EU-Strafverfolger fordern Sicherheitslücken in 5G-Standards for fm4 by Erich Moechel The telecoms are to be forced to align the technical design of their 5G networks with the monitoring needs of the police authorities. In addition, security holes in the 5G protocols are required to enable monitoring by IMSI catchers. Gilles de Kerchove, EU counter-terrorism coordinator, […]

DeepSec and DeepINTEL conference open call for papers – submission for lectures and trainings are in demand.Anyone who reads the technology part of their favourite magazine can hardly escape the promises of future network technologies. Your own car becomes a smartphone. The talking fridge becomes a therapist. 5G mobile networks promise high-speed fibre optic streaming […]

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone. Every two years, around the same time, a campaign of the espionage […]

[Editor’s note: This article belongs to the Reversing and Offensive-oriented Trends Symposium 2018 (ROOTS). It was misplaced, so we publish it today. Maximilian’s talk was recorded and can be watched on Vimeo.] The goal of library and function identification is to find the original library and function to a given machine-code snippet. These snippets commonly […]

On Linux, most—if not all—debuggers use the ptrace debugging API to control their target processes. However, ptrace proves unsatisfactory for many malware analysis and reverse engineering tasks: So-called split-personality malware often adapts its behavior in the presence of a debugger, yet ptrace makes no attempt to hide from a target process. Furthermore, ptrace enforces a […]

I’d like to talk about telecom security. My research contains information about security of mobile operators: classic and new (or very rare) attack vectors and vulnerabilities. This presentation will consist of three main parts: First, I will share information on the security of mobile operators in general. I’ll tell you a little bit about why […]

NATO defines human intelligence (HUMINT) or hyoo-mint as “a category of intelligence derived from information collected and provided by human sources” (NATO Glossary of terms and definitions, APP-6, 2004) focusing on different kinds of information, for example data on things related to a human, information about a human’s specific knowledge of a situation, and other […]

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for […]

Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising adoption of this new […]

Android’s accessibility API was designed to assist users with disabilities, or temporarily preoccupied users unable to interact with a device, e.g., while driving a car. Nowadays, many Android apps rely on the accessibility API for other purposes, including apps like password managers but also malware. From a security perspective, the accessibility API is precarious as […]

ICT risk management is a well-stabilized practice and as such is supported by international security standards and guidelines. But, despite advances in the legal and policy areas and the maturation of standardized frameworks for efficient risk management, it has still not become a controlled, systematic process in the cyber security domain of most organizations. One […]

Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. We asked Anant a few more questions about his […]

The DeepINTEL security intelligence conference focuses on threats, indicators of compromise, and strategic counter measures. Information security is more than superficial. This is why we have asked Markus Auer to hold a presentation at DeepINTEL (28 November 2018). He explains his ideas in short: We are tired of adding new products to our ever-growing security […]

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in […]

Manipulating the Human Memory for Fun and Profit, or: Why you’ve never met Bugs Bunny in DisneyLand Hacking is not limited to technical things — like using a coffee machine to cook a soup — but also makes use of social engineering. Social engineering is the (mis)use of human behaviour like fixed action patterns, reciprocity […]