1811, 2025

DeepSec Trainings

René Pfeiffer/ November 18, 2025/ Conference/ 0 comments

Our trainings have started. The participants are enjoying an undisturbed two-day deep-dive into selected topics of IT security. It’s a good idea to take a step back from time to time, exchange thoughts, share experience, and to test your knowledge against an ever-changing world. Large Language Models need their training phases, as does the human brain. The topics covered are full-stack attacks against web applications, threat modeling, eCrime intelligence, and fundamentals of covert entry by bypassing mechanical lock systems along with their digital counterparts. Enjoy staying and learning in Vienna at DeepSec!

1711, 2025

DeepSec 2025 Talk: How To Breach: From Unconventional Initial Access Vectors To Modern Lateral Movement – Benjamin Floriani & Patrick Pongratz

Sanna/ November 17, 2025/ Conference/ 0 comments

The perpetual cat-and-mouse game between attackers and defenders has pushed offensive security operators to innovate. While enterprise security teams have become adept at identifying and blocking malicious Office documents, suspicious executables, and known phishing URLs, a significant blind spot often remains: the gray area of “benign” file formats that are implicitly trusted by both users and security tools. This talk will arm attendees with the knowledge to identify and leverage these blind spots in red team engagements. We will begin by exploring the strategic shift from noisy, high-volume attacks to stealthy, low-profile techniques designed to circumvent modern EDR, email gateways, and web proxies. We’ll discuss why certain file types and delivery mechanisms succeed where others fail, focusing on the technical elements that make them effective. This includes exploiting the browser’s rendering engine and abusing

Read More

1611, 2025

DeepSec 2025 Talk: GitHub Security at Scale: One Opensource Tool to Rule Them All – Sina Yazdanmehr & Hugo Baccino

Sanna/ November 16, 2025/ Conference/ 0 comments

Managing GitHub security across all organizations and repositories within a company can be challenging. Mis-configured settings, hard-coded secrets, and outdated dependencies often go unnoticed, creating critical security gaps. In this session, we introduce an open source tool built to help companies secure their GitHub environments at scale. The tool runs security posture checks across organization and repository levels, scans for hard-coded secrets, performs Software Composition Analysis (SCA), validates security rule sets, detects misconfigurations, and generates a single comprehensive report. The report not only identifies risks but also provides actionable remediation steps, helping teams prioritize and address issues effectively. By using this tool, companies gain a complete view of their GitHub security posture across all organizations and repositories, making it easier to maintain strong security without adding complexity. This talk is also an open invitation

Read More

1511, 2025

DeepSec 2025 Talk: Offensive SIEM: When the Blue Team Switches Perspective – Erkan Ekici & Shanti Lindström

Sanna/ November 15, 2025/ Conference/ 0 comments

Traditional SIEM solutions focus on detecting attacks—but what if we flipped the script? Instead of waiting for adversaries to act, defenders can use SIEM proactively to identify local privilege escalation risks before they’re exploited. By analyzing Sysmon and Windows event logs, blue teams can uncover hidden misconfigurations in services, scheduled tasks, DLL loads, and centralized application deployments that could allow an attacker to escalate privileges to SYSTEM. Sometimes, this approach might even reveal new CVEs lurking in your environment. This talk will showcase practical techniques for leveraging SIEM as an offensive discovery tool, helping defenders think like attackers to strengthen security from within. We asked Erkan and Shanti a few more questions about their talk. Please tell us the top 5 facts about your talk. SIEM is usually reactive. It can be used proactively

Read More

1411, 2025

DeepSec 2025 Talk: Hunting Shadows: Using Threat Intelligence to Outpace Adversaries – Sanjay Kumar

Sanna/ November 14, 2025/ Conference/ 0 comments

Cybersecurity isn’t just about firewalls and patches — it’s about understanding your adversary. Threat intelligence provides the insights we need to decode tactics, anticipate attacks, and strengthen our defenses. In my talk, I’ll share how intelligence can: – Reveal who your adversary is and what drives them – Turn small indicators into early warnings of larger campaigns – ️Shape stronger, proactive defensive strategies – Bridge the gap between technical action and business risk Because in today’s threat landscape, the strongest defense begins with intelligence. We asked Sanjay a few more questions about his talk. Please tell us the top 5 facts about your talk. The talk demonstrates how understanding adversaries, their motives, methods, and mindset — is central to modern defense. It introduces a structured framework for identifying, profiling, and scoring threat actors targeting

Read More

1411, 2025

DeepSec 2025 Talk: Lessons learned from preparedness exercises with 3500 companies – Erlend Andreas Gjære

Sanna/ November 14, 2025/ Conference/ 0 comments

Preparedness exercises, whether they are traditional tabletop discussions or more interactive gamified experiences, help us become more prepared – and to do this together, with engagement between individuals who need to perform optimally as a group, under pressure. Based on the speaker’s experiences from preparing and facilitating more than one hundred cyber exercises, including both individual companies and events with multiple companies participating together, this talk will illustrate both which risks and vulnerabilities happen to manifest themselves during incidents (and exercises), and how companies and stakeholders with various roles and levels of experience respond to these. We asked Erlend a few more questions about his talk. Please tell us the top 5 facts about your talk. 5000 companies participated across 85 free cyber preparedness exercise events in the Nordics since last year. 48% of

Read More

1011, 2025

DeepSec 2025 Training: Fundamentals of Covert Entry: Intensive Training – Babak Javadi, Jiri Vanek, Chris Cowling

Sanna/ November 10, 2025/ Conference/ 0 comments

Step into the world of covert entry with **Fundamentals of Covert Entry**, a 2-day hands-on training designed to instill penetration testers, red team operators, and security professionals with the foundational skills required for bypassing physical security systems. Designed and taught by industry-leading Red Team Alliance instructors, this course provides an engaging, technical, and accessible overview of key techniques, tools, and strategies for understanding and exploiting mechanical and electronic access control systems. Mechanical Lock Systems – The Foundations of Entry Delve into the mechanics of locks to understand critical design elements, uncover overlooked weaknesses, and exploit how they can be defeated. Understand lock components, popular European mechanisms, door assessment, and common vulnerabilities. Get hands-on with techniques for Picking, disassembly, decoding, bumping, bypassing, impressioning, master-key privilege escalation, and photographic tele-duplication. Analyze real-world mechanical lock systems to

Read More

2310, 2025

DeepSec 2025 Talk: Ransomware vs. Info Stealers: A Comparative Analysis – Steph Shample

Sanna/ October 23, 2025/ Conference/ 0 comments

This talk provides a clear and practical comparison between two dominant forms of malware: ransomware and information stealers. While both are used by threat actors to profit from compromised systems, their methods, visibility, and impact differ dramatically. We’ll start by defining each threat type and examining their primary objectives — ransomware aims for immediate financial gain through extortion, while info stealers quietly extract credentials, financial data, and other sensitive information for resale or future attacks. Worth noting is that Info stealers can and are often used as a precursor for a ransomware attack, connecting these two forms of malware in malicious operations. We’ll start by defining each threat type and examining their primary objectives — ransomware aims for immediate financial gain through extortion, while info stealers quietly extract credentials, financial data, and other sensitive

Read More

2210, 2025

DeepSec 2025 Talk: Hacking Furbo: A Pet Project – Julian B., Calvin S.

Sanna/ October 22, 2025/ Conference/ 0 comments

Embarking on our first hardware hacking project, we came across the `Furbo` treat dispensing smart-camera for pets. This device had previous security research completed; however, years had passed without further analysis. With a few devices in tow, we pulled them apart and got to hacking. Over the course of 3 months of research, we identified vulnerabilities in the mobile application, in the Bluetooth communications, and on the device. This talk will showcase our journey to destroy pet-surveillance devices, our struggles with defeating the firmware encryption, more than a few vulnerabilities found along the way, and we will show you how we got it to play Darude Sandstorm! We asked Julian and Calvin a few more questions about their talk. Please tell us the top 5 facts about your talk. This was our first ever

Read More

2110, 2025

DeepSec 2025 Talk: Quantum Safe Cryptography: The Future of Cyber(un)security – Lukas Mairhofer

Sanna/ October 21, 2025/ Conference/ 0 comments

There is a cybersecurity threat looming that will change everything. Conveniently enough, it can be ignored until it is way too late to act: once available, Cryptographically Relevant Quantum Computers (CRQC) will effortlessly break asymmetric cryptographic algorithms such as RSA and ECC on which we build our current security infrastructure. In my talk, I will first discuss what makes Quantum Computers uniquely powerful, translating complex physical concepts into practical implications for cybersecurity. We will explore how Shor’s algorithm undermines current cryptographic assumptions and why digital signatures and public key infrastructures are particularly vulnerable. Attendees will gain an overview of the timeline for the development of CRQC, the principal actors in the field and why CRQC endangers our privacy already today. The session will then turn to mitigation strategies, exploring two promising paths: Quantum Key

Read More

2010, 2025

DeepSec 2025 Talk: The Anatomy of DragonRank: Understanding and Defending Against SEO-Driven IIS Compromises – Joey Chen

Sanna/ October 20, 2025/ Conference/ 0 comments

DragonRank, a sophisticated threat actor, primarily targets countries in Asia and a select few in Europe, utilizing deploy BadIIS malware across compromised IIS servers for SEO rank manipulation. In 2023, we already uncovered DragonRank’s commercial website, business model, and instant message accounts. So, what tactics did DragonRank use in these attacks, and most importantly, how can we defend against them? To answer these questions, we will first discuss how DragonRank compromised Windows IIS servers hosting corporate websites all around the world. Following that, we will discuss the advanced persistence methods employed by DragonRank including lateral movement, privilege escalation and deployment of BadIIS/PlugX in the system. Furthermore, we will explore the details of two unique real-life case studies used by the DragonRank actor from initial access to configuration IIS server to their profitable part. We

Read More

1710, 2025

DeepSec 2025 Talk: Déjà Vu with Scattered Spider: Are Your SaaS Doors Still Unlocked? – Andi Ahmeti & Abian Morina

Sanna/ October 17, 2025/ Conference/ 0 comments

LUCR-3 better known as Scattered Spider has surged back in 2025, pivoting its social-engineering playbook from last year’s casino breaches to fresh waves against the insurance, retail and aviation sectors. Within a single June week, LUCR-3 struck several insurers, disrupting airline back-office systems, and a spring ransomware campaign devastated big-box retailers. Still leveraging push-fatigue MFA bombing, SIM-swapping and help-desk impersonation, LUCR-3 now systematically abuses third-party IT providers to fan out across IaaS, SaaS and PaaS estates living off the land in cloud logs to stay invisible until ransom day. Permiso’s P0 Labs has been monitoring LUCR-3’s activities for over two years, documenting their evolving tactics, techniques, and procedures (TTPs). This session will delve into LUCR-3’s latest strategies and provide actionable insights for cloud defenders to detect and mitigate such threats effectively.   Andi Ahmeti

Read More

1610, 2025

DeepSec 2025 Talk: Fake News, Fake Pics: Securing Image Provenance in a Post-Quantum World – Maksim Iavich

Sanna/ October 16, 2025/ Conference/ 0 comments

With quantum computers on the horizon, today’s cryptographic defenses are running out of time. Fake news, deepfakes, and manipulated media already threaten digital trust, and quantum attacks will soon break the few remaining verification systems. Post-Quantum VerITAS is designed to secure digital content in both classical and post-quantum worlds, ensuring that image provenance remains verifiable even against adversaries with quantum capabilities. Our system combines lattice-based hash functions, post-quantum zk-SNARKs, and quantum-resistant digital signatures such as CRYSTALS-Dilithium. Unlike C2PA, which fails when images are modified or quantum attacks render its cryptography obsolete, Post-Quantum VerITAS provides a trustless, scalable, and quantum-secure solution. It enables real-time verification of images even after edits like cropping, resizing, or blurring, without requiring reliance on centralized authorities. In this talk, we will break down the cryptographic foundations of Post-Quantum VerITAS, demonstrate

Read More

1010, 2025

DeepSec 2025 Talk: Securing the Death Star: Threat Modeling in a Galaxy Far, Far Away…. – Coen Goedegebure

Sanna/ October 10, 2025/ Conference/ 0 comments

The Galactic Empire is on the verge of releasing its biggest, most valuable and most important asset: the Death Star. You, the newly appointed Chief Imperial Security Officer, are responsible for improving its security posture. The previous CISO was “let go” and now it’s your job to clean up their mess. Your boss, Darth Vader, is breathing heavily down your neck. He is not amused with the project already over budget in both resources and time, and security will only add to that. His unconventional yet persuasive leadership style convinces you to make this your top-most priority. How will you approach the massive task of securing the Death Star? This presentation will tell an untold story in the Star Wars universe in which the Death Star’s threats and mitigations were identified and prioritised before

Read More

0910, 2025

DeepSec 2025 Talk: Catching WordPress 0-Days on the Fly – Ananda Dhakal

Sanna/ October 9, 2025/ Conference/ 0 comments

WordPress powers over 40% of the web, making its plugin ecosystem a prime target for attackers. While security researchers manually audit plugins for vulnerabilities, the ever-growing number of third-party extensions makes this approach inefficient. What if we could find all the vulnerabilities right after developers publish them? In this talk, we introduce a research-driven methodology for identifying 0-day vulnerabilities in WordPress plugins using static code analysis. We will showcase how we built a tool that continuously monitors the WordPress Plugin Repository via its SVN system, detects newly pushed code or change sets in real-time using multi-threading, and flags potentially dangerous patterns. By leveraging static analysis, the tool identifies sensitive functions and automatically alerts researchers when risky code is introduced. We will dive into the inner workings of this automation, discuss the challenges of scaling

Read More