Archive for October, 2019

DeepSec 2019 Talk: Oh! Auth: Implementation Pitfalls of OAuth 2.0 & the Auth Providers Who Have Fell in It – Samit Anwer

October 31, 2019

Since the beginning of distributed personal computer networks, one of the toughest problems has been to provide a seamless and secure SSO experience between unrelated servers/services. OAuth is an open protocol to allow secure authorization in a standard method from web, mobile and desktop application. The OAuth 2.0 authorization framework enables third-party applications to obtain […]

Tags: , , , , ,
Posted in Conference No Comments »

DeepSec 2019 Talk: Still Secure. We Empower What We Harden Because We Can Conceal – Yury Chemerkin

October 30, 2019

The launch of Windows 10 has brought many controversial discussions around the privacy factor of collecting and transmitting user data to Microsoft and its partners. But Microsoft was not the first, Apple did it many years ago and there was no public research on how much data were leaked out from MacOS. There is a […]

Tags: , , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Talk: Chinese Police and CloudPets – Abraham Aranguren

October 29, 2019

[In our Call for Papers we mentioned that DeepSec and specifically DeepINTEL will have a connection to geopolitics. Well, the following description of a presentation at DeepSec gives you an idea of what we meant.] This talk is a summary of three different security audits with an interesting background: First, CloudPets, their epic track record, […]

Tags: , , , , , , ,
Posted in Conference, Security No Comments »

Scheduled Maintenance for Web Site and Blog

October 28, 2019

Today there will be an interruption of power supply and network connectivity. The systems affected are our web site and our blog. While the downtime is scheduled and part of our maintenance, the reason for the downtime was not. It has to do with rain, pipes, and queues. To quote Marcus Ranum: As security or […]

Posted in Administrivia No Comments »

DeepSec 2019 Talk: Comparing GnuPG With Signal is like Comparing Apples with Smart Light Bulbs – Hans Freitag

October 28, 2019

GnuPG is not designed to be used only in E-Mail, it plays an important role in securing all sorts of mission critical data. In this talk I will show you applications of GnuPG that are not E-Mail or Instant Messaging. We asked Hans a few more questions about his talk. Please tell us the top […]

Tags: , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Training: Threat Hunting with OSSEC – Xavier Mertens

October 26, 2019

OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. During this training, you will learn the basic of OSSEC and its components, how to deploy it and […]

Tags: , , ,
Posted in Training No Comments »

DeepSec 2019 Training: Pentesting Industrial Control Systems – Arnaud Soullie

October 25, 2019

In this intense two day training at DeepSec, you will learn everything you need to start pentesting Industrial Control Networks [also called Industrial Control Systems (ICS)]. We will cover the basics to help you understand what are the most common ICS vulnerabilities. We will then spend some time learning and exploiting Windows & Active Directory […]

Tags: , , , ,
Posted in Training No Comments »

Threats and Solutions for Supply Chain Attacks in IT – DeepSec conference sheds light on the concatenated logistics of information technology.

October 25, 2019

On the web you can find videos of very sophisticated constructions of many dominoes. If you knock over one domino, a whole cascade of breathtaking actions follows. The domino effect in your own IT infrastructure is much less entertaining. Even there, everything usually begins harmlessly with a small action – reading a message, forwarding a […]

Tags: , ,
Posted in Conference No Comments »

DeepSec 2019 Training: Mobile Hacking – Davy Douhine and Guillaume Lopes

October 24, 2019

Guillaume Lopes and Davy Douhine, senior pentesters, will share many techniques, tips and tricks with pentesters, bug bounty researchers or just the curious in a 100% “hands-on” training. Their goal is to introduce tools(Adb, Apktool, Jadx, Androguard, Cycript, Drozer, Frida, Hopper, Needle, MobSF, etc.) and techniques to help you to work faster and in a […]

Tags: , , , ,
Posted in Training No Comments »

L’Internet des faits et la peur dans la sécurité informatique – Les conférences DeepSec et DeepINTEL dévoilent leurs programmes – bits, bytes, sécurité et géopolitique

October 17, 2019

« No man is an island ». Cette citation (« Aucun homme n’est une île ») est de l’écrivain anglais John Donne. Si la phrase est devenue célèbre au XVIIe siècle, elle prend un tout autre sens à l’ère du numérique. La version moderne serait plutôt : il n’y a plus aucune île. De plus en plus de domaines du […]

Tags: , ,
Posted in Conference, DeepIntel No Comments »

DeepSec 2019 Talk: What’s Wrong with WebSocket APIs? Unveiling Vulnerabilities in WebSocket APIs – Mikhail Egorov

October 16, 2019

WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported […]

Tags: , , , , , , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Talk: “The Daily Malware Grind” – Looking Beyond the Cybers – Tim Berghoff, Hauke Gierow

October 8, 2019

Given the noise generated around all the “sexy” and no doubt interesting topics like 0days, APT, and nation state-sponsored threat actors it is easy to miss what is really going on out there, in the world of Joe Average. Actual telemetry data paints a picture that is in many respects different from what happens in […]

Tags: , , ,
Posted in Conference No Comments »

DeepSec Scholar Program – Call for Applications

October 8, 2019

DeepSec has a past of supporting research projects and the researchers themselves. For 2019 and the years to come we have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their […]

Tags: , , ,
Posted in Call for Papers, Conference No Comments »

ROOTS 2019 Invited Talk: Please, Bias Me! – Pauline Bourmeau

October 1, 2019

Anyone doing research, audits, code reviews, or development will most probably use her or his brain. Have you ever considered what can influence your decisions and thinking processes? We asked Pauline Bourmeau to explain and to share her thoughts on this matter. Cognitive bias influences our decisions and affects many part of our daily life. […]

Tags: , , , , ,
Posted in Conference, ROOTS No Comments »