Author Archive

Scheduled Maintenance for Web Site and Blog

October 28, 2019

Today there will be an interruption of power supply and network connectivity. The systems affected are our web site and our blog. While the downtime is scheduled and part of our maintenance, the reason for the downtime was not. It has to do with rain, pipes, and queues. To quote Marcus Ranum: As security or […]

Posted in Administrivia No Comments »

Deadline for ROOTS 2019 Call for Papers extended

August 27, 2019

Good news for all academics haunted by perpetual deadlines: We have extended the Call for Papers of ROOTS 2019! We will accept late submissions for  the ROOTS review. However you have to submit your proposal until 23 September 2019! We need time to review, so don’t be late. If you are working on a research […]

Posted in Conference No Comments »

DeepSec Training: Black Belt Pentesting / Bug Hunting Secrets you’ve always wanted to know

August 26, 2019

The Web and its technologies have become the perfect frontier for security experts for finding bugs and getting a foothold when doing penetration tests. Everything has a web server these days. And everything web server will happily talk to web clients. The components involved are more than just simple HTML and JavaScript. The developer notion […]

Tags: , , ,
Posted in Conference, Security, Training No Comments »

DeepSec Training: Black Belt Pentesting / Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

August 19, 2019

Web applications are gateways for users and attackers alike. Web technology is used to grant access to information, public and sensitive alike. The latest example is the Biostar 2 software, a web-based biometric security smart lock platform application. During a security test the auditors were able to access over 1 million fingerprint records, as well […]

Tags: , , , , ,
Posted in Conference, Training No Comments »

DeepSec 2019 Preliminary Schedule is online

August 14, 2019

We have reviewed all submissions, and we have published the preliminary schedule. It wasn’t easy to pick, because we received more submission than in the years before. Even though we start the reviews early, as soon as they arrive, it usually takes a couple of days to get to a stable version. The process is […]

Tags: ,
Posted in Conference No Comments »

Thanks for your Submissions for DeepSec 2019! Schedule is coming up soon.

August 1, 2019

Thank you for your wonderful work and your submissions for DeepSec 2019! We know that preparing an abstract is a lot of work (given that you had lots of work before in order to be able to write a summary). 2019 has broken the old record. We have received more submissions for presentations and workshops […]

Posted in Call for Papers, Conference No Comments »

Last Call: DeepSec 2019 Call for Papers ends today!

July 31, 2019

If you ware interested in presenting at DeepSec 2019, then you have 12 hours left to submit your proposal. It will get tough, because we have received a lot of submissions already, and we are currently hard at work reviewing all of them. Nevertheless your content counts! Submit your presentation or your research. Do not […]

Tags: ,
Posted in Call for Papers No Comments »

Thoughts on Geopolitics and Information Security

July 12, 2019

Geopolitics is a rather small word for very complex interactions, strategies, tactics, and the planning (of lack thereof) of events. Reading about topics connected to it is probably familiar to you. Few news articles can do without touching geopolitic aspects. Since politics has less technological content for most people, the connection to information security may […]

Tags: ,
Posted in Call for Papers, DeepIntel, Discussion, High Entropy No Comments »

Training Teaser: Black Belt Pentesting a.k.a. Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

July 11, 2019

Modern web applications consist of far more components than HTML content and a few scripts. In turn properly attacking web applications requires a diverse set of skills. You need to know how the back-end and the front-end works. This includes all of the scripting languages, data storage technologies, user interface peculiarities, frameworks, hosting technologies, and […]

Tags: , , ,
Posted in Conference, Training No Comments »

Reminder – Call for Papers DeepSec & DeepINTEL – Send your submissions!

July 8, 2019

We have been a bit radio silent since BSidesLondon. This is due to the hot weather in Austria, the preparations for the next DeepSec Chronicles book, some interesting features for DeepSec, and of course because of the submissions we received so far. We have a shortlist for the trainings which we will publish in the […]

Tags: , ,
Posted in Call for Papers No Comments »

Use Handshake Data to create TLS Fingerprints

May 25, 2019

While the whole world busily works on the next round of the Crypto Wars, the smart people work on actual information security. TLS has always been in the focus of inspection. Using on-the-fly generated certificates to look inside is a features of many gadgets and filter applications. Peeking at the data is moot if you […]

Tags: , ,
Posted in Discussion, Security No Comments »

Getting ready for BSidesLondon – Support the Rookie Track!

May 24, 2019

Deadlines are great. They serve as a great syscall. Everything must be ready and be written to disk. The schedule of BSidesLondon was already stored and forwarded. Have a look! It’s worth it! The titles sound great. We recommend having some IPv6 as a starter (IPv4 is really getting scarce these days). The main dish […]

Tags: ,
Posted in Security No Comments »

Eth(er)ical Hacking – Hacker Defined Radio and analysing Signals

April 4, 2019

There is a lot going on in the wireless world. 5G is all the fashion, because frequencies are being auctioned. This is only the tip of the iceberg. Wireless protocols have become ubiquitous. The IEEE 802.11 family is one widespread example. Bluetooth, mobile networks, ZigBee, Z-Wave, and other wireless transmissions are widely used. If you […]

Tags: , , ,
Posted in Call for Papers, High Entropy Comments Off on Eth(er)ical Hacking – Hacker Defined Radio and analysing Signals

BSidesLondon Rookie Track – Personalities, Stories, Presentations

April 3, 2019

In past articles we have written about the BSidesLondon Rookie Track. We also spread to call for mentors a while ago. Let’s talk about the people who will present at the Rookie Track and who haven’t spoken at conferences yet. While there exist a lot of helpful advice out there on how to speak, how […]

Tags: , ,
Posted in Communication, Conference Comments Off on BSidesLondon Rookie Track – Personalities, Stories, Presentations

Ongoing DeepSec Call for Workshops – Trainers welcome!

April 2, 2019

The Call for Workshops for the DeepSec conference in November 2019 is still open. If you have something to teach, let us know as soon as possible! We intend to inform potential trainees in the beginning of May about their options. This allows for a better planning and preparation, because we receive early requests for […]

Tags: , , ,
Posted in Call for Papers, Training 2 Comments »