Author Archive

DeepSec Training: Black Belt Pentesting / Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

August 19, 2019

Web applications are gateways for users and attackers alike. Web technology is used to grant access to information, public and sensitive alike. The latest example is the Biostar 2 software, a web-based biometric security smart lock platform application. During a security test the auditors were able to access over 1 million fingerprint records, as well […]

Tags: , , , , ,
Posted in Conference, Training No Comments »

DeepSec 2019 Preliminary Schedule is online

August 14, 2019

We have reviewed all submissions, and we have published the preliminary schedule. It wasn’t easy to pick, because we received more submission than in the years before. Even though we start the reviews early, as soon as they arrive, it usually takes a couple of days to get to a stable version. The process is […]

Tags: ,
Posted in Conference No Comments »

Thanks for your Submissions for DeepSec 2019! Schedule is coming up soon.

August 1, 2019

Thank you for your wonderful work and your submissions for DeepSec 2019! We know that preparing an abstract is a lot of work (given that you had lots of work before in order to be able to write a summary). 2019 has broken the old record. We have received more submissions for presentations and workshops […]

Tags:
Posted in Call for Papers, Conference No Comments »

Last Call: DeepSec 2019 Call for Papers ends today!

July 31, 2019

If you ware interested in presenting at DeepSec 2019, then you have 12 hours left to submit your proposal. It will get tough, because we have received a lot of submissions already, and we are currently hard at work reviewing all of them. Nevertheless your content counts! Submit your presentation or your research. Do not […]

Tags: ,
Posted in Call for Papers No Comments »

Thoughts on Geopolitics and Information Security

July 12, 2019

Geopolitics is a rather small word for very complex interactions, strategies, tactics, and the planning (of lack thereof) of events. Reading about topics connected to it is probably familiar to you. Few news articles can do without touching geopolitic aspects. Since politics has less technological content for most people, the connection to information security may […]

Tags: ,
Posted in Call for Papers, DeepIntel, Discussion, High Entropy No Comments »

Training Teaser: Black Belt Pentesting a.k.a. Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

July 11, 2019

Modern web applications consist of far more components than HTML content and a few scripts. In turn properly attacking web applications requires a diverse set of skills. You need to know how the back-end and the front-end works. This includes all of the scripting languages, data storage technologies, user interface peculiarities, frameworks, hosting technologies, and […]

Tags: , , ,
Posted in Conference, Training No Comments »

Reminder – Call for Papers DeepSec & DeepINTEL – Send your submissions!

July 8, 2019

We have been a bit radio silent since BSidesLondon. This is due to the hot weather in Austria, the preparations for the next DeepSec Chronicles book, some interesting features for DeepSec, and of course because of the submissions we received so far. We have a shortlist for the trainings which we will publish in the […]

Tags: , ,
Posted in Call for Papers No Comments »

Use Handshake Data to create TLS Fingerprints

May 25, 2019

While the whole world busily works on the next round of the Crypto Wars, the smart people work on actual information security. TLS has always been in the focus of inspection. Using on-the-fly generated certificates to look inside is a features of many gadgets and filter applications. Peeking at the data is moot if you […]

Tags: , ,
Posted in Discussion, Security No Comments »

Getting ready for BSidesLondon – Support the Rookie Track!

May 24, 2019

Deadlines are great. They serve as a great syscall. Everything must be ready and be written to disk. The schedule of BSidesLondon was already stored and forwarded. Have a look! It’s worth it! The titles sound great. We recommend having some IPv6 as a starter (IPv4 is really getting scarce these days). The main dish […]

Tags: ,
Posted in Security No Comments »

Eth(er)ical Hacking – Hacker Defined Radio and analysing Signals

April 4, 2019

There is a lot going on in the wireless world. 5G is all the fashion, because frequencies are being auctioned. This is only the tip of the iceberg. Wireless protocols have become ubiquitous. The IEEE 802.11 family is one widespread example. Bluetooth, mobile networks, ZigBee, Z-Wave, and other wireless transmissions are widely used. If you […]

Tags: , , ,
Posted in Call for Papers, High Entropy No Comments »

BSidesLondon Rookie Track – Personalities, Stories, Presentations

April 3, 2019

In past articles we have written about the BSidesLondon Rookie Track. We also spread to call for mentors a while ago. Let’s talk about the people who will present at the Rookie Track and who haven’t spoken at conferences yet. While there exist a lot of helpful advice out there on how to speak, how […]

Tags: , ,
Posted in Communication, Conference No Comments »

Ongoing DeepSec Call for Workshops – Trainers welcome!

April 2, 2019

The Call for Workshops for the DeepSec conference in November 2019 is still open. If you have something to teach, let us know as soon as possible! We intend to inform potential trainees in the beginning of May about their options. This allows for a better planning and preparation, because we receive early requests for […]

Tags: , , ,
Posted in Call for Papers, Training 2 Comments »

Network Security right from the Beginning – Introducing DHCP-over-TLS (DoT)

April 1, 2019

Every security researcher knows: If you want to secure a system, do it as early as possible. This is why Trusted Computing, Secure Boot, Trusted Execution Technology, and many more technologies were invented – to get the operating system safely off the ground right at boot time. After the booting process additional components have to […]

Tags: , ,
Posted in High Entropy No Comments »

Remembering Mike Kemp (@clappymonkey)

March 26, 2019

This blog post has no tags, because we cannot come up with any. Mike Kemp, also known as @clappymonkey on Twitter, has died. He spoke at the DeepSec conference back in 2012. We regularly saw him at other events and kept in touch. We have lost a great colleague. It is impossible to express what […]

Posted in High Entropy No Comments »

The fine Art of Mentorship

March 8, 2019

We will support the Rookie Track at BSidesLondon in 2019 again. This is a perfect way for rookies to get started on presenting at a conference. However it is much more – the stages before the presentation is held. Preparing for 15 minutes of talk will keep you busy for ten or twenty times the […]

Tags: ,
Posted in Discussion, Security 1 Comment »