Author Archive

ROOTS 2019 Talk: Automatic Modulation Parameter Detection In Practice – Johannes Pohl

November 19, 2019

Internet of Things (IoT) devices have to be small and energy efficient so that resources for security mechanisms tend to be limited. Due to the lack of open source or license free standards, device manufacturers often use proprietary protocols. Software Defined Radios (SDR) provide a generic way to investigate wireless protocols because they operate on […]

Tags: , , , ,
Posted in ROOTS No Comments »

ROOTS 2019 Talk: Harzer Roller: Linker-Based Instrumentation for Enhanced Embedded Security Testing – Katharina Bogad

November 14, 2019

Due to the rise of the Internet of Things, there are many new chips and platforms available for hobbyists and industry alike to build smart devices. The software development kits (SDKs) for these new platforms usually include closed-source binaries comprising wireless protocol implementations, cryptographic implementations, or other library functions, which are shared among all user […]

Tags: , , , , , , ,
Posted in ROOTS No Comments »

DeepSec 2019 Talk: 30 CVEs in 30 Days – Eran Shimony

November 12, 2019

In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. We will present a complementary approach to fuzzing. By using this method, which is quite easy, we managed to get over 30 CVEs across multiple major vendors in only one month. Some things never die. In this session, we’ll […]

Tags: , , , , , , ,
Posted in Conference No Comments »

DeepSec 2019 Talk: S.C.A.R.E. – Static Code Analysis Recognition Evasion – Andreas Wiegenstein

November 11, 2019

Andreas Wiegenstein has expert advise for software security: Companies increasingly rely on static code analysis tools in order to scan (their) (custom) code for security risks. But can they really rely on the results? The typical SCA tool is designed to detect security issues in code that were created by accident / lack of skill. […]

Tags: , , , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Talk: Security Analytics and Zero Trust – How Do We Tackle That? – Holger Arends

November 8, 2019

For many years we’ve all been in an arms race, fighting daily against new malware varieties and new attack techniques that malicious actors use to fool us and compromise our systems. Many of us rely on state of the art safeguards and have invested tremendous amounts in defending our systems and networks, yet even so, […]

Tags: , , , , ,
Posted in Conference, Security No Comments »

Deconstruction and Analysis of modern IT Threats – DeepINTEL Security Intelligence Conference disenchants Complexity of Security Threats

November 8, 2019

The modern digital world is constantly threatened. Unfortunately, only a few understand what this actually means. Information security is always presented in distorting stereotypes that have nothing to do with reality. No attack is hammered into a keyboard in minutes. The most dangerous threats can not be detected by watching out for guys in hooded […]

Tags: ,
Posted in Conference, DeepIntel No Comments »

DeepSec 2019 Talk: Saving Private Brian – Michael Burke

November 5, 2019

This talk will be given as the story of Brian, an aid worker operating in a hostile third country. When he’s stopped going in at the border he had his iPhone taken from him and then returned to him 15 minutes later. Now he can’t be sure if any malware was implanted on his device. […]

Tags: , , , ,
Posted in Conference No Comments »

DeepSec 2019 Talk: Lost in (DevOps) Space – Practical Approach for “Lightway” Threat Modeling as a Code – Vitaly Davidoff

November 4, 2019

Threat Modeling is a main method to identify potential security weaknesses, and is an important part of any secure design. Threat Modeling provides a model to analyze how to best protect your assets, prevent attacks, harden your systems, and efficiently prioritize security investment. Regardless of programming language, Threat Modeling provides a far greater return than […]

Tags: , , ,
Posted in Conference, Development No Comments »

DeepSec 2019 Talk: Setting up an Opensource Threat Detection Program – Lance Buttars

November 1, 2019

Through the use of event detection monitoring and do it yourself monitoring techniques on a Linux Apache PHP MySQL stack, I will demonstrate how you can create different alarms and reporting surfaces that alert you when your application is being attacked. This case study will demonstrate the use of hacking tools as a defense strategy […]

Tags: , , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Talk: Oh! Auth: Implementation Pitfalls of OAuth 2.0 & the Auth Providers Who Have Fell in It – Samit Anwer

October 31, 2019

Since the beginning of distributed personal computer networks, one of the toughest problems has been to provide a seamless and secure SSO experience between unrelated servers/services. OAuth is an open protocol to allow secure authorization in a standard method from web, mobile and desktop application. The OAuth 2.0 authorization framework enables third-party applications to obtain […]

Tags: , , , , ,
Posted in Conference No Comments »

DeepSec 2019 Talk: Still Secure. We Empower What We Harden Because We Can Conceal – Yury Chemerkin

October 30, 2019

The launch of Windows 10 has brought many controversial discussions around the privacy factor of collecting and transmitting user data to Microsoft and its partners. But Microsoft was not the first, Apple did it many years ago and there was no public research on how much data were leaked out from MacOS. There is a […]

Tags: , , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Talk: Chinese Police and CloudPets – Abraham Aranguren

October 29, 2019

[In our Call for Papers we mentioned that DeepSec and specifically DeepINTEL will have a connection to geopolitics. Well, the following description of a presentation at DeepSec gives you an idea of what we meant.] This talk is a summary of three different security audits with an interesting background: First, CloudPets, their epic track record, […]

Tags: , , , , , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Talk: Comparing GnuPG With Signal is like Comparing Apples with Smart Light Bulbs – Hans Freitag

October 28, 2019

GnuPG is not designed to be used only in E-Mail, it plays an important role in securing all sorts of mission critical data. In this talk I will show you applications of GnuPG that are not E-Mail or Instant Messaging. We asked Hans a few more questions about his talk. Please tell us the top […]

Tags: , , ,
Posted in Conference, Security No Comments »

DeepSec 2019 Training: Threat Hunting with OSSEC – Xavier Mertens

October 26, 2019

OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. During this training, you will learn the basic of OSSEC and its components, how to deploy it and […]

Tags: , , ,
Posted in Training No Comments »

DeepSec 2019 Training: Pentesting Industrial Control Systems – Arnaud Soullie

October 25, 2019

In this intense two day training at DeepSec, you will learn everything you need to start pentesting Industrial Control Networks [also called Industrial Control Systems (ICS)]. We will cover the basics to help you understand what are the most common ICS vulnerabilities. We will then spend some time learning and exploiting Windows & Active Directory […]

Tags: , , , ,
Posted in Training No Comments »