DeepSec 2022 Talk: Vanquish: Analysis Everywhere with Smartphones – Hiroyuki Kakara

Sanna/ September 9, 2022/ Conference

I couldn’t sleep well until I developed the “Vanquish.” I couldn’t fully enjoy Disneyland until I developed the “Vanquish.” I was always thinking about 2nd and subsequent payloads of malware of my interest. I was always hoping that C2 servers are available until I reached my malware analysis desktop. But the Vanquish changed my life. He tries to collect all the samples that appear in twitter accounts of your interests. He analyzes those samples and tries to get the next stage samples when I am in bed. And I can ask him to analyze malware from your iPhone even while I’m in Disneyland. The core of the Vanquish is the system which crawls specified twitter accounts every specified minute, parses hashes from the tweet bodies or web sites tweeted, downloads the sample from malware

Read More

DeepSec 2022 Talk: Cypher Query Injection – The New “SQL Injection” We Aren’t Aware Of – Noy Pearl

Sanna/ September 8, 2022/ Conference

How often do you hear about injections? Probably a lot. And probably most of them are familiar to you and chances are that you are tired of hearing about another SQL injection that was recently found. Graph Databases (e.g. Neo4j, RedisGraph, Amazon Neptune) which are becoming increasingly popular don’t use SQL, but you can still achieve an injection and even go beyond that. We are going to learn how by manipulating legitimate database functionalities we are able to leverage an injection in Cypher Query to attack the database (DoS), leak sensitive files (RFI) , access protected endpoints (SSRF)  and leverage our attack to perform lateral movement and escalate to other machines as well. We’ll sum up with remediation & mitigation steps and show a ready-to-use open-source playground that was created so you could exploit Graph Databases

Read More

Press Release: Attacks On IT Through Desktop And Mobile Devices

Sanna/ September 7, 2022/ Press

DeepSec conference focuses on everyday devices as a risk for corporate IT. Attacks on the digital infrastructure of companies, authorities and organizations are often staged as a cinema spectacle in the reporting. Unfortunately the opposite is the case. A burglary in digital infrastructure happens without any broken glass or smashed doors. Attackers can only be successful if superficially everything continues as before. They don’t come through the windows or the underground car park, but via everyday applications on the desktop or smartphone. This year’s DeepSec security conference is therefore trying to sharpen the view on everyday life in the office and at the workplace. Two-day training sessions are offered focusing on workplace hazards, as well as two days of lectures to bring you up to speed. War for the desktop and personal devices Few

Read More

DeepSec 2022 Talk: Melting the DNS Iceberg – Taking Over Your Infrastructure Kaminsky Style – Dipl.-Ing. Timo Longin BSc

Sanna/ September 7, 2022/ Conference

What does DNS have in common with an iceberg? Both are hiding invisible dangers! Beneath an iceberg there is… even more ice. However, beneath the DNS there are hiding unexpected vulnerabilities! If you want to resolve a name via DNS, there are multiple open DNS resolvers all across the Internet. A commonly used open DNS resolver is Google’s resolver with the IP address 8.8.8.8. However, not every system is using such an open resolver. Hosting providers, ISPs and the like, are often using resolvers that are not directly accessible from the Internet. These are the so called “closed” resolvers. In my previous research “Forgot password? Taking over user accounts Kaminsky style,” I have unearthed critical vulnerabilities in DNS resolvers of web applications, but I haven’t shared a second thought about the fact that these

Read More

DeepSec 2022 Talk: Identification of the Location in the 5G Network – Giorgi Akhalaia

Sanna/ September 6, 2022/ Conference

Mobile devices can provide the majority of everyday services: like emergency, healthcare, security services. The development of mobile devices itself triggered the 5G network deployment. The new telecom standard will create a new ecosystem with a variety of industries and will exceed the limit of telecom communication. With new standards, functionality, services, products always arise new cyber threats. The operating spectrum in the 5G Network is divided into 3 categories: Low, Middle and High Bands. Actually, the third category, high band, also known as mmWave provides majority benefits of the new standard. This band covers from 6 GHz to 100 GHz operating spectrums. Because of the limitation of this frequency range, devices connected to high-band have to be near to the cell-tower. Otherwise, buildings will interrupt the connection. So, when a user is connected

Read More

DeepSec 2022 Talk: Machine Learning Use in OSINT – Giorgi Iashvili

Sanna/ September 5, 2022/ Conference

Open source intelligence is one of the important aspects of cyber security activities as it relies on the publicly available sources, such as social networks, websites, blogs, etc. This includes data mining and gathering techniques, as well as data extraction and data analysis activities. Open source intelligence is widely used in different fields today. Mainly, this process runs manually and is fully managed by humans. Moving from a manual to automated processes in OSINT is vital, especially that we work with real-world operations. Different components must build a relevant system to provide automated open source-based activities together with training simulations for the Machine Learning. The structure of the ML approach is the following: Requirements: Information used from previous user experience; Collection: Web crawlers or / and scrapers; Processing exploration: Pattern recognition, Detection of the

Read More

DeepSec 2022 Talk: Auditing Closed Source Trusted Applications for Qualcomm Secure Execution Environment (QSEE)- Hector Marco & Fernando Vano

Sanna/ August 31, 2022/ Conference

Smartphones have become essential devices for carrying out many daily activities, including security-sensitive tasks such as authentication and payments. The security of sensitive data in modern mobile devices relies on hardware-enabled Trusted Execution Environments, amongst which ARM TrustZone is one of the most widely used. Qualcomm Secure Execution Environment (QSEE) is one of the most widespread commercial TEE solutions in the smartphone space, used by many devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. In order to audit the QSEE environment, security researchers have to face distinct challenges. On the one hand, the software components of QSEE (i.e., trusted operating system and trusted applications) are not open sourced and can be quite complex, which requires a considerable extent of reverse engineering efforts to conduct analysis and to

Read More

DeepSec 2022 Talk: End-to-end Health Data Privacy Using Secure 5G Data Channels – Dr. Razvan Bocu

Sanna/ August 30, 2022/ Conference

The integrated collection of personal health data represents a relevant research topic, which is enhanced further by the development of next generation mobile networks that can be used in order to transport the gained medical data. The gathering of personal health data has become recently workable using relevant wearable personal devices. Nevertheless, these devices do not possess sufficient computational power, and do not offer proper local data storage capabilities. This paper presents an integrated personal health metrics data management system, which considers a virtualized symmetric 5G data transportation system. The personal health data is gained using a client application component, which is normally deployed on the user’s mobile device, regardless if it is a smartphone, smartwatch, or another kind of personal mobile device. The collected data is securely transported to the cloud data processing

Read More

DeepSec 2022 Talk: Faking at Level 1 – How Digital Twins Save Your PLCs – Thomas Weber

Sanna/ August 29, 2022/ Conference

Every year, many big and small incidents in industrial environments, like power plants, factories, or food supply, find their way into newspapers. All those affected industries are backed by highly branched and historically grown Operational Technology (OT) networks. A sizeable portion of such incidents would have been avoidable, if network segmentation was done correctly and patches for user devices (not always possible in OT) were installed.Despite such known problems, that also lead to the compromise of traditional IT networks, a bunch of unknown vulnerabilities are unfortunately also present in OT infrastructure. OT in modern factories contains of networked (and smart) devices, especially on level 1, also called the control level, of the Purdue model. Devices, like PLCs, industrial router/switches, data diodes, and more, cannot be easily tested if they are in use by the

Read More

DeepSec 2022 Talk: Post-quantum Verkle Signature Scheme – Maksim Iavich

Sanna/ August 26, 2022/ Conference

We expect mass production of quantum computers in the near future. Quantum computers can easily break cryptographic schemes that are used in practice. Thus, classical encryption systems become vulnerable to attacks using quantum computers. There are research efforts to find encryption schemes that are resistant to attacks using quantum computers. Digital signatures are an important technology in securing the Internet and other IT infrastructures. A digital signature provides the authenticity, integrity, and identification of data. We use digital signatures in identification and authentication protocols. So, these secure digital signature algorithms are crucial in terms of IT security. Today, in practice, digital signature algorithms such as RSA, DSA, ECDSA are used. However, they are not quantum stable, as their safety relies on large composite integers, complex factorization and the computation of discrete logarithms. We asked

Read More

DeepSec 2022 Talk: GitHub Actions Security Landscape – Ronen Slavin

Sanna/ August 25, 2022/ Conference

GitHub Actions, the recent (from 2018) CI/CD addition to the popular source control system, is becoming an increasingly popular DevOps tool mainly due to its rich marketplace and simple integration. As part of our research of the GitHub Actions security landscape, we discovered that in writing a perfectly secure GitHub Actions workflow, several pitfalls could cause severe security consequences. For example, many developers would use event input data to improve their workflow process. However, this data could be controlled by an attacker, and potentially compromise the build process. Unless the developers are proficient in the depths of GitHub best-practices documents, these workflows would have mistakes. Such mistakes are costly – and could cause a potential supply chain risk to the product. During the talk, we’ll walk you through our journey on how we found

Read More

DeepSec 2022 Talk: Towards the Automation of Highly Targeted Phishing Attacks with Adversarial Artificial Intelligence – Francesco Morano and Enrico Frumento

Sanna/ August 24, 2022/ Conference

The work we will present aims to develop a Proof of Concept (PoC) of an attack scenario that uses Artificial Intelligence (i.e., AI) to create a semi-automatic phishing attack. The AI-based PoC used different network types to automatically compose highly targeted phishing emails with information derived from the initial OSINT analysis of the potential victims. The study approaches the problem from a cybercriminal point of view to understand the feasibility of such an attack tactic and prepare for possible defences. Phishing is a popular way to perform social engineering attacks. According to the Verizon 2022 Data Breach Investigations Report, 82% of data breaches involve human elements and belong to several categories, including phishing, the most common. Using AI tools, this study implements a complete attack chain: (i) initial collection of victims’ data through OSINT,

Read More

DeepSec 2022 Talk: Hey You! Get Off my Satellite! – Paul Coggin

Sanna/ August 23, 2022/ Conference

There are many components and systems that may be targeted in a space system by adversaries including ground station systems and satellites. In this presentation we will discuss ideas for providing cyber resiliency in zero-gravity. Both theoretical and real-world examples of cybersecurity issues concerning satellite systems will be covered. This presentation will step through attack trees for targeting satellite systems. Recommendations best practices for securing satellite systems will be discussed. In addition, new ideas industry is currently developing for improving the cyber resiliency of space systems will be presented. We asked Paul a few more questions about his talk. Please tell us the top 5 facts about your talk. Examples of real-world satellite hacking events will be covered. Recommended best practices for securing ground systems, and spacecraft will be discussed. Space ground systems are

Read More

Press Release: Spy Tools must not become Standard Software

Sanna/ August 3, 2022/ Press

DeepSec security conference warns of the growing market for spy tools. Information technology has gained a new acronym: Private-Sector Offensive Actor (PSOA). PSOA means something like a private-sector offensive opponent. The specific case of a PSOA has also reached Austria because of research by Microsoft®. An Austrian company is accused of being involved in digital attacks on Microsoft® customers in Europe and Central America. The case illustrates that spyware continues to be developed and used as a dangerous threat to information security. The DeepSec security conference taking place in November repeatedly warns against such technology and will deal specifically with the details of industrial espionage. Threatening security as a business model Bypassing security measures is a lucrative business model. Companies are active in this field all over the world. Some buy knowledge of security

Read More

Translated Article: German Cyber Security Strategy without Security

Sanna/ July 27, 2022/ Stories

Deutsche Cybersicherheitsstrategie ohne Sicherheit by Erich Moechel for fm4.ORF.at The new German Interior Minister Nancy Faeser (SPD) is continuing the cyber course of her predecessor Horst Seehofer (CDU), which according to independent experts has been completely misguided. The professional world “is not amused”. Parallel to the finalization of the new EU directive on cyber security (NIS2), Germany’s new cyber security strategy was presented in Berlin. The European directive, which was negotiated unusually quickly, was welcomed almost unanimously by experts. The new German cyber security strategy, on the other hand, has been consistently criticized by experts since its publication. As a closer look shows, it is neither new nor a security strategy. First and foremost, new powers are being distributed to police authorities and secret services. Trojans instead of cyber security As the table of contents already

Read More