ROOTs 2020: A survey on practical adversarial examples for malware classifiers – Daniel Park

Sanna/ November 18, 2020/ ROOTS/ 0 comments

Machine learning based models have proven to be effective in a variety of problem spaces, especially in malware detection and classification. However, with the discovery of deep learning models’ vulnerability to adversarial perturbations, a new attack has been developed against these models. The first attacks based on adversarial example research focused on generating feature vectors, but more recent research shows it is possible to generate evasive malware samples. In this talk, I will discuss several attacks that have been developed against machine learning based malware classifiers that leverage adversarial perturbations to develop an adversarial malware example. Adversarial malware examples differ from adversarial examples in the natural image domain in that they must retain the original malicious program logic in addition to evading detection or classification. Adversarial machine learning has become increasingly popular and is

Read More

ROOTs 2020: Exploiting Interfaces of Secure Encrypted Virtual Machines – Martin Radev

Sanna/ November 18, 2020/ ROOTS/ 0 comments

Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which

Read More

DeepSec 2020 Talk: Old Pareto had a Chart: How to achieve 80% of Threat Modelling Benefits with 20% of the Efforts – Irene Michlin

Sanna/ November 18, 2020/ Conference/ 0 comments

The earlier in the lifecycle you pay attention to security, the better are the outcomes. Threat modelling is one of the best techniques for improving the security of your software. It is a structured method for identifying weaknesses on design level. However, it is often perceived by the organisations as too expensive to introduce, or too slow to fit modern lifecycles, be it Agile, Lean, or DevOps. This talk will show how to fit threat modelling in fast-paced software development, without requiring every developer to become an expert. The outcomes should be immediately applicable, hopefully empowering you to try it at work the day after the conference. We asked Irene a few more questions about his talk. Please tell us the top 5 facts about your talk. Based on my experience introducing threat modeling

Read More

ROOTs 2020: No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial – Fabrício Ceschin

Sanna/ November 12, 2020/ ROOTS/ 0 comments

Adversarial machine learning is so popular nowadays that Machine Learning (ML) based security solutions became the target of many attacks and, as a consequence, they need to adapt to them to be effective. In our talk, we explore attacks in different ML-models used to detect malware, as part of our experience in the Machine Learning Security Evasion Competition (MLSEC) 2020, sponsored by Microsoft and CUJO AI’s Vulnerability Research Lab, in which we managed to finish in first and second positions in the attacker’ and defender challenge, respectively. During the contest’s first edition (2019), participating teams were challenged to bypass three ML models in a white box manner. Our team bypassed all three of them and reported interesting insights about the models’ weaknesses. This year, the challenge evolved into an attack-and-defense model: the teams should either propose

Read More

Press Release: Presenting new Ways in Information Security

Sanna/ November 11, 2020/ Conference/ 0 comments

Like every year, DeepSec and DeepINTEL get to the bottom of the current state of information security. So far, 2020 has shown that surprises and critical events are always to be expected. Information security still knows no break. On the contrary: weak points in software, hardware, legislature and infrastructure are a permanent threat to digital information. So that those affected still have better chances against constant attacks, the DeepSec and DeepINTEL conferences will take place this year completely digitally via the Internet. Security can only be achieved through joint efforts. Therefore, this November, as every year, there will be an exchange between experts, users, software developers, administrators and those responsible! Solving problems instead of postponing them Hardly any other area is constantly inventing new terms like information technology. Unfortunately, misunderstandings and obscuring their meaning

Read More

Press Release: IT Security Sabotage threatens the domestic Economy

Sanna/ November 10, 2020/ Conference, Discussion, Press/ 0 comments

Effective end-to-end encryption is a critical component in everyday and business life. Over 300 years ago, cryptanalysis, i.e. the method for decrypting secret codes, had its heyday in Europe. In so-called black chambers or black cabinets (also known as cabinet noir) in post offices all letters from certain people were secretly opened, viewed, copied and closed again. The letters intercepted in this way were then delivered. The purpose was to find dangerous or harmful news for the regents of the time. The most active and efficient chamber in Europe was the Secret Cabinet Chancellery in Vienna. This early form of wiretapping was only ended in the 19th century. And this scenario of the imperial and royal courts is now facing all European companies and individuals. End-to-end encryption is to be provided with back doors

Read More

Translated Article: The Terrorist Attack is followed by an EU Ban on Encryption

Sanna/ November 9, 2020/ Conference/ 0 comments

Auf den Terroranschlag folgt EU-Verschlüsselungsverbot by Erich Moechel for fm4.ORF.at In the EU Council of Ministers, a resolution was made ready within five days, obliging platform operators such as WhatsApp, Signal and Co to create master keys for monitoring E2E-encrypted chats and messages. The terrorist attack in Vienna is used in the EU Council of Ministers to enforce a ban on secure encryption for services such as WhatsApp, Signal and many others in a fast track procedure. This emerges from an internal document dated November 6th from the German Presidency to the delegations of the member states in the Council, which ORF.at has received. This should now be understood as the “further steps against terrorism” that French President Emmanuel Macron wants to discuss with Federal Chancellor Sebastian Kurz (ÖVP) in a video conference at

Read More

DeepSec 2020 Talk: TaintSpot: Practical Taint Analysis and Exploit Generation for Java – Dr. – Ing. Mohammadreza Ashouri

Sanna/ November 2, 2020/ Conference/ 0 comments

“In this talk I will introduce a scalable and practical security analysis and automatic exploit generation approach, which is called TaintSpot. It works based on an optimized hybrid taint analysis technique that combines static and dynamic vulnerability analysis. TaintSpot generates concrete exploits based on concolic testing for programs written for the Java Virtual Machine (JVM) ecosystem.TaintSpot is specially designed for operating on large-scale proprietary executable binaries with multiple external dependencies. TaintSpot is under development system; for now, it targets JVM binaries, but I plan to extend it to android applications.” We asked Mohammadreza a few more questions about his talk. Please tell us the top 5 facts about your talk. Static and dynamic taint analysis have various advantages and disadvantages; I consider consolidating the best of these techniques to improve the effectiveness and scalability

Read More

DeepSec2020 Talk: What’s Up Doc? – Self Learning Sandboxes to Defeat Modern Malwares Using RSA: Rapid Static Analysis – Shyam Sundar Ramaswami

Sanna/ October 30, 2020/ Conference/ 0 comments

“Catch me if you can!” is the right phrase to describe today’s malware genre. Malwares have become more stealthy, deadly and authors have become more wiser too. What if sandboxes started performing rapid static analysis on malware files and passed on the metadata to spin a sandbox environment based on malware attributes and the malware does not evade? Well, the talk deals with about how to do RSA (Rapid Static Analysis, i coined it), pass on the attributes and how we defeat modern malwares by dynamically spinning sandboxes. RSA embedded in “H.E.L.E.N” and “Dummy” and how we extracted the real IOC from Ryuk forms the rest of the talk and story! The talk also covers how these key “attributes” that are extracted are used for ML, how we build bipartite graphs, build instruction based

Read More

DeepSec 2020 Talk: “I Told You So!” – Musings About A Blameless Security Culture – Tim Berghoff, Hauke Gierow

Sanna/ October 29, 2020/ Conference/ 0 comments

The concept of a blameless culture is familiar to agile software development teams the world over. Going blameless has lots of merits, yet in many organizations and management teams true blamelessness is far from being the norm. This is especially true for the security sector, where the thinking is perhaps even more linear than elsewhere in an organization. This way of thinking is not necessarily bad, but not always helpful. On the other hand, sugarcoating any shortcoming will not help things along either. In truth, the security industry is still facing a lot of work when it comes to dealing with people. This talk will address and explore some of the fundamental problems of corporate security culture and why it keeps companies from moving forward. We asked Tim and Hauke a few more questions

Read More

DeepSec 2020 Talk: No IT Security Without Free Software – Max Mehl

Sanna/ October 28, 2020/ Conference/ 0 comments

IT security is one of the most challenging global issues of recent years. But apart from the establishment of countless “cyber security” authorities, politics doesn’t seem to come up with something substantial. However, Free Software can be the solution to many pressing security problems. In this session, we will look at pros and cons and use concrete examples to illustrate why security and openness are not contradictory. For security professionals, the growing complexity of today’s digital world is no big surprise. But decision-makers are often overwhelmed by these new challenges and the uncertainties they entail. As a result, many fall for cheap selling arguments for black-boxed solutions and lose sight of a general strategy. We don’t know the exact security threats in five or ten years, but it is obvious that nobody can face

Read More

DeepSec2020 Talk: Pivoting – As an Attack Weapon – Filipi Pires

Sanna/ October 27, 2020/ Conference/ 0 comments

Demonstrating an exploit in a container environment (three dockers) across three different networks, I will demonstrate different pivot, vulnerability exploit, and privilege escalation techniques on all machines using Alpine linux, Gogs app, and other Linux platforms using Pentest methodologies such as recon, enumeration, exploitation, post exploitation. By the end of this presentation everyone will be able to see different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker. We asked Filipi a few more questions about his talk. Please tell us the top 5 facts about your talk. During this presentation, we are looking at some important facts such as: Observability in different environment, vulnerability exploit, use of privilege escalation techniques, some misconfigurations or maybe no good

Read More

DeepSec 2020 Talk: Journey Into Iranian Cyber Espionage – Chris Kubecka

Sanna/ October 26, 2020/ Conference/ 0 comments

Welcome to the new Cold War in the Middle East. In 2012, Iran’s first Shamoon attacks almost crashed every world economy, nearly bringing the world to its knees. Since then, the game of spy vs. spy has intensified. Join Chris on a 2.5 year Iranian espionage campaign attempting to recruit her for the most innocent of jobs; teaching critical infrastructure hacking with a focus on nuclear facilities. A journey of old school espionage with a cyber twist. Bribery, sockpuppets, recruitment handlers, propaganda VVIP luxury trip mixed with a little IOT camera revenge. We asked Chris a few more questions about his talk. Please tell us the top 5 facts about your talk. Governments friendly, friendemy and enemy actively recruit for cyber offensive talent Finding the correct place to report active espionage and illegal bribery

Read More

DeepSec 2020 Talk: The Great Hotel Hack: Adventures In Attacking The Hospitality Industry – Etizaz Mohsin

Sanna/ October 23, 2020/ Conference/ 0 comments

Have you ever wondered if your presence might be exposed to an unknown entity even when you are promised full security and discretion at a hotel? Well, it would be scary to know that the hospitality industry is a prime target nowadays for cyber threats as hotels offer many opportunities for hackers and other cybercriminals to target them and therefore resulting in data breaches. Not just important credit card details are a prime reason, but also an overload of guest data, including emails, passport details, home addresses and more. Marriot International where 500 million guests’ private information was compromised is one of the best examples. Besides data compromise, surgical strikes have been conducted by threat actors against targeting guests at luxury hotels in Asia and the United States. The advanced persistent threat campaign called

Read More

DeepSec2020 Talk: Faulting Hardware from Software – Daniel Gruss

Sanna/ October 22, 2020/ Conference/ 0 comments

Fault attacks induce incorrect behavior into a system, enabling the compromise of the entire system and the disclosure of confidential data. Traditionally, fault attacks required hardware equipment and local access. In the past five years multiple fault attacks have been discovered that do not require local access, as they can be mounted from software. We will discuss the Rowhammer attack and how it can subvert a system. We then show that a new primitive, Plundervolt, can similarly lead to a system compromise and information disclosure. We asked Daniel a few more questions about his talk. Please tell us the top 5 facts about your talk. Software-based fault attacks, like Rowhammer, enables unprivileged attackers to manipulate hardware Hardware flaws can lead to privilege escalation and a full system compromise Plundervolt is another fault attack we

Read More