About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

Early Bird Tickets turn into „Last of Us“ – get them while available

René Pfeiffer/ September 15, 2023/ Conference

Grab your early bird tickets quickly before they run out! Our ticket shop will switch to the regular tickets soon (on Tuesday). If you still need out to sort your budget, here is a way to save money. You can also send us your order before the deadline in order to get the early bird tariff. Join DeepSec 2023 in November and improve your odds in beating security incidents. A good defence rests on knowledge and exchange of information. Get in contact with security experts from all over the world! See you in Vienna!

DeepSec 2023 Streaming Tickets available

René Pfeiffer/ September 12, 2023/ Conference

COVID-19 forced us to explore the wonderful world of streaming and to review our video equipment. Since 2020, all DeepSec conferences feature live streams. The processes behind the streams are now mature. This means that you can attend DeepSec virtually. Our ticket shop now has streaming video tickets for you. This ticket allows you to watch the live streams and to get early access to the post-processed presentation videos once we have uploaded them. The live streams also offer you to get into contact with the speakers by asking questions. You just use the chat function and ask what you want to know. Click and join us!

DeepSec 2023 preliminary Schedule published

René Pfeiffer/ August 25, 2023/ Administrivia, Conference

The schedule for DeepSec 2023’s first version has been published. We are still stuck in reviews, so there will be some more updates in the coming weeks. Especially the third track with technical sessions and presentations will see some updates. Read some more on the technical track in one of our next blog articles. We received a lot of submissions, so we are very grateful for your support and the great ideas you sent us. Because of the limitations of our schedule, the reviewers had a hard time making a selection. The final status of all submissions will be sent to all submitters within the next few days. The following weeks will feature every presentation in more detail with an interview or an article about the content. The mix of topics is definitely the

Read More

AI Content Harvesting without Opt-Out? Goodbye, Zoom!

René Pfeiffer/ August 7, 2023/ Conference

DeepSec has used the Zoom videoconferencing tool since 2020. It was really helpful for the 100% online conferences back then. Apparently, Zoom has changed its terms of service. The new version is completely unacceptable for any conference. This means we are leaving Zoom, and we recommend you do the same. The reason is the ongoing „AI pandemic“. Content is king, but content theft is the emperor these days. If you look at the Zoom terms of services and read chapter 10.4, you see that Zoom likes to use everything you do via the platform for any use the company can think of. There is no opt-out, it seems. We have ended our subscriptions and will delete our account. We will switch to OpenTalk, which is GDPR-compliant and hosted in European data centres. OpenTalk is

Read More

DeepSec Scuttlebutt: Fun with Fuzzing, LLMs, and Backdoors

René Pfeiffer/ July 31, 2023/ Call for Papers, Scuttlebutt

[This is the blog version of our monthly DeepSec Scuttlebutt musings. You can subscribe to the DeepSec Scuttlebug mailing list, if you want to read the content directly in your email client.] Dear readers, the Summer temperatures are rising. The year 2023 features the highest measured temperatures in measurement history. This is no surprise. The models predicting what we see and feel now have been created in the 1970s by Exxon. So far, the model has been quite accurate. What has this to do with information security? Well, infosec also uses models for attack and defence, too. The principles of information security has stayed the same, despite the various trends. These are the building blocks of our security models. They can be adapted, but the overall principles have little changed from two-hosts-networks to the

Read More

Helpful Hints for writing Presentations

René Pfeiffer/ July 31, 2023/ Call for Papers, Communication, Conference

Today the call for papers for DeepSec 2023 and DeepINTEL 2023 ends. If you have some ideas, please let us know by submitting a proposal. Since we have a lot of experience with reviewing presentation outlines. Before you create a brief description of your mind-blowing talk, please have a look at our suggestions. The title is important! Don’t go overboard with cryptic memes, insider jokes, or movie titles. Not everyone will have the knowledge of understanding what the presentation is about. Your title needs to reflect what you are talking about. You can always use subtitles or a tag line if you really want to mimic film posters. Also keep it short! The 80 letter limit is not only for Usenet veterans. Long titles are hard to memorise. Your title should not replace the

Read More

Reminder – Call for Papers DeepSec and DeepINTEL 2023

René Pfeiffer/ July 7, 2023/ Call for Papers, Communication

The Summer holidays may already be here, but we have something to think about over the weekend. The call for papers for both DeepSec and DeepINTEL 2023 is still open. It ends on 31 July 2023. The focus for DeepSec will be on the use of large language model algorithms (we don’t like the term artificial intelligence, because there are not cognitive functions involved in the current LLMs). How can these toys be used for offensive of defensive purposes? Can you improve existing security measures by adding LLMs? What are the dangers of these LLMs for your own digital assets? Let us know. DeepINTEL is looking for all things security intelligence. The focus is on detecting and analysing attacks. Estimating the capabilities of (y)our adversaries is also of interest. In case you have some

Read More

Training Teaser: Token Hijacking via PDF File – Video Tutorial

René Pfeiffer/ July 4, 2023/ Conference, Security, Training

Tokens make the world go around. Therefore, we want to share with you the next teaser about Dawid Czagan’s training at DeepSec 2023. PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it? Dawid will show you in a free video step by step how this attack works and how you can check if your web application is vulnerable to this attack. Watch the video and consider joining Dawid Czagan’s training Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access (14-15 November, DeepSec 2023).

DeepSec Scuttlebutt: Tech Monsters from Novels and the Call for Papers Reminder

René Pfeiffer/ July 3, 2023/ Call for Papers, Conference, Stories

[This message was published via our DeepSec Scuttlebutt mailing list. The text was written by a human. This is a repost via our blog and Mastodon. Our Call for Papers for DeepSec 2023 is still running. If you have interesting content, please submit your idea.] Dear readers, the wonderful world of computer science and teaching courses has kept me busy. The scuttlebutt mailing list has the aim of having at least one letter per month. It is now the end of June, and the Summer has begun here in Vienna. The university courses have finished. The grades are ready. More projects are waiting. In information society, it is never a good idea to wait until something happens. A lot of blue teams are busy improving defences, testing configurations, and rehearsing their processes. However, there

Read More

Training Teaser: Token Hijacking via PDF File – Video Tutorial

René Pfeiffer/ June 15, 2023/ Conference, Training

Portable documents are nice. It’s always an advantage to read and process documents on different platforms. The Portable Document Format (PDF) is a common format. Unfortunately, PDF can be abused to attack you. PDF files are everywhere and these files can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it? In a free video, Dawid Czagan (DeepSec instructor) will show you step by step how this attack works and how you can check if your web application is vulnerable to this attack. Dawid has prepared a free video for you. Have

Read More

Exploiting Race Conditions – Video Tutorial

René Pfeiffer/ May 25, 2023/ Training

We updated our schedule. There are already some workshops for you. In addition, we have a video tutorial for you, provided by our trainer Dawid Czagan. It explains how race conditions work. A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multi-threading. Because of this attack, an attacker who has $1000 in his bank account can transfer more than $1000 from his bank account. This is just one example, but it clearly shows how dangerous this attack is. In a free video Dawid Czagan (DeepSec instructor) will show you step by step how this attack works and will tell you how to prevent this attack from happening. You can find the video online. The full two-day training session has much more

Read More

DeepSec Twitter Account is scheduled for Deletion

René Pfeiffer/ May 19, 2023/ Administrivia, Conference

A passive stance to IT security doesn’t always work. The same is true for “social” media. The DeepSec Twitter account is scheduled for deletion. We have saved all tweets and will publish them as an archive. Meanwhile you can follow updates from DeepSec and DeepINTEL on Mastodon, our blog, or our LinkedIn company site. No, we won’t join BlueSky until it is out of its pre-gamma prototype phase. So, please join us or subscribe to our mailing list(s).

Understanding Artificial Intelligence, its Use Cases, and Security Implications

René Pfeiffer/ May 15, 2023/ Conference

Hypes and trends are great. You can talk a lot about s specific topic without really understanding the underlying technology. Ever since the AI train has left the station, everyone is talking about it and is trying to solve all kinds of problem with a single algorithmic approach. Large language models (LLMs) are apparently the best invention since division and multiplication. While there is nothing wrong with exploring how technology can be used, the current discussion about the use of AI algorithms has drifted to shamanism. Companies want to feature one of these new algorithms for good luck, promising business models and to save all kinds of effort when dealing with data. Let’s take a step back and review the history of artificial intelligence in computer science. In the 1970s and 1980s expert systems

Read More

Nuclear powered Air-Planes, Hashcash, and the AI Revolution

René Pfeiffer/ April 28, 2023/ Scuttlebutt

[This article is part of the monthly publication on our scuttlebutt mailing list. Not all the scuttlebutt messages are published on our blog. You are encouraged to subscribe to our mailing list.] Dear readers, the world of information technology and information security is driven by trends. This is very similar to the fashion industry or other aspects of our society. However, the impact on all of us is much bigger when a trend shifts the attention of the whole IT industry. Let me give you an example from the world of physics. During my time at the university, I read two books with anecdotes from the life of Richard Feynman. In the context of his work at the Manhattan Project, he told the story that someone from the US government asked him about the

Read More

No more automatic Updates for our Twitter Account

René Pfeiffer/ April 13, 2023/ Administrivia, Communication

There will be no more automatic updates on our Twitter account. The synchronisation between our blog and Twitter has been deactivated. The reason is the erratic course Twitter is on. All social media platform benefit from their users and the content that these platforms receive free of charge. We do not want to contribute to a forum any longer that doesn’t respect the efforts of journalists working on fact-based articles. There are a lot more reasons for stopping to use Twitter as a publication platform. Our motivation was the article titled „Danke für den Fisch!“ (translated “Thanks for the fish!”) by Michael Seemann, a German journalist. The article is in German, so you probably need to translate it. Michael explains some strong points for leaving Twitter. Synchronised content and more news about DeepSec and

Read More