0810, 2024

DeepSec 2024 Press Release: Industrial Espionage – New old Attacks through Lawful Interception Interfaces

Sanna/ October 8, 2024/ Press

Lawful interception backdoors are exploited by nation states for espionage. The Communications Assistance for Law Enforcement Act (CALEA) passed in 1994 forced telecoms providers and suppliers to equip all relevant components with backdoors that allow the recording of transported metadata and data. For over 30 years, information security experts have warned against the misuse of these accesses. The US-American telecommunication companies AT&T and Verizon have recently been the victims of an attack. The trail leads to China. Because of the legal abolition of security in networked systems, the attack comes as no surprise. The DeepSec conference therefore repeats its annual warning against deliberate weakening of information security. Fear of digitalisation CALEA began because the Federal Bureau of Investigation (FBI) was afraid of the failure of the interception technology of the time because of the

0710, 2024

DeepSec 2024 Talk: Differences in Focus on Cybersecurity in Smart Home Devices between Research and Practice – Dr. Edith Huber & Dipl. Ing. Albert Treytl

Sanna/ October 7, 2024/ Conference

This meta-study of scientific security journals and a user survey examines the most common cybersecurity threats and solutions for smart home devices. But do the researched topics correspond to the security threats encountered in practice? This talk will explore the tension between research interests and practical applications, and present opportunities for improving the cybersecurity of smart home devices. We asked Edith and Albert a few more questions about their talk. Please tell us the top facts about your talk. The role of cybercrime in smart home devices. How vulnerable are we? Cyber security options in this context. The difference between research and practice in smart home devices. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? These aspects were investigated as

0410, 2024

DeepSec 2024 Talk: AI Based Attack on Post Quantum Standard “CRYSTALS Kyber” – Maksim Iavich

Sanna/ October 4, 2024/ Conference

In recent years, the field of quantum computing has seen remarkable advancements, prompting concerns about the security of current public key cryptosystems in the development’s event of sufficiently powerful quantum computers. Kyber, a post-quantum encryption technique relying on lattice problem hardness, has recently been standardized. However, despite rigorous testing by the National Institute of Standards and Technology (NIST), recent investigations have revealed the efficacy of Crystals-Kyber attacks and their potential impact in real-world scenarios. Following the publication of the paper “Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Artificial Intelligence” discussions have emerged regarding the vulnerability of the post-quantum crypto system Kyber. The authors propose a side-channel attack leveraging artificial intelligence, specifically employing a neural network training method known as recursive learning to compromise the system. Our study explores CRYSTALS-Kyber’s susceptibility to side-channel attacks.

2709, 2024

DeepSec 2024 Talk: Remotely Snooping on Traffic Patterns using Network Protocols – Kirils Solovjovs

Sanna/ September 27, 2024/ Conference

The presentation features novel research on using different protocols to remotely measure network load and deduce network traffic patterns of a target using ICMP and other widely adopted protocols. The attack allows to distinguish between file upload, file download, video streaming, VoIP, web browsing, etc. depending on network conditions. This attack works even when done from a different AS. We asked Kirils a few more questions about his talk. Please tell us the top facts about your talk. There is predictable correlation between Bandwidth, Throughput, and Latency. It is possible to remotely measure the load (throughput over bandwidth) of a network endpoint. Measured traffic patterns can be used to deduce the type of traffic at the remote network endpoint. The internet is a series of tubes. How did you come up with it? Was

2609, 2024

DeepSec 2024 Talk: V2GEvil: Ghost in the Wires – Pavel Khunt & Thomas Sermpinis

Sanna/ September 26, 2024/ Conference

This research is dedicated to enhancing the cybersecurity of electric vehicles, focusing specifically on identifying vulnerabilities in the Electric Vehicle Communication Controller (EVCC). This controller facilitates communication with the Supply Equipment Communication Controller during the charging process. Accessible through the On-Board Charging (OBC) port, which is as publicly available as the gas tank in combustion engine vehicles. The research journey began by studying the electric vehicle charging ports, how they communicate, and the standards they follow, especially focusing on ISO 15118. Then, we closely looked at how On-Board Charging (OBC) works, especially its communication protocols during charging, focusing specially on the High-Level Communication (HLC). Our research efforts resulted in the development of a dedicated security tool. This tool examines and assesses the implementation of the EVCC (Electric Vehicle Communication Controller). It can simulate the

2509, 2024

DeepSec Talk 2024: RAT Builders – How to Catch Them All – Stephan Berger

Sanna/ September 25, 2024/ Conference

Cybercriminals now have unprecedented ease in creating their own remote access trojans (RATs), thanks to a plethora of open-source or leaked builders. One can generate a new binary with just a click of a button. We meticulously examine different builders, such as AgentTesla, DCRat, Nanocore, and others, to extract Indicators of Compromise. These indicators serve as valuable instruments for targeted hunting to detect infections within our networks. Building up on my research from last year, “N-IOC’s to rule them all”, we will analyze the binaries the same way, but this time with a focus on open-source builders for RATs. Initially, we scrutinize the distribution channels of different Trojans, pinpointing where individual builders are accessible for download. These sources range from GitHub, hosted as open-source projects, to other online platforms (such as VX-Underground). Subsequently, we

2409, 2024

DeepSec 2024 Press Release: Manipulation on Social Media is dangerous for Democracies

Sanna/ September 24, 2024/ Conference, Press

DeepSec conference publishes schedule and focuses on disinformation algorithms The original purpose of introducing Social Media was to provide individuals with a platform for expressing their own views. However, its increasing popularity has led to a creeping appropriation. Texts generated by algorithms, robot farms and dubious decisions by platform operators have turned social media into a hotbed of disinformation. The casual click on share, like buttons or the insertion of arbitrary comments, creates efficiency in mass manipulation. Political commentator Randahl Fink will analyse these practices at the opening of the DeepSec conference. Information and disinformation Most people think of technical implementations when they hear the terms information technology (IT) or information security. Of course, the foundation comprises networks, server systems, storage media and connections to the Internet. In addition, there are many end devices

2309, 2024

DeepSec 2024 Talk: From Dungeon Crawling to Cyber Defense Drill: Using RPG Principles and LLM for Operational Team Dev – Aurélien Denis & Charles Garang

Sanna/ September 23, 2024/ Conference

Continuous improvement/training is in the DNA of cybersecurity professionals, specifically for incident responders, which are always searching for new ways to learn and practice their technical and analytical crafts. This is even more the case in mature environments where Incident response teams may find themselves in a situation with few high stakes incidents, preventing them from applying their technical and thinking skills, thus lowering their readiness when a crisis occur. LLMs based conversational agents are becoming mainstream, and applications are countless. In the meantime, Tabletop Role-Playing Games (TTRPG) are found to be a great breeding ground for creativity and fun. To achieve the benefits of this game, preparation is needed and a game master must be present to keep the players engaged. So we leveraged the power of AI, mixed automation and past experiences

2009, 2024

DeepSec 2024 Talk: Living on the Edge: eBPF Defenses for Embedded System (in the Automotive Domain) – Reinhard Kugler (

Sanna/ September 20, 2024/ Conference

Linux has become a driving factor in the industrial and automotive domain. Vehicles are already a complex network of electrical components. In recent years, the technology stack and connectivity of vehicles have drastically evolved. Is all this complexity still safe and secure? How can embedded systems running different bus systems and physical interfaces be protected against modern attackers? The now mandatory updates of on-board components in these vehicles have introduced even new security challenges to this evolving landscape. Common Linux security measures, including capabilities, permissions, and mandatory access control, are already hitting their limits. Using eBPF technologies promises a flexible way to define security at runtime without the need to change the application code. Will this be as transformative for the embedded sector as it has been for the cloud? This talk presents hands-on

1909, 2024

DeepSec 2024 Talk: Should You Let ChatGPT Control Your Browser? – Donato Capitella

Sanna/ September 19, 2024/ Conference

This presentation will explore the practical risks associated with granting Large Language Models (LLMs) agency, enabling them to perform actions on behalf of users. We will delve into how attackers can exploit these capabilities in real-world scenarios. Specifically, the focus will be on an emerging use cases: autonomous browser and software engineering agents. The session will cover how LLM agents operate, the risks of indirect prompt injection, and strategies for mitigating these vulnerabilities. We asked Donato a few more questions about his talk. Please tell us the top 5 facts about your talk. LLM Red Teaming tools are benchmarks useful for LLM builders, but they are less useful to developers or application security testers When talking about “LLM Application Security”, we need to focus on the use-case the LLM application is enabling The talk

1809, 2024

DeepSec Talk 2024: Blackbox Android Malware Detection Using Machine Learning and Evasion Attacks Techniques – Professor Dr. Razvan Bocu

Sanna/ September 18, 2024/ Conference

Over the past ten years, researchers have extensively explored the vulnerability of Android malware detectors to adversarial examples through the development of evasion attacks. Nevertheless, the feasibility of these attacks in real-world use case scenarios is debatable. Most of the existing published papers are based on the assumptions that the attackers know the details of the target classifiers used for malware detection. Nevertheless, in reality, malicious actors have limited access to the target classifiers. This talk presents a problem-space adversarial attack designed to effectively evade blackbox Android malware detectors in real-world use case scenarios. The proposed approach constructs a collection of problem-space transformations derived from benign donors that share opcode-level similarity with malware applications through the consideration of an n-gram-based approach. These transformations are then used to present malware instances as legitimate entities through

1709, 2024

DeepSec 2024 Talk: Far Beyond the Perimeter – Exploring External Attack Surfaces – Stefan Hager / khae

Sanna/ September 17, 2024/ Conference

Looking for intel in all the right places is an art that adversaries seem to have mastered; but for their own data, many companies seem to lose interest in examining anything that’s outside the “perimeter” – whatever that is supposed to be nowadays. Credential leaks, shadow IT, unofficial websites with official info – the list of assets far outside the data centers of companies is long and those assets nevertheless pose risks. Instead of turning a blind eye, it’s important (and necessary) to get an understanding of what kind of information is out there, ready to be used or abused and protect accordingly. What risks are “out there” and what is meant by “out there”? How can those risks be addressed? What tools are easily available? Gathering information is a valuable tool not only

1609, 2024

DeepSec 2024 Talk: Navigating the Storm: Emerging Threats in AWS Cloud Security – Miguel Hernández & Alessandro Brucato

Sanna/ September 16, 2024/ Conference

As cloud adoption speeds up, so too does the sophistication of attacks targeting cloud infrastructure. Our talk delves into the evolving landscape of AWS security, focusing on the burgeoning threat of crypto mining. We’ve witnessed a significant shift in the tactics, techniques, and procedures (TTPs) used by attackers. This session will uncover the latest trends in cloud security, spotlighting new threat groups and their innovative methods for abusing AWS services. Attendees will learn about real-world threats involving AWS resources. We will explore the intricate ways these attackers infiltrate and collaborate with other groups in a large black market for credentials. Our discussion will also cover proactive strategies for detection and mitigation, empowering security professionals to safeguard their cloud infrastructure against these evolving threats. We asked Miguel and Alessandro a few more questions about their

1309, 2024

DeepSec 2024 Talk: Reversing Windows RPC in Enterprise Software for Fun and CVEs – Andreas Vikerup

Sanna/ September 13, 2024/ Conference

This talk will walk the audience through the dissection of Windows RPC usage in the enterprise software ManageEngine ADAudit Plus, which will unravel two CVEs and crack a CTF-like encryption/decryption process. We asked Andreas a few more questions about his talk. Please tell us the top 5 facts about your talk. This talk will guide the audience through a reverse engineering method that will ultimately lead to 2 CVEs in a product known as ManageEngine ADAudit Plus. The reviewed code will be human readable (as in not assembly language) which makes it easy to follow. There will be hurdles along the way to reach the goal and these will be highlighted and discussed in the presentation. How did you come up with it? Was there something like an initial spark that set your mind

1209, 2024

DeepSec 2024 Talk: A Practical Approach to Generative AI Security – Florian Grunow & Hannes Mohr

Sanna/ September 12, 2024/ Conference

The rise of applications based on AI (mostly generative AI) forces us to think about the security and privacy implications of these systems. We will try to make sense about the attack surface of generative AI applications, what practitioners in the field need to consider in development and operations, and how they can derive security measures for these systems. We will first dive into the range of generative AI applications using examples of the OpenAI ecosystem. This will give the audience an understanding about the fundamental problem of AI from a security perspective. We then offer an insight into the attack surface that those applications have. This will help understand what needs to be secured and what can be secured. Many times, good old security best practices will be a good start, although AI

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: