About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

0104, 2016

FBI, NSA, DoD and CDC join forces to combat Cyber Pathogens

René Pfeiffer/ April 1, 2016/ Discussion, High Entropy

The world economy is threatened by a new strain of microorganisms. These so-called cyber pathogens spread via networks and the touch of digital devices. They can also lie dormant for days and months, only to spring to life when the victim’s immune system is at its weakest point. It is widely believed that cyber pathogens can infect the population of a whole country and wipe it completely off the grid of the Earth. Current antidotes can only treat the symptoms. The best way to get rid off the pathogens is to resort to physical means and destroy every surface it can cling to. Amputation of infected tissue also works. Unless security researchers will find a suitable vaccination soon, every single one of us is at risk. The cyber pathogen threat is the reason for

Read More

1503, 2016

Reminder: DeepINTEL 2016 – Call for Papers – Beat Big Data and Full Take with Brains

René Pfeiffer/ March 15, 2016/ Call for Papers, Conference, Security Intelligence

We already published a Call for Papers for the upcoming DeepINTEL 2016. Here are some thoughts to get your creativity going. Standard solutions and off-the-shelf products to solve your security needs are remains from the 1990s. Everything else has gone smart, and that’s how you have to address security problems in the future. NSA director Admiral Michael Rogers told the audience of the RSA Conference 2016 that the NSA cannot counter the digital attacks it faces on its own. GCHQ, the NSA’s British counterpart, has publicly stated that the £860m budget to counter digital adversaries is not sufficient to defend Britain’s digital assets. Modern digital defence needs a sound foundation of data to base decisions on. You can neither combat a forest fire or an infectious disease by blindly throwing money at it. You

Read More

1103, 2016

“A Good American” opens next Week in Austrian Theatres

René Pfeiffer/ March 11, 2016/ Administrivia, Discussion, High Entropy, Security, Security Intelligence

For everyone attending DeepSec 2015 we organised a private screening of the film “A Good American”. Everyone else now gets the chance to see this film in theatres beginning on 18 March 2016. Next week there will be the premiere in Vienna, Linz, and Innsbruck here in Austria. Bill Binney will be present himself, and he will answer questions from the audience. We highly recommend “A Good American” to everyone dealing with information security, regardless of the level. Full take and Big Data is not always the answer to your security challenges. Every gadget around is turning smart, and so should you. We hope to see you at the premiere here in Vienna next week!

1103, 2016

Wanted: Great Content™ for BSidesLondon! Can you help out?

René Pfeiffer/ March 11, 2016/ Call for Papers, Conference

BSidesLondon is coming up. Grab your calendar, mark the dates, and think about content to submit! The Call for Papers runs until 28 March. BSidesLondon is a community-driven event, so it’s up to the infosec community to fill it with decent talks about all things cyber, shiny, and broken (by design). We are looking forward to see a great schedule after the CfP ends. Make it happen! And for all you graphic geeks out there, BSidesLondon needs a logo. The deadline was yesterday, so check out the submissions and have a vote.

0303, 2016

DeepSec Video: Visualizing Wi-Fi Packets the Hacker’s Way

René Pfeiffer/ March 3, 2016/ Communication, Conference, Security, Stories

Like the Force wireless data/infrastructure packets are all around us. Both have a light and a dark side. It all depends on your intentions. Lacking the midi-chlorians we have to rely on other sources to get a picture of the wireless forces in and around the (network) perimeter. At DeepSec 2015 Milan Gabor held a presentation about visualisation of wi-fi packets: Today visualizing Wi-Fi traffic is more or less limited to console windows and analyze different logs from an aircrack-ng toolset. There are some commercial tools, but if we want to stay in the Open/Free Source Code (FOSS) area we need to find better solutions. So we used ELK stack to gather, hold, index and visualize data and a modified version of an airodump tool for input. With this you can create amazing dashboards,

Read More

0203, 2016

DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

René Pfeiffer/ March 2, 2016/ Conference, Internet, Security

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering a browser-based configuration interface. While consumer network devices provided to customers by their ISPs are typically based on very few different hardware platforms, they are equipped with highly customized firmwares and thus contain different vulnerabilities. The knowledge of a specific device’s vulnerabilities is vital to the success of a remote attack. In a live demo Manfred shows how a remote attacker can exploit the feature-richness of modern web technologies (HTML5, WebRTC, JavaScript, CSS) to perform device discovery and fine-grained

Read More

0103, 2016

DeepSec Video: Revisiting SOHO Router Attacks

René Pfeiffer/ March 1, 2016/ Conference, Security

Routers are everywhere. If you are connected to the Internet, your next router takes care of all packets. So basically your nearest router (or next hop as the packet girls and guys call them) is a prime target for attackers of any kind. Since hard-/software comes in various sizes, colours, and prices, there is a big difference in quality, i.e. how good your router can defend itself. Jose Antonio Rodriguez Garcia, Ivan Sanz de Castro, and Álvaro Folgado Rueda (independent IT security researchers) held a presentation about the security of small office/home office SOHO routers at DeepSec 2015. Domestic routers have lately been targeted by cybercrime due to the huge amount of well-known vulnerabilities which compromise their security. The purpose of our publication is to assess SOHO router security by auditing a sample of

Read More

2602, 2016

DeepSec Video: IntelMQ

René Pfeiffer/ February 26, 2016/ Conference, Security

Handling incidents means that you have to handle information quickly. Collecting, collaboration, and getting the right piece of intel in crucial moments is the key. CERTs know this, and this is why there is IntelMQ. IntelMQ is a solution for collecting and processing security feeds, pastebins, and tweets using a message queue protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give incident responders an easy way to collect & process threat intelligence, thus improving the incident handling processes of CERTs. Get your messaging right before you run into a (security) incident.

2502, 2016

DeepSec Video: Have We Penetrated Yet??

René Pfeiffer/ February 25, 2016/ Conference, Security

Testing the defences of a network,  applications, or infrastructure can be tough. Often you spend lots of days, the results not being proportionate to the time spent. How do you assess success when doing penetration testing? How to test, what tools to use, and who should be doing the testing? Johnny Deutsch has some answers for you. He held a presentation at DeepSec 2015 about this topic. We recommend watching this presentation to everyone thinking about requesting a penetration test or, of course, everyone actually doing these tests.

2402, 2016

DeepSec Video: Continuous Intrusion – Why CI Tools Are an Attacker’s Best Friends

René Pfeiffer/ February 24, 2016/ Conference, Security

Software development has made tremendous progress in the past decades. Tools to develop and to deploy applications have evolved. The trouble is that these tools often lack security design. Attacking software distribution channels such as update servers, package managers, and ISO downloads have been discussed widely in the past. What about the new kids on the bloc? Continuous Integration (CI) tools provide excellent attack surfaces due to no/poor security controls, the distributed build management capability and the level of access/privileges in an enterprise. At DeepSec 2015 Nikhil Mittal looked at the CI tools from an attacker’s perspective, using them as portals to get a foothold in a target’s network and for lateral movement. He showed how to execute attacks like command and script execution, credentials stealing, and privilege escalation; how to not only compromise the

Read More

2302, 2016

DeepSec Video: DDoS – Barbarians at the Gate(way)

René Pfeiffer/ February 23, 2016/ Conference, Internet, Stories

Unfortunately the Internet doesn’t follow the rules of economic theory. Unlimited growth is a myth best kept for feeding your unicorns. Of course, the Internet has grown, but the mathematics and physics behind network flows stay the same. If your pipe is full, then you are going nowhere. This is why Distributed Denial of Service (DDoS) attacks still work. You can counter or evade these attacks, but they can happen. We invited Dave Lewis of Akamai to DeepSec 2015 to hear his view on the current state of affairs where DDoS is concerned. For the record: DDoS is not hacking and no hacking attack. Spread your „cyber“ somewhere else.

2202, 2016

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

René Pfeiffer/ February 22, 2016/ Conference, Internet, Security

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is less speed in terms of latency and probably bandwidth. Researchers have published a method to attain high-speed network performance, called HORNET. HORNET is designed as a low-latency onion routing system that operates at the network layer thus enabling a wide range of applications. Our system uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes. This design enables HORNET nodes to process anonymous traffic at over 93 Gb/s. At DeepSec 2015 Chen Chen explained

Read More

2002, 2016

DeepSec Video: HackingTeam – How They Infected Your Android Device By 0days

René Pfeiffer/ February 20, 2016/ Conference, Discussion, High Entropy, Security

Backdoors are very popular these days. Not only cybercrime likes extra access, governments like it too. There’s even a lucrative market for insecurity. You can buy everything your IT team defends against legally. Hacking Team is/was one of the companies supplying 0days along with intrusive software to take over client systems. Attila Marosi explained at DeepSec 2015 how products of Hacking Team were used to attack and compromise Android clients. There is no need to make a long introduction when speaking about the famous Remote Control System (RCS), the product of the Italian company Hacking Team. The huge amount – 400 GB – of leaked data gives rise to lengthy discussion and is extremely concerning for every part of the professionally, politically or even those superficially interested only. Enjoy Attila’s presentation. Be careful about

Read More

1902, 2016

DeepSec Video: ZigBee Smart Homes – A Hacker’s Open House

René Pfeiffer/ February 19, 2016/ Conference, Security, Stories

The data protocols of SmartHomes are the FBI’s wet dream. Why? Because they have no security design. Take ZigBee for example. ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have for example a smart light bulb at home, the chance is very high that you are actually using ZigBee by yourself. Popular lighting applications such as Philips Hue or Osram Lightify and also popular smart home systems such as SmartThings or Googles OnHub are based on ZigBee. ZigBee provides also security services for key establishment, key transport, frame protection and device management that are based on established cryptographic algorithms. So a ZigBee home automation network with applied security is secure and the smart home communication is protected?

Read More

1802, 2016

DeepSec Video: Not so Smart – On Smart TV Apps

René Pfeiffer/ February 18, 2016/ Conference, Security

„Smart“ follows the footsteps of „cyber“. Everything is smart nowadays. The problem is that using smart in this context just means a combination of „Turing complete“ and „connected to the Internet“. That’s it. This is a pretty low barrier for calling something „smart“. t DeepSec 2015 Markus Niemietz held a presentation about the state of affairs concerning SmartTVs where security is concerned: One of the main characteristics of Smart TVs are apps. Apps extend the Smart TVs menu with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like authentication tokens and passwords, and thus raise the question of new attack scenarios and the general security of Smart TV apps. We investigate attack models for Smart TVs and their

Read More