Author Archive

ROOTS 2018 Talk: Kernel-Assisted Debugging of Linux Applications – Tobias Holl, Philipp Klocke, Fabian Franzen

November 22, 2018

On Linux, most—if not all—debuggers use the ptrace debugging API to control their target processes. However, ptrace proves unsatisfactory for many malware analysis and reverse engineering tasks: So-called split-personality malware often adapts its behavior in the presence of a debugger, yet ptrace makes no attempt to hide from a target process. Furthermore, ptrace enforces a […]

Tags: , , , , ,
Posted in Conference, ROOTS No Comments »

DeepSec 2018 Talk: Attacks on Mobile Operators – Aleksandr Kolchanov

November 21, 2018

I’d like to talk about telecom security. My research contains information about security of mobile operators: classic and new (or very rare) attack vectors and vulnerabilities. This presentation will consist of three main parts: First, I will share information on the security of mobile operators in general. I’ll tell you a little bit about why […]

Tags: , , , ,
Posted in Conference, Security No Comments »

DeepINTEL 2018 Talk: Framing HUMINT as an information gathering technique – Ulrike Hugl

November 20, 2018

NATO defines human intelligence (HUMINT) or hyoo-mint as “a category of intelligence derived from information collected and provided by human sources” (NATO Glossary of terms and definitions, APP-6, 2004) focusing on different kinds of information, for example data on things related to a human, information about a human’s specific knowledge of a situation, and other […]

Tags: , , , ,
Posted in DeepIntel, Security Intelligence No Comments »

DeepSec 2018 Talk: RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues – Ulrike Hugl

November 14, 2018

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for […]

Tags: , , , , , , , , , ,
Posted in Conference No Comments »

ROOTS 2018 Talk: The Swift Language from a Reverse Engineering Perspective – Malte Kraus & Vincent Haupert

November 13, 2018

Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising adoption of this new […]

Tags: , , , , , , ,
Posted in Conference, ROOTS No Comments »

ROOTS 2018: How Android’s UI Security is Undermined by Accessibility – Anatoli Kalysch

November 9, 2018

Android’s accessibility API was designed to assist users with disabilities, or temporarily preoccupied users unable to interact with a device, e.g., while driving a car. Nowadays, many Android apps rely on the accessibility API for other purposes, including apps like password managers but also malware. From a security perspective, the accessibility API is precarious as […]

Tags: , , , , ,
Posted in Conference, ROOTS No Comments »

DeepINTEL 2018 Talk: Risk Management in Complex Scenarios – Oscar Serrano

November 8, 2018

ICT risk management is a well-stabilized practice and as such is supported by international security standards and guidelines. But, despite advances in the legal and policy areas and the maturation of standardized frameworks for efficient risk management, it has still not become a controlled, systematic process in the cyber security domain of most organizations. One […]

Tags: , , ,
Posted in Conference, DeepIntel, Security No Comments »

DeepSec 2018 Training: Advanced Infrastructure Hacking – Anant Shrivastava

November 5, 2018

Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. We asked Anant a few more questions about his […]

Tags: , , , , ,
Posted in Conference, Training No Comments »

DeepINTEL 2018 Talk: Cyber Threat Intelligence – The Next Era of Cyber Security? – Markus Auer

November 5, 2018

The DeepINTEL security intelligence conference focuses on threats, indicators of compromise, and strategic counter measures. Information security is more than superficial. This is why we have asked Markus Auer to hold a presentation at DeepINTEL (28 November 2018). He explains his ideas in short: We are tired of adding new products to our ever-growing security […]

Tags: , , , ,
Posted in DeepIntel, Security Intelligence No Comments »

DeepSec 2018 Talk: Suricata and XDP, Performance with an S like Security – Eric Leblond

November 2, 2018

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in […]

Tags: , , , , , , , ,
Posted in Conference, Security No Comments »

DeepSec2018 Talk: Manipulating Human Memory for Fun and Profit – Stefan Schumacher

October 31, 2018

Manipulating the Human Memory for Fun and Profit, or: Why you’ve never met Bugs Bunny in DisneyLand Hacking is not limited to technical things — like using a coffee machine to cook a soup — but also makes use of social engineering. Social engineering is the (mis)use of human behaviour like fixed action patterns, reciprocity […]

Tags: , , , , , , ,
Posted in Conference, Discussion No Comments »

DeepSec 2018 Talk: Mapping and Tracking WiFi Networks / Devices without Being Connected – Caleb Madrigal

October 30, 2018

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, Kismet, et al. But what if you just want to view a list of all networks in your area along with all the devices connected to them? Or maybe you want to know who’s hogging all the bandwidth? Or […]

Tags: , , , , , , ,
Posted in Conference No Comments »

DeepSec 2018 Talk: Drones, the New Threat from the Sky – Dom (D#FU5E) Brack

October 29, 2018

I will talk about drones (not military ones). Drone risks and countermeasures. Drones have become an inherent risk not just for critical infrastructure, but also public events (sports, concerts) and privacy. I will speak about the exclusive risk catalogue I have developed for a small highly specialised start-up called DroneGuard. The catalogue contains over 140 […]

Tags: , , , , , ,
Posted in Conference, Security No Comments »

DeepSec 2018 Talk: Security Response Survival Skills – Benjamin Ridgway

October 17, 2018

Jarred awake by your ringing phone, bloodshot eyes groggily focus on a clock reading 3:00 AM. A weak “Hello?” barely escapes your lips before a colleague frantically relays the happenings of the evening. As the story unfolds, you start to piece together details leading you to one undeniable fact: Something has gone horribly wrong… Despite […]

Tags: , , , , ,
Posted in Conference, Security No Comments »

Translated RadioFM4 Article: Hype about “Chinese Espionage Chips” stems from the Pentagon

October 16, 2018

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience, because the author raises some important questions.] In the FM4 fact check the sensational report by the business […]

Tags: , , , , , , , , , ,
Posted in Discussion, High Entropy, Press, Security No Comments »