1609, 2024

DeepSec 2024 Talk: Navigating the Storm: Emerging Threats in AWS Cloud Security – Miguel Hernández & Alessandro Brucato

Sanna/ September 16, 2024/ Conference

As cloud adoption speeds up, so too does the sophistication of attacks targeting cloud infrastructure. Our talk delves into the evolving landscape of AWS security, focusing on the burgeoning threat of crypto mining. We’ve witnessed a significant shift in the tactics, techniques, and procedures (TTPs) used by attackers. This session will uncover the latest trends in cloud security, spotlighting new threat groups and their innovative methods for abusing AWS services. Attendees will learn about real-world threats involving AWS resources. We will explore the intricate ways these attackers infiltrate and collaborate with other groups in a large black market for credentials. Our discussion will also cover proactive strategies for detection and mitigation, empowering security professionals to safeguard their cloud infrastructure against these evolving threats. We asked Miguel and Alessandro a few more questions about their

Read More

1309, 2024

DeepSec 2024 Talk: Reversing Windows RPC in Enterprise Software for Fun and CVEs – Andreas Vikerup

Sanna/ September 13, 2024/ Conference

This talk will walk the audience through the dissection of Windows RPC usage in the enterprise software ManageEngine ADAudit Plus, which will unravel two CVEs and crack a CTF-like encryption/decryption process. We asked Andreas a few more questions about his talk. Please tell us the top 5 facts about your talk. This talk will guide the audience through a reverse engineering method that will ultimately lead to 2 CVEs in a product known as ManageEngine ADAudit Plus. The reviewed code will be human readable (as in not assembly language) which makes it easy to follow. There will be hurdles along the way to reach the goal and these will be highlighted and discussed in the presentation. How did you come up with it? Was there something like an initial spark that set your mind

Read More

1209, 2024

DeepSec 2024 Talk: A Practical Approach to Generative AI Security – Florian Grunow & Hannes Mohr

Sanna/ September 12, 2024/ Conference

The rise of applications based on AI (mostly generative AI) forces us to think about the security and privacy implications of these systems. We will try to make sense about the attack surface of generative AI applications, what practitioners in the field need to consider in development and operations, and how they can derive security measures for these systems. We will first dive into the range of generative AI applications using examples of the OpenAI ecosystem. This will give the audience an understanding about the fundamental problem of AI from a security perspective. We then offer an insight into the attack surface that those applications have. This will help understand what needs to be secured and what can be secured. Many times, good old security best practices will be a good start, although AI

Read More

1109, 2024

DeepSec Talk 2024: GenAI and Cybercrime: Separating Fact from Fiction – Candid Wüest

Sanna/ September 11, 2024/ Conference

Are we standing at the brink of an AI Armageddon? With the rise of Generative AI (GenAI), cybercriminals allegedly now use unprecedented AI tools, flooding the digital world with sophisticated, unblockable threats. This talk aims to dissect the hype and uncover the reality behind the use of GenAI in cybercrime. We will explore the growing use of deepfakes in scams, exemplified by a million dollar fake BEC video conference call. From son-in-trouble scams to KYC bypass schemes, deepfakes are becoming versatile tools for cybercriminals and a nightmare for defenders. Turning to phishing attacks, we’ll discuss how GenAI personalizes and automates social engineering, significantly increasing the volume of attacks. However, they still require an account to send from and some payload. Having the ultimate phishing text does not mean you are not blocked. We’ll also

Read More

1009, 2024

DeepSec Talk 2024: Firmware Forensics: Analyzing Malware Embedded in Device Firmware – Diyar Saadi Ali

Sanna/ September 10, 2024/ Conference

Firmware, essential to hardware functionality, increasingly becomes a prime target for cyber threat actors because of its foundational control over devices. This presentation delves into a detailed analysis of malware embedded within purported firmware updates for Sabrent devices, a case study revealing widespread exploitation. By leveraging advanced static and dynamic analysis techniques, we uncover the intricate workings of this malware, strategically hidden within seemingly legitimate firmware patches. Through meticulous investigation, including static examination for file headers, hashes, and embedded resources, and dynamic analysis within controlled environments, we decipher the malware’s operational stages. This includes its initial execution triggers, subsequent macro-driven deployments, and ultimate persistence mechanisms through registry modifications, all orchestrated to evade detection and ensure prolonged access to compromised systems. We asked Diyar a few more questions about his talk. Please tell us the

Read More

0909, 2024

DeepSec 2024 Training: The Mobile Playbook: Dissecting iOS and Android Apps – Sven Schleier

Sanna/ September 9, 2024/ Conference, Training

This course teaches you how to analyse Android and iOS apps for security vulnerabilities, by going through the different phases of testing, including dynamic testing, static analysis and reverse engineering. Sven will share his experience and many small tips and tricks to attack mobile apps that he collected throughout his career and bug hunting adventures. We asked Sven a few more questions about his training. Please tell us the top 5 facts about your training. Focus: The course teaches penetration testing of Android and iOS apps using the OWASP Mobile Application Security Testing Guide (MASTG). The OWASP MASTG is an open-source documentation project that summarises techniques for penetration testing and reverse engineering of mobile apps. Hands-on Experience: We will go through many labs and real-world scenarios with customized apps. Many of the labs can

Read More

2608, 2024

DeepSec 2024 Training: “Look What You Made Me Do”: The Psychology behind Social Engineering & Human Intelligence Operations – Christina Lekati

Sanna/ August 26, 2024/ Conference

Social Engineering and Human Intelligence (HUMINT) operations both rely heavily on effectively navigating a person’s mind in order to steer their behavior. As simple as this sounds, “quick and dirty” influence tactics will not take an operator very far. Behavior engineering is a complex, multilayered process that requires a good understanding of human psychology and self-awareness. In this intensive masterclass, participants will get access to the underlying psychology responsible for the way people think, decide, and act. They will also learn to influence and reshape all three layers. What are people’s automatic triggers? How can you engineer predictable action-reaction responses that produce a desirable outcome? How do you cultivate a target into taking specific actions or divulging information? But also, what are the ethical boundaries and moral implications of this process? The class will

Read More

2308, 2024

DeepSec 2024 Training: Hacking Modern Web & Desktop Apps: Master the Future of Attack Vectors – Abraham Aranguren

Sanna/ August 23, 2024/ Conference, Training

This course is the culmination of years of experience gained via practical penetration testing of Modern Web and Desktop applications and countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide. It covers the OWASP Top Ten and specific attack vectors against Modern Web and Desktop apps. Participants in this course can immediately apply actionable skills from day 1. Please note our courses are 100% hands-on. We do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. The training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Read More

2208, 2024

DeepSec 2024 Training: AI SecureOps: Attacking & Defending GenAI Applications and Services – Abhinav Singh

Sanna/ August 22, 2024/ Conference, Training

Acquire hands-on experience in GenAI and LLM security through CTF-styled training, tailored to real-world attacks and defense scenarios. Dive into protecting both public and private GenAI & LLM solutions, crafting specialized models for distinct security challenges. Excel in red and blue team strategies, create robust LLM defenses, and enforce ethical AI standards across enterprise services. This training covers both “Securing GenAI” and “Using GenAI for security” for a well-rounded understanding of the complexities involved in AI-driven security landscapes. We asked Abhinav a few more questions about his training. Please tell us the top facts about your talk. It covers both aspects of AI security: 1. Using AI for security; 2: Security of AI. How did you come up with it? Was there something like an initial spark that set your mind on creating this

Read More

2108, 2024

DeepSec 2024 Training: Attacking and Defending Private 5G Cores – Altaf Shaik

Sanna/ August 21, 2024/ Conference, Training

Security is paramount in private 5G networks because of their tailored nature for enterprises. They handle sensitive data, connect mission-critical devices, and are integral to operations. This advanced 5G Core Security Training is a comprehensive program designed to equip security professionals with advanced skills and techniques to identify and mitigate potential security threats in private 5G networks. Participants will gain a deep understanding of 5G core security and protocols, and learn how to develop and use the latest 5G pen testing tools and techniques to perform vulnerability assessments and exploit development. The training will also cover the latest 5G security challenges and best practices, and provide participants with hands-on experience in simulating original attacks and defenses on a local zero-RF-transmitting 5G network. We asked Altaf a few more questions about his training. Please tell

Read More

2008, 2024

DeepSec Training 2024: Software Reverse Engineering Training Course for Beginners – Balazs Bucsay

Sanna/ August 20, 2024/ Conference, Training

The training course targets attendees who have little to no knowledge of reverse engineering but possess the ability to write simple programs in a programming language of their choice and also have a desire to learn reverse engineering of compiled applications. The course spans two days, during which low-level computing and the basics of architectures are explained. The primary target architectures of this course are Intel x86 and AMD x64, where we cover the fundamentals of computing and assembly language. Throughout the course, we will explore how to create basic programs in both C and assembly, and then explore the process of reverse engineering using disassembler, decompiler and debugger on Windows. Each day of the course emphasises hands-on labs, allowing participants to apply their newly gained knowledge in practical exercises. Theory alone quickly fades,

Read More

0906, 2024

DeepSec 2024 Press Release: State Attacks on Information Security continue unabated. End-to-end Encryption remains an important and threatened Component of Security.

Sanna/ June 9, 2024/ Press

The introduction of strong encryption has repeatedly led to disputes with authorities and the government in the past. Whether it’s mobile networks, email systems, messengers or the World Wide Web, every iteration of the technical protocols requires backdoors that jeopardise the entire communications infrastructure. The DeepSec conference warns against opening the door to espionage. Secure or insecure, that is the Question Encryption inevitably has to do with mathematics, and the algorithms used in encryption technologies almost always originate from mathematical research. There are ready-made and well-tested components for IT infrastructures that are freely available. The critical point in securing communication is always to prevent messages from being intercepted. The only way to do this is with end-to-end encryption (EE2E). The keys involved remain exclusively with the sender and recipient. All parties involved in forwarding

Read More

0406, 2024

DeepSec 2024 Press Release: The limits of ‘AI’ language models lie in security. DeepSec warns: ‘AI’ language models generate content and override authorisations

Sanna/ June 4, 2024/ Conference, Press

    Language model algorithms, also known as generative artificial intelligence, continue to celebrate their supposed triumphant advance through many media platforms. Security researchers have analysed the products and revealed a number of weaknesses in the ‘AI’ applications. This year’s DeepSec conference is dedicated to the threats posed by ‘AI’ learning models that use incomplete restrictions to analyse public and sensitive data. Large Language Models (LLMs) as Auto-Completion The technical description of the many ‘artificial intelligence’ (‘AI’) products on the market is impressive. In simple terms, the concept behind the advertising campaigns consists of algorithms that copy as much data as possible, break it down and then recombine it to provide answers to any questions. The learning process when creating the language model is not initially monitored or moderated. Only in later phases does

Read More

1511, 2023

DeepSec 2023 Talk and Breakout Session: Let’s Prepare for the Unexpected – Erlend Andreas Gjære

Sanna/ November 15, 2023/ Conference

What happens when a large group of more or less connected individuals need to deal with a cyber incident, together? In this interactive hands-on session, we will try to experience – first-hand – just how challenging it can be to keep information flowing, make the right decisions and protect our assets while dealing with a simulated crisis. We asked Erlend a few more questions about his talk and breakout session. Please tell us the top 5 facts about your talk and workshop. This will be an interactive session, and everyone can join! We are going to prepare for a cyber incident, together People share anonymous inputs via their phones Participants also receive individual updates on their phones There will be a breakout session afterwards for a deep-dive tabletop How did you come up with

Read More

0711, 2023

DeepSec 2023 Press Release: Open Source Intelligence Training for Companies – DeepSec Conference offers OSINT Training in IT Security Skills.

Sanna/ November 7, 2023/ Conference

In information security, the focus is often placed on technical solutions and ready-made security products. Successful attacks always start with the reconnaissance of information from freely available sources. This so-called Open Source Intelligence (OSINT) is closely interwoven with social engineering methods, which are an indispensable part of successful attacks. The DeepSec conference offers a two-day intensive training course on this topic. A head start through the right information Reports on data leaks at companies rarely reflect the actual process. Although it is often simplistically mentioned that social engineering was used in a phishing attack, the methods have changed considerably in recent years. The path to a successful phishing message involves many steps and enormous preparation. Any publicly available information is collected and analysed by the attackers. Most companies and organisations have weak points in

Read More