0509, 2019

DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Sanna/ September 5, 2019/ Conference, DeepIntel, Press, Schedule, Security, Security Intelligence

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no more islands. Increasing networking is reaching more and more areas of everyday life and society. So this year’s DeepSec In-Depth Security Conference wants to look soberly at the Internet of facts and fear from an information security perspective. Systems are currently less isolated and much more complex than the theory of information security technically allows. The DeepSec conference therefore dedicates its two days of conference and two days of training to current technologies and their vulnerabilities. At the same

Read More

0409, 2019

DeepSec 2019 Talk: Well, That Escalated Quickly! – A Penetration Tester’s Approach to Windows Privilege Escalation – Khalil Bijjou

Sanna/ September 4, 2019/ Conference, Security

Since the early stages of operating systems, users and privileges were separated. Implemented security mechanisms prevent unauthorized access and usage of data and functions. These security mechanisms have been circumvented a number of times, which has led to steady improvements. Nevertheless, attackers find new vulnerabilities and security holes. Security experts often encounter Mirosoft® Windows endpoints or systems and gain low privileged access. To fully compromise the system, privileges have to be escalated. Windows contains a great number of security concepts and mechanisms. These render privilege escalation attacks difficult. Penetration testers should have a sound knowledge base about Windows components and security mechanisms in order to understand privilege escalation concepts profoundly and to apply them properly. Khalil’s presentation at DeepSec 2019 imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most

Read More

0209, 2019

DeepSec2019 Talk: SD-WAN Secure Communications Design and Vulnerabilities – Denis Kolegov

Sanna/ September 2, 2019/ Conference, Security

Hardening communication protocols against network attacks is hard. And yet a lot of products are available on the market that allow you to transport data and messages. Since virtualisation entered the world of technology all things software-definded (SD) have become popular. Denis Kolegov will explain at DeepSec 2019 what the state of affairs in terms of information security is. The SD-WAN New Hope project targets the security of SD-WAN (software defined wide area network) products. It was started in December 2017, when a customer decided to buy a very secure and well-known SD-WAN product from one of the Top 5 vendors and wanted us to perform threat modelling and a vulnerability assessment. We were doing that for 6 months and found out that the product was awful from a security perspective. It had multiple

Read More

3008, 2019

DeepSec2019 Talk: IPFS As a Distributed Alternative to Logs Collection – Fabio Nigi

Sanna/ August 30, 2019/ Conference

Logging stuff is easy. You take a piece of information created by the infrastructure, systems, or applications and stash it away. The problems start once you want to use the stored log data for analysis, reference, correlation, or any other more sophisticated approach. At DeepSec 2019 Fabio Nigi will share his experience in dealing with log data. We asked him to explain what you can expect from his presentation. We want access to as much logs as possible. Historically the approach is to replicate logs to a central location. The cost of storage is the bottleneck on security information and event management (SIEM) solution, hard to be maintained at scale, leading to reduce the amount of information at disposal. The state-of-the-art solutions today focus on to analyze the log on the endpoint. This can

Read More

2908, 2019

DeepSec2019 Talk: Android Malware Adventures – Analyzing Samples and Breaking into C&C – Kürşat Oğuzhan Akıncı & Mert Can Coşkuner

Sanna/ August 29, 2019/ Conference, Security

Android malware is evolving every day and is everywhere, even in Google Play Store. Malware developers have found ways to bypass Google’s Bouncer as well as antivirus solutions, and many alternative techniques to operate like Windows malware does. Using benign looking applications working as a dropper is just one of them. This talk is about android malware on Google Play Store targeting Turkey such as Red Alert, Exobot, Anubis, etc. The presentation held at DeepSec 2019 will cover the following issues: Techniques to analyze samples: Unencrypted samples are often used to retrieve personal information to sell and do not have obfuscation. Encrypted samples however are used for sophisticated tasks like stealing banking information. They decrypt themselves by getting the key from a twitter account owned by the malware developer and operate by communicating with

Read More

2808, 2019

DeepSec2019 Talk: Mastering AWS Pentesting and Methodology – Ankit Giri

Sanna/ August 28, 2019/ Conference, Legal, Security

The Cloud (whatever it really is) is the future (of whomever taking advantage of it). This is how information security experts see the outsourcing technologies based on virtualisation and application containment. Ankit Giri explains at DeepSec 2019 what defenders need to be aware of and how you can test your security controls before your adversaries do this. (Pen)Testing the Cloud The intent here is to highlight the fact that pentesting cloud environment comes with legal considerations. AWS (Amazon Web Services) has established a policy that requires a customer to raise a permission request to be able to conduct penetration tests and vulnerability scans to or originating from the AWS environment. We can focus on user-owned entities, identity and access management, user permissions configuration and use of the AWS API integrated into the AWS ecosystem.

Read More

1007, 2019

Translated Article: Reporters Without Borders protest against planned Criminalization of Tor Servers

Sanna/ July 10, 2019/ Discussion, Press, Security

Reporter ohne Grenzen protestiert gegen geplante Kriminalisierung von Tor-Servern for netzpolitik.org by Markus Reuter [Note: netzpolitik.org is a German news portal covering the impact of a networked world on society and digital rights. They rely on donations and welcome your support. We translated this article for them, because we both like their work and use Tor on a daily basis.] With the new IT security law Interior Minister Horst Seehofer wants to criminalize the Tor network. That hurts the freedom of the press and the protection of sources. Opposition and Reporters Without Borders protest sharply against the plan. With the IT Security Act 2.0 the Federal Ministry of the Interior is planning to criminalize the operation of Tor servers. According to the draft, the person who “offers an internet-based service whose access and accessibility

Read More

0306, 2019

Translated Article: EU Prosecutors call for Security Holes in 5G Standards

Sanna/ June 3, 2019/ Communication, Discussion, High Entropy, Security

EU-Strafverfolger fordern Sicherheitslücken in 5G-Standards for fm4 by Erich Moechel The telecoms are to be forced to align the technical design of their 5G networks with the monitoring needs of the police authorities. In addition, security holes in the 5G protocols are required to enable monitoring by IMSI catchers. Gilles de Kerchove, EU counter-terrorism coordinator, warns against the planned security standards for the new 5G mobile networks. The reason for this are neither network components of the Chinese manufacturer Huawei, nor technical defects. De Kerchove’s warnings are directed against the planned high degree of network security, according to an internal document of the EU Council of Ministers, available to ORF.at. These measures to protect against criminals as well as the planned 5G network architecture stand in the way of the installation of backdoors for

Read More

1802, 2019

Translated Press Release: IT Security is increasingly dominated by Geopolitics

Sanna/ February 18, 2019/ Call for Papers, Conference, DeepIntel, ROOTS

DeepSec and DeepINTEL conference open call for papers – submission for lectures and trainings are in demand.Anyone who reads the technology part of their favourite magazine can hardly escape the promises of future network technologies. Your own car becomes a smartphone. The talking fridge becomes a therapist. 5G mobile networks promise high-speed fibre optic streaming of data on the speed-limited electric scooter. The second reading reveals the meaning of the letter G in 5G – it stands for geopolitics. As part of the network expansion, there are discussions about hidden killswitches for emergency shutdowns, entire networks and backdoors to eavesdrop on customers. In November, the DeepSec In-Depth Security Conference addresses the technical challenges of the Internet of Things, emerging network technologies, and geopolitical constraints dictated by key events of the last 6 years. 5G

Read More

0801, 2019

Translated Article: Campaign of the Spy Alliance “Five Eyes” against WhatsApp and Co

Sanna/ January 8, 2019/ Discussion, High Entropy, Security

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone. Every two years, around the same time, a campaign of the espionage alliance “Five Eyes” against encryption programs takes place. Unlike in 2016, the new campaign has reached its first goal in a flash. In early December, a bill was passed in the Australian Parliament obliging Internet companies to break up encrypted communications. The providers of Whatsapp, Snapchat, and Co are hereby required to build surveillance interfaces into their apps to give hidden access to the Australian law enforcement. In a parliamentary coup – without discussion or amendments – the “Assistance

Read More

0701, 2019

ROOTS 2018: Library and Function Identification by Optimized Pattern Matching on Compressed Databases – Maximilian von Tschirschnitz

Sanna/ January 7, 2019/ ROOTS

[Editor’s note: This article belongs to the Reversing and Offensive-oriented Trends Symposium 2018 (ROOTS). It was misplaced, so we publish it today. Maximilian’s talk was recorded and can be watched on Vimeo.] The goal of library and function identification is to find the original library and function to a given machine-code snippet. These snippets commonly arise from penetration tests attacking a remote executable, static malware analysis or from an IP infringement investigation. While there are several tools designed to achieve this task, all of these seem to rely on varied methods of signature-based identification. In this work, the author argues that this approach is not sufficient for many cases and propose a design and implementation for a multitool called KISS. KISS uses lossless compression and highly optimized pattern matching algorithms to create a very

Read More

2211, 2018

ROOTS 2018 Talk: Kernel-Assisted Debugging of Linux Applications – Tobias Holl, Philipp Klocke, Fabian Franzen

Sanna/ November 22, 2018/ Conference, ROOTS

On Linux, most—if not all—debuggers use the ptrace debugging API to control their target processes. However, ptrace proves unsatisfactory for many malware analysis and reverse engineering tasks: So-called split-personality malware often adapts its behavior in the presence of a debugger, yet ptrace makes no attempt to hide from a target process. Furthermore, ptrace enforces a strict one-to-many relation meaning that while each tracer can trace many tracees, each tracee can only be controlled by at most one tracer. Simultaneously, the complex API and signal-based communications provide opportunities for erroneous usage. Previous works have identified the newer uprobes tracing API as a candidate for building a replacement for ptrace, but ultimately rejected it due to lack of practical use and documentation. Building upon uprobes, we introduce plutonium-dbg, a Linux kernel module providing debugging facilities independent

Read More

2111, 2018

DeepSec 2018 Talk: Attacks on Mobile Operators – Aleksandr Kolchanov

Sanna/ November 21, 2018/ Conference, Security

I’d like to talk about telecom security. My research contains information about security of mobile operators: classic and new (or very rare) attack vectors and vulnerabilities. This presentation will consist of three main parts: First, I will share information on the security of mobile operators in general. I’ll tell you a little bit about why it is important (usually, phone numbers are used as a key to social networks, messengers, bank accounts, etc). So, if an attacker can hack a mobile operator, he can gain access to a big amount of user data and money. Also, in this part, I will tell you about typical SS7 attacks (how to intercept SMS or send fake ones). During the second part, I will tell you about different vulnerabilities and security issues. All of the problems I

Read More

2011, 2018

DeepINTEL 2018 Talk: Framing HUMINT as an information gathering technique – Ulrike Hugl

Sanna/ November 20, 2018/ DeepIntel, Security Intelligence

NATO defines human intelligence (HUMINT) or hyoo-mint as “a category of intelligence derived from information collected and provided by human sources” (NATO Glossary of terms and definitions, APP-6, 2004) focusing on different kinds of information, for example data on things related to a human, information about a human’s specific knowledge of a situation, and other issues. HUMINT is differentiated into several categories like clandestine and overt collection. And: It is one of several other traditional intelligence collection disciplines, so called INTs; examples are SIGINT (signals intelligence), OSINT (open source intelligence), MASINT (measurements and signatures intelligence), GEOINT (geospatial intelligence), TECHINT (technical intelligence), SOMINT (social media intelligence), FININT (financial intellicence, gathered from analysis of monetary transactions), as well as CYBINT/DNINT (cyber intelligence/digital network intelligence, gathered from cyberspace). Intelligence Services deal with the analysis and collection of

Read More

1411, 2018

DeepSec 2018 Talk: RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues – Ulrike Hugl

Sanna/ November 14, 2018/ Conference

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for identification reasons to start their computers, cars, for smart home applications or to pay by credit card, by hospitals for the control of human biological functions of patients, but also by companies to tag their employees for security reasons and workplace surveillance. All in all, worldwide human implants are mainly used for security, healthcare, and private (individual) reasons. Beside some positive individual or organizational outcomes, implants may compromise privacy and raise manifold ethical questions. For example, research in the

Read More