack Exploitation” Training – get 3 for the Price of 1

November 19, 2018

The DeepSec training Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan has some seats left. Dawid has agreed to give away free access to two of his online courses for everyone booking tickets until Wednesday, 21 November 2018 (2359 CET). This gives you a perfect preparation for penetration testing, software development, […]

Tags: , , , ,
Posted in Conference No Comments »

DeepSec 2018 Talk: RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues – Ulrike Hugl

November 14, 2018

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for […]

Tags: , , , , , , , , , ,
Posted in Conference No Comments »

ROOTS 2018 Talk: The Swift Language from a Reverse Engineering Perspective – Malte Kraus & Vincent Haupert

November 13, 2018

Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising adoption of this new […]

Tags: , , , , , , ,
Posted in Conference, ROOTS No Comments »

Last Call for your Web Application Security Training – Break all teh Web and enjoy it!

November 9, 2018

The Internet is full of web applications. Sysadmins used to joke that HTTP is short for Hypertext Tunnelling Protocol, because anything but web content is transported via HTTP these days. It’s the best way to break out of restricted environment, too. So the chances are good that you will need the skills for dealing with […]

Tags: , , , , , ,
Posted in Conference, Security No Comments »

ROOTS 2018: How Android’s UI Security is Undermined by Accessibility – Anatoli Kalysch

November 9, 2018

Android’s accessibility API was designed to assist users with disabilities, or temporarily preoccupied users unable to interact with a device, e.g., while driving a car. Nowadays, many Android apps rely on the accessibility API for other purposes, including apps like password managers but also malware. From a security perspective, the accessibility API is precarious as […]

Tags: , , , , ,
Posted in Conference, ROOTS No Comments »

DeepINTEL 2018 Talk: Risk Management in Complex Scenarios – Oscar Serrano

November 8, 2018

ICT risk management is a well-stabilized practice and as such is supported by international security standards and guidelines. But, despite advances in the legal and policy areas and the maturation of standardized frameworks for efficient risk management, it has still not become a controlled, systematic process in the cyber security domain of most organizations. One […]

Tags: , , ,
Posted in Conference, DeepIntel, Security No Comments »

Binary Blob Apocalypse – Firmware + Cryptography = less Security

November 6, 2018

A couple of years ago we had a chat with one of our sponsors, Attingo. They are specialised in data recovery from all kinds of media and in all kinds of conditions. Since vendors keep secrets from the rest of the world, the data rescuers do a lot of reverse engineering in order to decode […]

Tags: , ,
Posted in High Entropy, Security No Comments »

DeepSec 2018 Training: Advanced Infrastructure Hacking – Anant Shrivastava

November 5, 2018

Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. We asked Anant a few more questions about his […]

Tags: , , , , ,
Posted in Conference, Training No Comments »

DeepINTEL 2018 Talk: Cyber Threat Intelligence – The Next Era of Cyber Security? – Markus Auer

November 5, 2018

The DeepINTEL security intelligence conference focuses on threats, indicators of compromise, and strategic counter measures. Information security is more than superficial. This is why we have asked Markus Auer to hold a presentation at DeepINTEL (28 November 2018). He explains his ideas in short: We are tired of adding new products to our ever-growing security […]

Tags: , , , ,
Posted in DeepIntel, Security Intelligence No Comments »

DeepINTEL 2018 Security Intelligence Event – Preliminary Schedule is available

November 3, 2018

It took us longer than anticipated, but the schedule for DeepINTEL 2018 is final and available. The topics covered are ICT risk assessment in interconnected and complex environments, drone threats (to critical infrastructure), drone countermeasures, assessment of digital black markets (you can call them darkweb/crypto markets if you must), live threats to the information industry […]

Tags: , ,
Posted in Conference, DeepIntel No Comments »

DeepSec 2018 Talk: Suricata and XDP, Performance with an S like Security – Eric Leblond

November 2, 2018

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in […]

Tags: , , , , , , , ,
Posted in Conference, Security No Comments »