About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

0404, 2019

Eth(er)ical Hacking – Hacker Defined Radio and analysing Signals

René Pfeiffer/ April 4, 2019/ Call for Papers, High Entropy

There is a lot going on in the wireless world. 5G is all the fashion, because frequencies are being auctioned. This is only the tip of the iceberg. Wireless protocols have become ubiquitous. The IEEE 802.11 family is one widespread example. Bluetooth, mobile networks, ZigBee, Z-Wave, and other wireless transmissions are widely used. If you go looking for signals, your first stop are usually industrial, scientific and medical (ISM) radio bands. But there is much more. It’s well worth to passively scan what’s all around you. The equipment is often the main obstacle preventing hacker from doing something. When it comes to radio waves you need a suitable antenna (or a couple thereof) plus the hardware to drive it. Even if you limit yourself to passive operation you still need something to catch, amplify,

Read More

0304, 2019

BSidesLondon Rookie Track – Personalities, Stories, Presentations

René Pfeiffer/ April 3, 2019/ Communication, Conference

In past articles we have written about the BSidesLondon Rookie Track. We also spread to call for mentors a while ago. Let’s talk about the people who will present at the Rookie Track and who haven’t spoken at conferences yet. While there exist a lot of helpful advice out there on how to speak, how to prepare, how to structure your presentation, there is one thing that can’t be created from scratch – your personality. It defines a lot of what you will be doing on the stage. It will also be a key component of your talk, so you should spend some time to think about this important factor. Social media, blogs, and discussions sometimes mention the term infosec rock star. This label carries a lot of different meanings. More often than not

Read More

0204, 2019

Ongoing DeepSec Call for Workshops – Trainers welcome!

René Pfeiffer/ April 2, 2019/ Call for Papers, Training

The Call for Workshops for the DeepSec conference in November 2019 is still open. If you have something to teach, let us know as soon as possible! We intend to inform potential trainees in the beginning of May about their options. This allows for a better planning and preparation, because we receive early requests for workshop content every year. So if you have something to teach, please let us know! You don’t need to use the Call for Papers manager in case you have content ready in a different format or just want to send us teaser materials. Topics we are looking for include (applied) cryptography, secure software development & design, helpful in-depth hints for penetration testers, sensible guides for combining machine learning/artificial intelligence with information security, in-depth network knowledge, threat hunting, and strategic

Read More

0104, 2019

Network Security right from the Beginning – Introducing DHCP-over-TLS (DoT)

René Pfeiffer/ April 1, 2019/ High Entropy

Every security researcher knows: If you want to secure a system, do it as early as possible. This is why Trusted Computing, Secure Boot, Trusted Execution Technology, and many more technologies were invented – to get the operating system safely off the ground right at boot time. After the booting process additional components have to be initialised. Dependencies are common in this stage. The second most important resource next to the local machine is the network. Most modern programming languages highly rely on network connection to get any work done. Local storage and memory is merely a big cache for temporary data to them. So how do you create a trusted boot process beyond the initial network configuration? The answer is easy. You just combine two highly mature and reliable protocols – Dynamic Host

Read More

2603, 2019

Remembering Mike Kemp (@clappymonkey)

René Pfeiffer/ March 26, 2019/ High Entropy

This blog post has no tags, because we cannot come up with any. Mike Kemp, also known as @clappymonkey on Twitter, has died. He spoke at the DeepSec conference back in 2012. We regularly saw him at other events and kept in touch. We have lost a great colleague. It is impossible to express what he was to you, us, and his family and friends. Our sympathies are with all of you who lost him as partner, friend, companion, mentor, and relative. We will miss him dearly.

0803, 2019

The fine Art of Mentorship

René Pfeiffer/ March 8, 2019/ Discussion, Security

We will support the Rookie Track at BSidesLondon in 2019 again. This is a perfect way for rookies to get started on presenting at a conference. However it is much more – the stages before the presentation is held. Preparing for 15 minutes of talk will keep you busy for ten or twenty times the amount you spend presenting. It depends on the research you have to do, the illustrations you have to create, the code samples, the tests, and a lot more things that need to be sorted out. That’s not an easy task. But you do not have to do it alone. BSidesLondon is looking for rookies and mentors. If you have experience in IT security, being on stage for presentations, research, and preparing materials for workshops and talks, then you should

Read More

1802, 2019

DeepSec 2019 – Call for Papers – Security Research Results wanted!

René Pfeiffer/ February 18, 2019/ Call for Papers, Conference

The DeepSec 2019 In-Depth Security Conference is calling for presentations and trainings. We are interested in your information security research. Since 2007 DeepSec has aimed to provide in-depth analysis of design flaws, vulnerabilities, bugs, failures, and ways to improve our existing IT ecosystem. We need more high quality reviews of code and concepts we rely on every day. Digital processing power and network connections have become ubiquitous. So the focus of this year’s DeepSec will be on the Internet of Things (IoT), processing/moving data (small and big), infrastructure (critical and convenient), the statistics of data analysis (also called machine learning), real artificial intelligence (not statistics or clever use of Markov chains), and the current state and future of information security research. Due to past and current geopolitical events affecting information technology and the security

Read More

1402, 2019

Supporting BSidesLondon “My Machine is not Learning” 2019

René Pfeiffer/ February 14, 2019/ Conference

This year’s BSidesLondon is pondering the most important question of machine learning. What is my machine doing and learning? Well, it might be that “My Machine is not Learning” at all. Sounds a lot like the intelligence we all know from living beings. So, armed with this new motto, BSidesLondon is turning 9, and we will support the Rookie Track again. The winner gets a trip to Vienna and free entry to DeepSec 2019. Get going and get started with your presentation! It’s worth it, and we love to welcome you in Vienna! Ask @5w0rdFish about it. If you are looking for research topics, please drop us a line. We have some ideas about good questions and things to explore. See you in London!

0802, 2019

Save the Date for DeepINTEL and DeepSec 2019

René Pfeiffer/ February 8, 2019/ Administrivia, Conference, DeepIntel

We did some clean-up and dealt with the administrative issues of past and future events. Finally we can announce the dates for DeepINTEL 2019 and DeepSec 2019. Grab or calendars or log into them: DeepSec 2019 Trainings – 26/27 November 2019 DeepSec 2019 Conference – 28/29 November 2019 DeepINTEL 2019 – 27 November 2019 The conference hotel is the same as for every DeepSec. We haven’t changed our location. As for the date, yes, we announced at the closing ceremony that we won’t collide with thanksgiving. We tried hard to avoid this, but given the popularity of Vienna as a conference and event city we had no choice. For 2020 and consecutive years we will do early reservations in order to avoid the week of Thanksgiving. The call for papers opens soon, as does

Read More

0401, 2019

Analysing Data Leaks and avoiding early Attribution

René Pfeiffer/ January 4, 2019/ High Entropy

The new year starts with the same old issues we are dealing with for years. German politicians, journalists, and other prominent figures were (are) affected by a data leak. A Twitter account started tweeting bits from the leaked data on 1 December 2018 in the fashion of an Advent calendar. The account was closed today. You will find articles describing single parts of what may have happened along with tiny bits of information. Speculation is running high at the moment. So we would like to give you some ideas on how to deal with incomplete information about a security event floating around in the Internet and elsewhere. Attributing data leaks of this kind is very difficult. Without thoroughly understanding and investigating the situation, proper attribution is next to impossible. Given the method of disclosure

Read More

2112, 2018

Merry XSSmas and a successful new mktime() Syscall

René Pfeiffer/ December 21, 2018/ Administrivia, High Entropy

The holidays are coming, next to Winter (hopefully). Thank you all for attending and contributing to DeepSec and DeepINTEL 2018! All slides we got are online. The videos have almost left post-production (except one recording which is being fixed audio-wise) and are on the way to the content distribution network. The ROOTS videos will be first. You will find all videos in their albums. Make sure you look for collections, too. We will set-up a tip jar for our video team again, so if you want to leave a small thank you for the crew, please do so. We are going to deal with infrastructure and upkeep of our to-dos. Plus we will spend some time off-line. Or maybe just in local networks to do some well-deserved hacking. The dates for DeepSec and DeepINTEL

Read More

2012, 2018

Encryption, Ghosts, Backdoors, Interception, and Information Security

René Pfeiffer/ December 20, 2018/ Discussion, High Entropy

While talking about mobile network security, we had a little chat about the things to come and to think about. Compromise of communication is a long-time favourite. Hats of all colours need to examine metadata and data of messages. Communication is still king when it comes to threat analysis and intrusion detection. That’s nothing new. So someone pointed toward a published article. Some of you may have read the article titled Principles for a More Informed Exceptional Access Debate written by GCHQ’s Ian Levy and Crispin Robinson. They describe GCHQs plan for getting into communication channels. Of course, “crypto for the masses” (yes, that’s crypto for cryptography, because you cannot pay your coffee with it) or “commodity, end-to-end encrypted services” are also mentioned. They explicitly claim that the goal is not to weaken encryption

Read More

1112, 2018

Need something to read? – First Batch of DeepSec 2018 Presentation Slides online

René Pfeiffer/ December 11, 2018/ Administrivia, Conference

Do you fear reading the news? Fancy some facts? Well, we have something different for you to read. We have collected presentation slides from DeepSec 2018 and put the first batch online. You can find them in this rather nostalgic directory listing. We have renamed the files with their title and the name of the presenters. They are mostly PDF, but two presentations consist of a HTML slideshow. We have created a PDF document containing the link to the original presentation for your convenience. The directory will be filled with the remaining documents as soon as we get them.

0312, 2018

Thank you all for attending and speaking at DeepSec 2018!

René Pfeiffer/ December 3, 2018/ Conference, Security

DeepSec 2018 is over. Thank you for attending and presenting at our conference! Without your interest and your configuration there would be no talks, no workshops, and no one else present.We had a great time, and we hope you enjoyed everything. We are now dealing with the administrative backlog, the metric ton of receipts, the post-processing of the video recordings, and lots of other things. Among the tasks is the feedback you gave us. We will try to improve, so the next DeepSec conference will feature some or all of your suggestions. Dates for DeepSec and DeepINTEL 2019 will be available soon. We will publish this information on Twitter, on our web site, and on our blog. As for the video recordings, please give us some time. The post-production has to deal with the

Read More

2911, 2018

Opening & Keynote – DeepSec 2018 has started

René Pfeiffer/ November 29, 2018/ Administrivia, Conference

So, now is the opening and the keynote presentation by the magnificent Peter Zinn. This means that DeepSec 2018 has officially started. Since we do not live stream the talks, we will be away from the blog and mostly from Twitter until the end of the conference. Communication in meatspace has full priority. In case of urgent messages, use the contact information on our web site. We still use telephones, you know. In case you are at DeepSec and wish to comment on content, discussions, or summarise a presentation, please do. Post it on Twitter and mention us (or use a meaningful hashtag), we will retweet and pick up your thoughts later on the blog. Enjoy the conference!