DeepSec 2019 Talk: The Turtle Gone Ninja – Investigation of an Unusual Crypto-Mining Campaign – Ophir Harpaz

Sanna/ September 20, 2019/ Conference, Security

Despite the absence of blockchain and „crypto“ at DeepSec we have some content which covers security incidents connected to both terms. Ophir Harpaz will present her insights into an attack that is used to do „crypto“ mining. She describes what to expect in her own words: At first sight, Nansh0u is yet another attack campaign aiming to mine a marginal crypto-currency named TurtleCoin. However, things get much more interesting once you gain full access to the attacker’s infrastructure. Our investigation revealed a complete picture of how the Nansh0u campaign operates, who the infected victims are and what advanced tools are used in the attacks. Port scanner, brute-force module, remote-code execution tool, verbose log files and tens of different malware payloads – these are only a portion of the attacker’s assets we managed to put

Read More

DeepSec 2019 Training: IoT/Embedded Development – Attack and Defense Lior Yaari

Sanna/ September 19, 2019/ Training

Every developer makes mistakes. If you are unlucky, these mistakes result in a security vulnerability, an almost untraceable bug for the normal developer. Going around the world, helping developers to find and understand the vulnerabilities they’ve accidentally created, we learned that unlike bugs, vulnerabilities are invisible to the eye, mind and UT. No one teaches developers how an attacker thinks, what computers security mechanisms are capable of (and what not), and how to avoid creating possible security mistakes endangering your customers. In this course we will teach you the basics of Embedded Devices security from the beginning: How vulnerabilities are created and how an attacker approaches a new device. From the internals, – physical manipulations, buffer overflows, memory corruptions, timing attacks, all the way to the solution: How to avoid common mistakes and even

Read More

DeepSec 2019 Training: Analysing Intrusions with Suricata – Peter Manev & Eric Leblond

Sanna/ September 18, 2019/ Security, Training

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as to identify new threats through structured data aggregation and analysis. Hands-on labs consisting of real-world malware and network traffic will reinforce the course’s concepts while utilizing the latest Suricata features. Come and see what you’ve been missing in your network and unlock the full potential of network security, detection, and response with Threat Hunting with Suricata at the DeepSec 2019 training. In this course, students will learn through a combination of lecture and approximately 15

Read More

DeepSec 2019 Talk: New Tales of Wireless Input Devices – Matthias Deeg

Sanna/ September 13, 2019/ Conference

You can’t do much with computer without input devices. Microphones do not count, yet. This leaves the classic selection of human input. How secure are these devices? Did you ever wonder when typing, moving the mouse pointer, or attaching a presenting tool? Well, your questions will be answered at DeepSec 2019. Matthias Deeg will hold a talk where new security tales of wireless input devices like mice, keyboards, presenters, and barcode scanners using different 2.4 GHz radio-based communication technologies will be presented that have been collected over the last two years. Furthermore, SySS IT Security expert Matthias will present answers to unanswered questions of his previous wireless desktop set research and raise the awareness of security issues and practical attacks against vulnerable wireless input devices.   Matthias is interested in information technology – especially

Read More

DeepSec 2019 Talk: Lauschgerät – Gets in the Way of Your Victim’s Traffic and Out of Yours – Adrian Vollmer

Sanna/ September 11, 2019/ Conference, Security

The talk will present a new tool for pentesters called „Lauschgerät“. This python script acts as a convenient man-in-the-middle tool to sniff traffic, terminate TLS encryption, host malicious services and bypass 802.1X – provided you have physical access to the victim machine, or at least its network cable. There are three ways to run it: Either on its own dedicated device like a Raspberry Pi or Banana Pi, in a virtual machine with two physical USB-NICs attached, or on your regular pentest system in its own network namespace. It will look like a completely transparent piece of wire to both victim systems you are getting in the middle of, even if they are using 802.1X because it is implementing the ideas presented in a talk by Alva Lease ‘Skip’ Duckwall IV. The Lauschgerät operates

Read More

Industrial Espionage and Data Tapping are commonplace in IT – DeepSec Conference provides Training for early Detection, Analysis and Mitigation

Sanna/ September 10, 2019/ Conference, Security

The excitement used to be great when organizations, parties, celebrities, companies, or government agencies reported intrusions into their own or outsourced digital infrastructure. Meanwhile, reports of data leaks and compromised systems are almost a part of the weather forecast. Security applications on smartphones or portals offer this information to allow the user to check if they might be affected too. The networked world of everyday life makes it seemingly possible to present attack and defence in the same breath. Affected, attackers, defenders and beneficiaries move closer together. But anyone who has this impression has fallen victim to the looming simplification. Modern information technology has to deal with dangerous situations every day that have far more facets. This requires a good deal of specialist knowledge and experience. First Responders, Analysis and Detection of Threats All

Read More

DeepSec 2019 Talk: Once upon a Time in the West – A Story on DNS Attacks – Valentina Palacín, Ruth Esmeralda Barbacil

Sanna/ September 9, 2019/ Conference

The Internet is the new frontier for some. So just like in Old West movies, we are going through a land riddled with well-known gunmen: OceanLotus, DNSpionage and OilRig, who roam at ease, while the security cowboys sleep. This presentation will uncover the toolset and techniques used by these gunmen, taking a closer look at their big guns and their behavioral patterns. We will explore the attacks involving DNS that took place during the last decade to examine the latest discovered techniques in order to improve detections to dodge the bullets they are firing in our direction. We asked Valentina and Ruth a few more questions about their talk at the DeepSec conference. Please note that Valentine and Ruth will also speak the the DeepINTEL conference where you will get more in-depth information not

Read More

DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Sanna/ September 5, 2019/ Conference, DeepIntel, Press, Schedule, Security, Security Intelligence

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no more islands. Increasing networking is reaching more and more areas of everyday life and society. So this year’s DeepSec In-Depth Security Conference wants to look soberly at the Internet of facts and fear from an information security perspective. Systems are currently less isolated and much more complex than the theory of information security technically allows. The DeepSec conference therefore dedicates its two days of conference and two days of training to current technologies and their vulnerabilities. At the same

Read More

DeepSec 2019 Talk: Well, That Escalated Quickly! – A Penetration Tester’s Approach to Windows Privilege Escalation – Khalil Bijjou

Sanna/ September 4, 2019/ Conference, Security

Since the early stages of operating systems, users and privileges were separated. Implemented security mechanisms prevent unauthorized access and usage of data and functions. These security mechanisms have been circumvented a number of times, which has led to steady improvements. Nevertheless, attackers find new vulnerabilities and security holes. Security experts often encounter Mirosoft® Windows endpoints or systems and gain low privileged access. To fully compromise the system, privileges have to be escalated. Windows contains a great number of security concepts and mechanisms. These render privilege escalation attacks difficult. Penetration testers should have a sound knowledge base about Windows components and security mechanisms in order to understand privilege escalation concepts profoundly and to apply them properly. Khalil’s presentation at DeepSec 2019 imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most

Read More

DeepSec2019 Talk: SD-WAN Secure Communications Design and Vulnerabilities – Denis Kolegov

Sanna/ September 2, 2019/ Conference, Security

Hardening communication protocols against network attacks is hard. And yet a lot of products are available on the market that allow you to transport data and messages. Since virtualisation entered the world of technology all things software-definded (SD) have become popular. Denis Kolegov will explain at DeepSec 2019 what the state of affairs in terms of information security is. The SD-WAN New Hope project targets the security of SD-WAN (software defined wide area network) products. It was started in December 2017, when a customer decided to buy a very secure and well-known SD-WAN product from one of the Top 5 vendors and wanted us to perform threat modelling and a vulnerability assessment. We were doing that for 6 months and found out that the product was awful from a security perspective. It had multiple

Read More

DeepSec2019 Talk: IPFS As a Distributed Alternative to Logs Collection – Fabio Nigi

Sanna/ August 30, 2019/ Conference

Logging stuff is easy. You take a piece of information created by the infrastructure, systems, or applications and stash it away. The problems start once you want to use the stored log data for analysis, reference, correlation, or any other more sophisticated approach. At DeepSec 2019 Fabio Nigi will share his experience in dealing with log data. We asked him to explain what you can expect from his presentation. We want access to as much logs as possible. Historically the approach is to replicate logs to a central location. The cost of storage is the bottleneck on security information and event management (SIEM) solution, hard to be maintained at scale, leading to reduce the amount of information at disposal. The state-of-the-art solutions today focus on to analyze the log on the endpoint. This can

Read More

DeepSec2019 Talk: Android Malware Adventures – Analyzing Samples and Breaking into C&C – Kürşat Oğuzhan Akıncı & Mert Can Coşkuner

Sanna/ August 29, 2019/ Conference, Security

Android malware is evolving every day and is everywhere, even in Google Play Store. Malware developers have found ways to bypass Google’s Bouncer as well as antivirus solutions, and many alternative techniques to operate like Windows malware does. Using benign looking applications working as a dropper is just one of them. This talk is about android malware on Google Play Store targeting Turkey such as Red Alert, Exobot, Anubis, etc. The presentation held at DeepSec 2019 will cover the following issues: Techniques to analyze samples: Unencrypted samples are often used to retrieve personal information to sell and do not have obfuscation. Encrypted samples however are used for sophisticated tasks like stealing banking information. They decrypt themselves by getting the key from a twitter account owned by the malware developer and operate by communicating with

Read More

DeepSec2019 Talk: Mastering AWS Pentesting and Methodology – Ankit Giri

Sanna/ August 28, 2019/ Conference, Legal, Security

The Cloud (whatever it really is) is the future (of whomever taking advantage of it). This is how information security experts see the outsourcing technologies based on virtualisation and application containment. Ankit Giri explains at DeepSec 2019 what defenders need to be aware of and how you can test your security controls before your adversaries do this. (Pen)Testing the Cloud The intent here is to highlight the fact that pentesting cloud environment comes with legal considerations. AWS (Amazon Web Services) has established a policy that requires a customer to raise a permission request to be able to conduct penetration tests and vulnerability scans to or originating from the AWS environment. We can focus on user-owned entities, identity and access management, user permissions configuration and use of the AWS API integrated into the AWS ecosystem.

Read More

Translated Article: Reporters Without Borders protest against planned Criminalization of Tor Servers

Sanna/ July 10, 2019/ Discussion, Press, Security

Reporter ohne Grenzen protestiert gegen geplante Kriminalisierung von Tor-Servern for netzpolitik.org by Markus Reuter [Note: netzpolitik.org is a German news portal covering the impact of a networked world on society and digital rights. They rely on donations and welcome your support. We translated this article for them, because we both like their work and use Tor on a daily basis.] With the new IT security law Interior Minister Horst Seehofer wants to criminalize the Tor network. That hurts the freedom of the press and the protection of sources. Opposition and Reporters Without Borders protest sharply against the plan. With the IT Security Act 2.0 the Federal Ministry of the Interior is planning to criminalize the operation of Tor servers. According to the draft, the person who “offers an internet-based service whose access and accessibility

Read More

Translated Article: EU Prosecutors call for Security Holes in 5G Standards

Sanna/ June 3, 2019/ Communication, Discussion, High Entropy, Security

EU-Strafverfolger fordern Sicherheitslücken in 5G-Standards for fm4 by Erich Moechel The telecoms are to be forced to align the technical design of their 5G networks with the monitoring needs of the police authorities. In addition, security holes in the 5G protocols are required to enable monitoring by IMSI catchers. Gilles de Kerchove, EU counter-terrorism coordinator, warns against the planned security standards for the new 5G mobile networks. The reason for this are neither network components of the Chinese manufacturer Huawei, nor technical defects. De Kerchove’s warnings are directed against the planned high degree of network security, according to an internal document of the EU Council of Ministers, available to ORF.at. These measures to protect against criminals as well as the planned 5G network architecture stand in the way of the installation of backdoors for

Read More