Administrivia: Update on COVID-19 Regulations concerning DeepINTEL and DeepSec

René Pfeiffer/ November 2, 2020/ Conference

On 31 October 2020 at 1730 the Austrian government held a press release to announce new COVID-19 regulations. Since this press release was only the political message and the actual legally binding regulation is still not published we cannot give you an update yet. We don’t know when the regulation will be published. Given these circumstances we cannot give you any more details, but we are working on it. We hope to have more details on Tuesday/Wednesday. We assure you that we have contingency plans, because we expected this situation a few months ago.

World of Metrics: Trick or Threat? How do you know for sure?

René Pfeiffer/ October 31, 2020/ Conference

Today begins the „darker half“ of the year. The harvesting season has ended. The year ends as well (depending on how you count the days and mark the start of the year). People celebrate Samhain, Halloween, or other festive days. In information security there is always a harvest season, and there is no darker half of the year. 2020 is no exception despite the extraordinary situation given the SARS-CoV-2 outbreak. So how do you decide what exceptions look like? What is a trick? What’s the difference between a trick and a threat? If you supervise any kind of digital infrastructure or set of systems, then these questions are very important. Metrics is a hot topic – an euphemism for a dirty word – in computer science. It is used in other fields as well.

Read More

Administrivia: Welcome to the Vienna Marriott Hotel – DeepSec & DeepINTEL move to a new Location

René Pfeiffer/ October 27, 2020/ Conference

Interesting times call for extraordinary measures. Due to current restrictions DeepSec and DeepINTEL move to a new location. Both conferences will be at the Vienna Marriott Hotel right next to the inner city. The conference is easy to reach and a lot of historic places are in walking distance. Inside the hotel DeepSec and DeepINTEL will be conducted as a hybrid conference. We will have a mixture of on-site and virtual presentations. Information about participating (links and codes) will be sent to you after registration.

Administrivia: DeepSec and DeepINTEL Preparations, Anti-Virus Issues, Schedule, and digital Conference

René Pfeiffer/ October 8, 2020/ Conference

We have been stuck in administrative tasks for the past weeks. So to break the radio silence: Yes, DeepSec and DeepINTEL will happen. We currently prepare the hybrid configuration for the streams and the virtual platforms to bring speakers to the audience and vice versa. The conference hotel has confirmed that we can conduct the event at the usual location. Claiming that things look good is a bit of an exaggeration. Nevertheless we would like to go forward. Exchanging ideas and discussing current threats has never been more important than now. We hope to give you this opportunity, and we hope that you are able to participate. We have also created a couple of mailing lists for informal news, official press releases/articles, and future Calls for Papers to keep you informed. All lists are

Read More

Administrivia: DeepSec 2020, Virtual Content, Travel Warnings, Trainings

René Pfeiffer/ September 16, 2020/ Conference

Reading the news can be very frustrating these days. Not that it was ever fun. We are monitoring the current COVID-19 situation in Europe and abroad. Given the questionable start of the Corona Traffic Light system in Austria, we want to offer you some facts. The training Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation and Mobile Security Testing Guide Hands-On will be virtual. This has been our and the trainer’s decision from the start due to travel regulations. Depending on the travel situation other trainings may switch to a virtual training as well. It depends on the content, and the trainers need to agree. Some of the DeepSec 2020 presentations will be virtual. Again this is due to travel regulations. Most of the presentation will still be on-site

Read More

Administrivia: COVID-19 and Schedule Update

René Pfeiffer/ September 15, 2020/ Conference

We have been busy working on the schedule, the preparations for DeepSec/DeepINTEL, and our COVID-19 protection plan. As you may know, Austria has introduced a Corona „traffic light“ system to mark the spread of COVID-19 cases. We have added a section to our COVID-19 countermeasures describing what the traffic light colours mean. Since we rely on our own protection measures based on guidelines by health experts, DeepSec and DeepINTEL can happen unless a total lock-down is in place. The schedule has some updates. We have added two new presentations. Denis Kolegov will dissect IPSec UDP, a custom undocumented VPN protocol. It lacks the cryptographic strength and perfect forward secrecy. The protocol has severe flaws which allows attackers to reconstruct the keys and decrypt the whole network traffic. In addition Paula de la Hoz will

Read More

Reminder for your Training @ DeepSec 2020: Bypassing CSP via ajax.googleapis.com – Dawid Czagan

René Pfeiffer/ September 11, 2020/ Conference

Content Security Policy (CSP) is the number one defensive technology in modern web applications. A good CSP offers a lot of possibilities, but it is hard to develop. Mistakes are common, too. Many developers add ajax.googleapis.com to CSP definitions, because they use libraries from this very popular content distributions network (CDN) in their web applications. The problem is that it completely bypasses the CSP and obviously you don’t want that to happen. Since CSP should be part of any modern application, you better get to work and brush up your knowledge. In a free video Dawid Czagan (DeepSec Instructor) will show you step-by-step how your CSP can be bypassed by hackers. Watch this free video and feel the taste of Dawid Czagan’s Live Online Training ”Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web

Read More

Administrivia: Updated COVID-19 counter measures document

René Pfeiffer/ September 9, 2020/ Conference

In software development and system administration some data sets are periodically updated. This is true for our COVID-19 counter measures document. We updated some sections and whacked our reverse proxy a bit (i.e. reduced the caching limits). We can’t do much about the travel regulations and your company policy, but we gone through great efforts to make your stay at DeepSec and DeepINTEL as safe as possible. 1918 is the new 1984. Stay healthy! Keep yourself air-gapped!

DeepSec 2020 preliminary Schedule published

René Pfeiffer/ August 22, 2020/ Conference

In Summer time slows down considerably. This has nothing to do with the theory of relativity. It’s just hot, people take some time off, and messaging latency significantly increases. In turn we have to speed up the reviews and come up with a selection. As always, this has been very hard. You sent us very high quality submissions. Thanks for making the selection process hard for us. 😍 The preliminary schedule is where it has always been in the past years. Please note that two trainings will be virtual trainings. All other trainings will be on-site unless we are forced to conduct them virtually as well. With COVID-19 being the Corona elephant in the room for all events all over the world, we created a document to address the health situation. DeepSec and DeepINTEL

Read More