1511, 2017

DeepSec2017 U21 Talk: Lessons Learned: How To (Not) Design Your Own Protocol – Nicolai Davidsson

Sanna/ November 15, 2017/ Conference, Development, Security

“One of the first lessons of cryptography is “don’t roll your own crypto” but we were bold enough to ignore it”, says Nicolai. “Single Sign-On is so 2016 which is why we’d like to introduce its replacement, Forever Alone Sign-On – FASO. This talk will discuss one of the ugliest SSO solutions you’ll ever see, its updated, slightly less ugly, iteration, and, ultimately, FASO. We’ll discuss the use cases, questionable decisions made during the planning process, the actual self-rolled, totally vulnerable, cryptography, and the even worse code architecture. In all seriousness: The talk reflects on the design process of a SSO protocol and its first two iterations, going from a semi-functional workaround to an experimental OAuth-and-the-like alternative utilizing pre-shared keys, symmetric cryptography and implicit authentication.”   Nicolai is a security researcher at zyantific and

Read More

1511, 2017

ROOTS: Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications – Sophia d’Antoine

Sanna/ November 15, 2017/ Conference, Security

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities, inherent to systems which share hardware resources, will become increasingly attractive targets to malicious software authors. In this talk, Sophia will introduce a novel side channel across virtual machines through the detection of out-of-order execution. She and her colleagues created a simple duplex channel as well as a broadcast channel. She’ll discuss possible adversaries for this channel and proposes further work to make this channel more secure, efficient and applicable in realistic scenarios. In addition, she considers seven possible malicious applications of this channel: theft of encryption keys, program identification, environmental keying, malicious triggers, denial of service attacks, determining VM co-location, malicious data injection, and side channels. We asked Sophia a few questions about her talk. Please tell us the top 5 facts

Read More

1511, 2017

DeepSec 2017 Talk: OpenDXL In Active Response Scenarios – Tarmo Randel

Sanna/ November 15, 2017/ Conference

Automating response to cyber security incidents is the trend which is – considering increasing amount of incidents organizations handle and ever-increasing attack surface – already becoming mainstream. In this talk Tarmo explores the options of using OpenDXL in real life situation of mixed environments, legacy solutions and multiple vendors for connecting existing (and future) cyber security system components for coordinated information exchange and orchestrating incident response action. Tarmo is a researcher at NATO Cooperative Cyber Defence Center of Excellence, various research projects and developing for large scale cyber exercises. He’s also a developer at the Estonian eHealth Foundations, “Kickstarting” in-house development team. Tarmo’s creating supporting infrastructure, preparations and execution of plans for taking over selected external vendor development projects. He’s Head of Department at CERT-EE, Running Computer Emergency Response Team, Information security expert at CERT-EE,

Read More

1411, 2017

ROOTS: On The (In-)Security Of JavaScript Object Signing and Encryption – Dennis Detering

Sanna/ November 14, 2017/ Security

JavaScript Object Notation (JSON) has evolved to the de-facto standard file format in the web used for application configuration, cross- and same-origin data exchange, as well as in Single Sign-On (SSO) protocols such as OpenID Connect. To protect integrity, authenticity and confidentiality of sensitive data, JavaScript Object Signing and Encryption (JOSE) was created to apply cryptographic mechanisms directly in JSON messages. We investigated the security of JOSE and present different applicable attacks on several popular libraries. We introduce JOSEPH (JavaScript Object Signing and Encryption Pentesting Helper) – our newly developed Burp Suite extension, which automatically performs security analysis on targeted applications. JOSEPH’s automatic vulnerability detection ranges from executing simple signature exclusion or signature faking techniques, which neglect JSON message integrity, up to highly complex cryptographic Bleichenbacher attacks breaking the confidentiality of encrypted JSON messages.

Read More

1411, 2017

DeepSec2017 Talk: Building Security Teams – Astera Schneeweisz

Sanna/ November 14, 2017/ Conference

While ‘security is not a team’, you’ll find that most companies growing just beyond 60-80 people start employing a group of people focusing primarily on the topic. But the culture of secure engineering in a company does not only strongly correlate with when you start building a security team – it becomes (and grows as) a matter of how they connect with the rest of your organization, and make security, adversarial thinking, and the care for user safety and privacy part of everyone’s concern. In this talk, Astera will review what the purposes of a security team can be, which challenges you’ll face, how you can make it scale beyond the team’s boundaries; as well as proven good practices of running (fairly operational) engineering teams themselves. Whether your organization already has a security team

Read More

1411, 2017

DeepSec 2017 Talk: How I Rob Banks – Freakyclown

Sanna/ November 14, 2017/ Conference, High Entropy, Security

You are in for an adventure at DeepSec this year. We have a tour on robbing banks for you: A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the worlds largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempted to take you through the lessons to be learned from an ethical hacker with a penchant for breaking into the impossible. Let me take you on a rollercoaster ride of epic fails and grandiose plans and my Jason Bourne like adventures including Lockpicking, Kidnap, Police chases and multi-million pound bank heists. FC is a well-known ethical hacker and social engineer. He has been working in the infosec field for over 20 years

Read More

3110, 2017

DeepSec 2017 Workshop: Smart Lockpicking – Hands-on Exploiting Contemporary Locks and Access Control Systems – Slawomir Jasek

Sanna/ October 31, 2017/ Conference, Training

You can, quite reasonably, expect smart locks and access control systems to be free from alarming security vulnerabilities – such a common issue for an average IoT device. Well, this training will prove you wrong. After performing multiple hands-on exercises with a dozen of real devices and various technologies, you will never look at the devices the same way. Smart lockpicking is something to scare you, not just on Halloween.     We asked Slawomir a few questions about his training: Please tell us the top 5 facts about your workshop. Focused on hands-on, practical exercises with real devices Lots of various topics and technologies covered Regardless if you are a beginner or a skilled pentester, you will learn something new and have a good time Many exercises designed as “homework”, possible to repeat

Read More

2510, 2017

DeepSec 2017 Talk: BitCracker – BitLocker Meets GPUs – Elena Agostini

Sanna/ October 25, 2017/ Conference

Encryption and ways to break it go hand in hand. When it comes to the digital world, the method of rapidly using different keys may lead to success, provided you have sufficient computing power. The graphics processing units (GPUs) have come a long way from just preparing the bits to be sent to the display device. Nowadays GPUs are used for a lot of computational expensive tasks. At DeepSec 2017 you will hear about keys, encryption, and storage encryption – all with the use of GPUs, but forthe purpose of cracking keys. BitLocker (formerly BitLocker Drive Encryption) is a full-disk encryption feature available in recent Windows OS (Vista, 7, 8.1 and 10). It is designed to protect data by providing encryption for several types of memory units like internal hard disks or external removable

Read More

1710, 2017

DeepSec 2017 Talk: Who Hid My Desktop – Deep Dive Into hVNC – Or Safran & Pavel Asinovsky

Sanna/ October 17, 2017/ Conference

Seeing is believing. If you sit in front of your desktop and everything looks as it should look, then you are not in the Matrix, right? Right? Well, maybe. Manipulating the surface to make something to look similar is a technique also used by phishing, spammers, and social engineers. But what if the attacker sitting on your computer does not need to see what you see? Enter hidden virtual network computing where malicious software controls your system, and you don’t know about it. Since the past decade, financial institutions are increasingly faced with the problem of malware stealing hefty amounts of money by performing fraudulent fund transfers from their customers’ online banking accounts. Many vendors attempt to solve this issue by developing sophisticated products for classifying or risk scoring each transaction. Often, identifying legitimate

Read More

1710, 2017

DeepSec Talk 2017: Normal Permissions In Android: An Audiovisual Deception – Constantinos Patsakis

Sanna/ October 17, 2017/ Conference, Security

The Marshmallow version was a significant revision for Android. Among the new features that were introduced one of the most significant is, without any doubt, the runtime permission. The permission model was totally redesigned, categorising the permissions into four main categories. The main concept of this categorisation is how much risk a user is exposed to when permissions are granted. Therefore, normal permissions imply the least risk for the user. However, in this case, there are some important issues. Firstly, these permissions are not actually displayed to the user; they are not displayed upon installation and the user needs to dig into several menus to find them for each app. Most importantly though, these permissions cannot be revoked. Unlike permissions categorized as dangerous, where the user can grant or revoke a permission whenever deemed

Read More

1610, 2017

DeepSec2017 Workshop: Mobile App Attack – Sneha Rajguru

Sanna/ October 16, 2017/ Conference, Training

The world’s gone mobile. Mobile devices have surpassed the standard computer (i.e. desktop) installation multiple times. In turn this means that you will encounter these devices most definitely when testing or implementing security measures. Usually adversaries do not use the platform itself. They use software to gain entry. This is why mobiles apps are the most preferred way of delivering the attacks today. Understanding the finer details of mobile app attacks is soon becoming an essential skill for penetration testers as well as for the app developers & testers. This is why we have a special training for you at DeepSec 2017. So, if you are an Android or an iOS user, a developer, a security analyst, a mobile pen-tester, or just a mobile security enthusiast the training ‘Mobile App Attack’ is of definite

Read More

1010, 2017

DeepSec2017 Workshop: SAP CTF Pentest : From Outside To Company Salaries Tampering – Yvan Genuer

Sanna/ October 10, 2017/ Conference, Training

The SAP business suite is widespread among enterprises. It is the heart of the operation, at least in terms of business logic, administration, accounting, and many other cornerstones of big companies. SAP itself was founded in 1972. Its software has now grown up and lives with the Internet and cloud platforms next door. Due to the SAP software being a platform itself, it is quite unwieldy for hackers to handle. If you believe this, then we recommend the SAP CTF Pentest training at DeepSec 2017! Yvan Genuer has something to show to you: SAP is boring, too big or too complicated? What about learning SAP Security during a fun CTF workshop? Additionally we’ll provide you with a pre-configured attacker VM with all tools required to perform workshop activities. Attendees learn how to work against

Read More

0910, 2017

DeepSec 2017 Talk: How To Hide Your Browser 0-days: Free Offense And Defense Tips Included – Zoltan Balazs

Sanna/ October 9, 2017/ Conference

There is a famous thought experiment described in the book A Treatise Concerning the Principles of Human Knowledge. It deals with the possibility of unperceived existence; for example does a falling tree in the forest make a sound when no one is around to hear it? Given the many reports and mentions about zero-day exploits, the question might be rephrased. Does a zero-day exploit cause any effects when no one is able to detect its presence? Before we completely get lost in philosophy, the question has a real background. Zoltan Balazs wants to address the issue of zero-days in his DeepSec 2017 presentation. The idea seems somewhat contrary to intuition – protecting exploits from being disclosed. Zero-day exploits targeting browsers are usually very short-lived. These zero-days are actively gathered and analyzed by security researchers.

Read More

0810, 2017

DeepSec 2017 Talk: BITSInject – Control Your BITS, Get SYSTEM – Dor Azouri

Sanna/ October 8, 2017/ Conference, Internet, Security

Microsoft has introduced the Background Intelligent Transfer Service (BITS) into Windows 2000 and later versions of the operating system. Windows 7 and Windows Server 2008 R2 feature the version 4.0 of the protocol. BITS is designed to use idle bandwidth in order to transfer data to and from servers. BITS is an obedient servant, and it may be abused into doing transfers on behalf of others. Dor Azouri will present his findings regarding BITS at DeepSec 2007. Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? Current Windows software comes packaged with a mix of old and new features and components. New, shiny features and

Read More

0710, 2017

DeepSec 2017 Talk: XFLTReaT: A New Dimension In Tunnelling – Balazs Bucsay

Sanna/ October 7, 2017/ Conference, Security

“Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter”, says Balazs. “It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic, and it is also worth mentioning that the framework was designed to be easy to configure, use and develop.” We asked Balazs Bucsay a couple more questions about his talk: Please tell us the top 5 facts about your talk. Tunnelling is not new at all, but

Read More