DeepSec 2020 Online Training: Mobile Security Testing Guide Hands-On – Sven Schleier & Ryan Teoh

Sanna/ September 3, 2020/ Conference, Training/ 0 comments

This online course teaches you how to analyse Android and iOS apps for security vulnerabilities, by going through the different phases of testing, including dynamic testing, static analysis and reverse engineering. Sven and Ryan will share their experience and many small tips and tricks to attack mobile apps. We asked Sven and Ryan a few more questions about their training. Please tell us the top 5 facts about your training. Learn a holistic methodology for testing the security of mobile apps A full Penetration Test against iOS apps can also be done on non-jailbroken devices! Learn how to bypass Anti-Frida security controls in a mobile app with Frida Focus on hands-on exercises during the training with vulnerable apps build by the trainers You just need to have a laptop (no Android or iOS devices

Read More

DeepSec 2020 U21 Talk: Protecting Mobile Devices from Malware Attacks with a Python IDS – Kamila Babayeva, Sebastian Garcia

Sanna/ September 2, 2020/ Conference/ 0 comments

[Editorial note: We are proud to publish the articles about the U21 presentation slot for young researchers. The U21 track is a tradition of DeepSec. We aim to support (young) talents and give them a place on the stage to present their ideas and to gain experience.] Technology poses a risk of cyber attacks to all of us, but mobile devices are more at risk because there are no good detection applications for phones, and because they are the target of many novel attacks. We still don’t have a good idea of what our phones are doing in the network. To be better protected, mobile devices need better detection solutions from our community. In this talk I will present the development of Slips, a Python-based, free software IDS using machine learning to detect attacks

Read More

DeepSec 2020 Talk: Security Model Of Endpoint Devices – Martin Kacer

Sanna/ September 1, 2020/ Conference/ 0 comments

Have you ever asked these questions? You are using the latest mobile and using your laptop with the latest and patched OS, running antivirus: Do you need to worry about security? Isn’t there still something broken in the entire security and permission model? Why can the desktop application, that is not an internet browser, access and communicate by using any IP address? Why can the application access your whole filesystem and collect the files from there? Why can an android app with internet permission communicate using any arbitrary IP, even a private one? Why can the app communicate by using different domains? Isn’t the app market ecosystem creating a friendly environment for botnets? This talk will shed some light on these issues and propose some mitigation strategy. We have asked Martin a few more

Read More

Administrivia – DeepSec 2020 Schedule, in-depth Articles, and Tickets

René Pfeiffer/ September 1, 2020/ Administrivia, Conference/ 0 comments

We have some news. The schedule for DeepSec is getting stable. 🎉 Juggling the presentations slots and keeping in touch with all speakers and trainers is always the most dynamic part of DeepSec events. The current situation puts an extra strain on the preparations. We intend to conduct as much on-site presentations as possible. So far only two trainings and selected talks will be virtual. The main part of the schedule will be physically on-site. Please note our updated counter COVID-19 measures document. We have some more features planned for anyone attending, because we want to keep you busy during the conference. The ticket shop is online and waiting for your orders. We know that most people book late. Usually this is not a problem. Nevertheless we like to ask you to book early

Read More