2705, 2025

DeepSec 2025 Press Release: High threat level for IT security research. IT security is under attack from politics and hostility towards science.

Sanna/ May 27, 2025/ Conference/ 0 comments

Information technology is an integral part of computer science and therefore also of mathematics. Since 2007, the DeepSec conference in Vienna has brought together international researchers to discuss current threats, publish acute vulnerabilities and exchange knowledge on the defence of critical infrastructure. The increasing hostility towards science and the dismantling of US authorities that contribute to IT security are jeopardising the work and, therefore, also the results of the research groups. One consequence is a higher threat level for European companies. The DeepSec conference aims to counter this as a platform. Networks and data in the crosshairs Data may not be crude oil, but it is the driving force behind modern information technology. Digitalisation has made data via networks and services indispensable in many companies. Very few people today can go about their working

1811, 2024

DeepSec 2024 Press Release: Choice of programming language does not determine IT security. NSA warns of memory errors while ignoring the majority of other security vulnerabilities

Sanna/ November 18, 2024/ Press

There are over 900 clearly classified defects in software applications. Some of these are because of memory errors, where code accesses memory areas incorrectly and subsequent errors can lead to crashes or other effects. In 2022, the US National Security Agency (NSA) warned against using the programming languages C and C++ to avoid memory errors. The recommendation is to use other programming languages that prevent these errors. This recommendation ignores reality, as these problems can no longer occur in modern, correct C++ code because of the language specification. Furthermore, the NSA’s proposal ignores existing code that is well tested and ready for production, and much more dangerous defects that are still possible in all programming languages. Modern C++ Bjarne Stroustrup published the C++ programming language back in 1978, and it has continued to evolve

1611, 2024

DeepSec 2024 Talk: Executive Breach Simulation Toolkits – Pavle Bozalo, Aron Feuer & Matias Ulloa

Sanna/ November 16, 2024/ Conference

As cyberattacks multiply and become more sophisticated, executive breach simulation toolkits have become essential. Enabling organizations to simulate, predict, and assess the impact of potential security breaches from an executive perspective is necessary to know how to keep organizations safe. Unfortunately, simulations are broken. Simply put, they don’t properly prepare leaders and security practitioners for security breaches. This talk will look at the evolving landscape of breach simulation toolkits designed for security practitioners, focusing on their role in enhancing cybersecurity strategies, incident preparedness, and organizational resilience. We will see how simulations can be engaging, while remaining instructive and preparing people for actual cyber events. We’ll discuss how these toolkits work, why they’re essential for making smarter business decisions around cybersecurity, and how they help align leadership with technical teams. Real-world examples will show how

1511, 2024

DeepSec 2024 Talk: The Malicious Bloodline Inheritance: Dissecting Deed RAT and Blood Alchemy – You Nakatsuru, Kiyotaka Tamada & Suguru Ishimaru

Sanna/ November 15, 2024/ Conference

ShadowPad is a particularly notorious malware family used in Advanced Persistent Threat (APT) campaigns since 2017. ShadowPad use spread to various groups beginning in 2019, and a ShadowPad builder was disclosed in June 2024. One reason ShadowPad has garnered so much attention from security researchers is that it is an advanced modular type fileless RAT with a complex structure that is difficult to analyze. In July 2023, Deed RAT was published by Positive Security as a variant of ShadowPad. Furthermore, Blood Alchemy malware was also discovered as another variant of Deed RAT in April by ICI, with evidence such as unique data structures, malware configurations, loading schemes, and code similarities. However, important features of both Deed RAT and Blood Alchemy, such as the C2 communication scheme, loading additional modules, and details of backdoor commands,

1211, 2024

DeepSec 2024 Talk: Why NIS2 Implementation often fails in Industrial Areas – Michael Walser

Sanna/ November 12, 2024/ Conference

Why do most projects preparing for NIS2 fail in practice? Many affected companies complain about the requirements of EU Directive 2022/2555, which are too unspecific and technically difficult to implement. Excessive demands are spreading. Companies affected are uncertain because of the evaluation of the actual implementation, unlike ISO security certification (e.g. ISO27001/ISO62443). The results are often unsatisfactory despite the sometimes massive investment in costs and personnel resources. An Excel spreadsheet or a Visio drawing itself does nothing to change the resilience of KRITIS or industrial facilities against cyber-attacks in practice. We focus on industrial customers and their OT infrastructure, using anonymized, real-world examples to show the challenges in practice and offer examples of solutions to prevent repeating past mistakes. The first steps do not have to cost a lot of money or tie up

1211, 2024

DeepSec 2024 Talk: Industrial plants: IP Protection in an increasingly (de)globalized economic System – Josef Rametsteiner

Sanna/ November 12, 2024/ Conference

Customs duties and trade restrictions are increasingly presenting companies with logistical challenges. The trend is to move production capacities to the relevant countries to be close to the customer. But how can a company safely move to an industrial plant abroad without risking the loss of its own IP (intellectual property)? By using a practical example, we show how to enable a commercially available Simatic S7 1500 PLC to keep control over the PLC program stored in the controller and its parameters. To achieve this, we implement strong cryptography within the device. The challenge here is that the device does not have the necessary functionality “out of the box”. How can we make sure that production does not take on a life of its own (secure manufacturing)? Regardless of the PLC used, industry has

1111, 2024

DeepSec 2024 Talk: “EU Cyber Resilience Act” – Maintain control and not just liability for your products – Michael Walser

Sanna/ November 11, 2024/ Conference

The new EU Directive EU 2019/1020, also known as the “Cyber Resilience Act” or “CRA” for short, defines new rules for manufacturers of hardware and software with “digital elements”. For device manufacturers in the medical, industrial and entertainment sectors, the time to act is now. Security updates, vulnerabilities and an extended duty of care for the life cycle are now enforced by law. However, hardware production, such as IoT devices, poses new challenges. What many do not know: Many vulnerabilities are because of physics and are not “bugs” in the conventional sense. As part of the “DeepSec Secure Coding” series, we put the spotlight on the challenges of developing secure hardware and show the vulnerabilities using the example implementation of a bootloader for embedded systems. How to keep control over updates? What is “Secure

0811, 2024

DeepSec 2024 press release: Sluggish NIS2 implementation as a security risk. DeepSec conference presents remedies against the shock paralysis in companies

Sanna/ November 8, 2024/ Conference, Press

Directive (EU) 2022/2555, abbreviated as the NIS-2 Directive, should strengthen resistance to digital attacks by potential targets in the European Union. Certain companies of a certain size in defined sectors are required to implement the directive. The directive targets critical and important companies. This year’s DeepSec conference, together with sematicon AG, will present a practical approach to implementation. Checklists and metrics are not enough Implementing security measures always requires a certain amount of preparation. A good deal of already fail at this first hurdle, because the exact knowledge of your own network and all the devices in it can vary depending on the counting method. Is a control or measuring device just a device or a full computer with operating systems? The classification determines many of the consequences when securing such devices. Correctly categorizing

0411, 2024

DeepSec 2024 Training: SAP Cyber Security 101 – Andreas Wiegenstein

Sanna/ November 4, 2024/ Conference, Training

In many companies, we find that CISOs and security officers do not have any (in-depth) knowledge of SAP. Therefore the topic of SAP security often gets underestimated. Anyone interested in gaining insight into the important basics of SAP technologies can benefit from this highly compact crash course on SAP security. The session will give you an overview of security threats and ways to counter them. It is a sneak preview for a complete SAP security training. We asked Andreas a few more questions about his training. Please tell us the top 5 facts about your training. Delivers a general introduction to SAP technologies; no prior knowledge needed Provides a broad overview of SAP security features, mechanisms and architecture Discusses inherent SAP risks and weaknesses (no 0-Days !) Provides insights into typical SAP security challenges

0311, 2024

DeepSec 2024 Talk: Modern vs. 0ld Sk00l – Seth Law

Sanna/ November 3, 2024/ Conference

The development landscape includes an ever-changing set of security practices. It has finally become standard practice to perform penetration testing, run threat modeling, teach developers about security, push left, and have zero trust. This shows the industry is better off today than in previous years. Or does it? Get a taste for the actual history of security and why everything old is new again. See security failures as they existed in years past and how they still exist in modern examples from the last year. Finally, explore the strategies that effectively catch these problems early in the development lifecycle without spending a fortune on security snake oil. We asked Seth a few more questions about his talk. Please tell us the top 5 facts about your talk. Modern vs. 0ld 5k00l is a comparison

3010, 2024

DeepSec 2024 Talk: The Tyrant’s Toolbox – Julian & Pavle B.

Sanna/ October 30, 2024/ Conference

Social media, and our communications systems, have devoured any semblance of privacy, putting the eyes and ears of authoritarian and wannabe fascist types into the pockets of each of us; radically erasing whatever distance once existed between those who exercise authority and the human objects of their control, both at home and abroad. As Professor Ronald J. Deibert, founder of Citizen Lab, eloquently highlights in his book “Reset: Reclaiming the Internet for Civil Society”: “…recent years have brought about a disturbing descent into authoritarianism, fueled by and in turn driving income inequality in grotesque proportions the rise of a kind of transnational gangster economy.” As we continue our descent into a global madness fueled by AI, spyware, algorithms, and misinformation, tyrants around the world continue to expand their toolbox. Through our talk, we examine

2110, 2024

DeepSec 2024 Talk: AI’s New Era: Impacts on Health Data Security and Beyond – Sina Yazdanmehr & Lucian Ciobotaru

Sanna/ October 21, 2024/ Conference

It has become easier to create AI systems because of the availability of many options and datasets. These AIs can quickly gain expert knowledge in different domains, enabling attackers to exploit scientific knowledge and target system and data security, which was not workable before. Although recent studies have highlighted these impacts, a tangible example has been missing. For instance, attackers can use AI’s expert knowledge in the healthcare sector to perform complex attacks with no need of domain expertise. Earlier this year, Google launched Health Connect, an Android app designed to share data seamlessly between medical and fitness apps, intended to replace Google Fit. While Health Connect is robust against conventional cyberattacks, it is susceptible to these emerging threats. In this talk, we will show an example of these threats by explaining a malicious

1710, 2024

DeepSec 2024 Talk: Windows Defender Internals – Baptiste David

Sanna/ October 17, 2024/ Conference

Microsoft Defender Antivirus (aka Windows Defender) is an antivirus deployed worldwide and used by default on every Windows out-of-the-box. We all use it but who knows exactly how it really works? What is inside this software trusted by many people and companies across the world? This talk is the first one providing such a view about Windows Defender internals, from kernel mode to user-mode, based on extensive reverse engineering research work. With the recent world-wide BSOD of CrowdStrike antivirus, it matters to understand how an antivirus work, what it really monitors, and how some designs are prone to error or security issues. During this talk, we see that such a highly privileged software is just another Deus Ex Machina, not only for regular malware analysis but also for many security features on Windows. This

1610, 2024

DeepSec 2024 Talk: Insights on Client-Side Scanning and Alternatives in the Fight Against Child Sexual Abuse and Exploitation – Carolyn Guthoff

Sanna/ October 16, 2024/ Conference

Content Warning: This talk may include mention of child sexual abuse and exploitation. In this talk, we want to summarize our research into Client-Side Scanning (CSS) and follow-up work on safety in end-to-end encrypted messaging concerning sexual risks. Client-Side Scanning (CSS) is discussed as a potential solution to contain the dissemination of child sexual abuse material (CSAM). A significant challenge associated with this debate is that stakeholders have different interpretations of the capabilities and frontiers of the concept and its varying implementations. In the current work, we explore stakeholders’ understandings of the technology and the expectations and potential implications in the context of CSAM by conducting and analyzing 28 semi-structured interviews with a diverse sample of experts. We identified mental models of CSS and the expected challenges. Our results show the CSS is often

1010, 2024

DeepSec 2024 Talk: Detecting Phishing using Visual Similarity – Josh Pyorre

Sanna/ October 10, 2024/ Conference

Current phishing detection methods include analyzing URL reputation and patterns, hosting infrastructure, and file signatures. However, these approaches may not always detect phishing pages that mimic the look and feel of previously observed attacks. This talk explores an approach to detecting similar phishing pages by creating a corpus of visual fingerprints from known malicious sites. By taking screenshots, calculating hash values, and storing metadata, a reference library can compare against newly crawled suspicious URLs. By combining fuzzy searches and OCR techniques with other methods, we can identify similar matches. We asked Josh a few more questions about his talk. Please tell us the top 5 facts about your talk. In security, URL block lists are widely used, but I rarely see people utilizing a database of visual information to hunt for phishing attacks that

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: