Science Fictions meets Large Language Models

René Pfeiffer/ May 25, 2024/ Conference/ 0 comments

Given the advertising of the manufacturers using a Large Language Model (LLM) is just like having a conversation with a person. The reality looks different. Google’s AI search has recently recommended to glue pizza together, eats rocks, or jump off the Golden Gate bridge when being depressed. This is clearly bad advice. Apparently these answers are or were part of the learning process. Incidents like this and the hallucinations of LLM algorithms have been discussed already. Science fictions fans will recall conversations with computer or AI simulations where someone tries to trick the machine do override security checks. The Open Worldwide Application Security Project (OWASP) created a list of threats to LLM applications. The target audience are developers, designers, architects, managers, and organizations. Marc Pesce wrote an article about tests with different LLM implementations.

Read More

Memory Safety revisited

René Pfeiffer/ March 4, 2024/ Conference/ 0 comments

Memory safety is the most important problem in information security. This is something the White House and the NSA want you to believe. The recommendation is to use a different programming language, and all our problems will magically disappear. The proposal sounds a lot like the typical magical bullet solution, just like one of the many marketing promises of vendors since the 1990s. Attacks on memory buffers is the least of your current problems. Attackers use „living off the land“ attacks which use memory-safe scripting languages. If you look at the CWE statistics, then there are lots and lots of input validation errors that will bring down the security of many applications. Most web applications use questionable frameworks that are neither mature nor well-tested. Access to storage systems (SQL or NoSQL) still feature injections

Read More

Encryption refreshed, Plans for 2024

René Pfeiffer/ February 6, 2024/ Conference/ 0 comments

Computer science is all about automation. Repetitive tasks are best done by machines. This is true for our TLS certificate, but maybe you noticed it expired a few days ago. As always, this was because of an automated task that didn’t do what it was supposed to do. We changed parts of our infrastructure, so a few lines of code were not running on the new hardware. Blame it on ChatGPT, but your browser can trust our certificate again. Last year’s DeepSec conference had a focus on the zoo of artificial intelligence algorithms. The AI revolution has so far only pushed the Large Language Model (LLM) algorithms and a discussion about copyright. The battlefield is real. Researchers from the University of Chicago have published the Glaze and Nightshade algorithms to counter unrestricted harvesting by

Read More

Thanks for attending DeepSec and DeepINTEL 2023!

René Pfeiffer/ November 24, 2023/ Administrivia, Conference, DeepIntel

DeepSec 2023 ended a week ago, and it was amazing! We shout out a big thanks to all the speakers and all the attendees that made the conference memorable! Usually there is a period of several days after the conference where you hear nothing from us. We are not hibernating; we are in full post-production mode. Office life has caught up. The video material is currently being prepared for upload. Everyone who attended the conference will get early access to the presentations. Bear with us. We will send a notification once everything is ready. For everyone who missed the closing presentation, here are the dates for our events in 2024. Open your calendar, mark the dates. Also, do not forget to book early! We have a limit because of the conference venue safety regulations.

Read More

DeepSec 2023 Talk and Breakout Session: Let’s Prepare for the Unexpected – Erlend Andreas Gjære

Sanna/ November 15, 2023/ Conference

What happens when a large group of more or less connected individuals need to deal with a cyber incident, together? In this interactive hands-on session, we will try to experience – first-hand – just how challenging it can be to keep information flowing, make the right decisions and protect our assets while dealing with a simulated crisis. We asked Erlend a few more questions about his talk and breakout session. Please tell us the top 5 facts about your talk and workshop. This will be an interactive session, and everyone can join! We are going to prepare for a cyber incident, together People share anonymous inputs via their phones Participants also receive individual updates on their phones There will be a breakout session afterwards for a deep-dive tabletop How did you come up with

Read More

DeepSec 2023 – ENOMEM/EFBIG – Tickets sold out!

René Pfeiffer/ November 8, 2023/ Administrivia, Conference

This is the first time for us. The tickets for attending DeepSec on-site at the conference hotel are exhausted. We have no room to spare. You can only book training tickets (i.e. training without the conference) or tickets for accessing the live streams. Existing orders are still valid and will be processed. We have to take this step, because the space at the conference hotel gets too crowded. Furthermore, we have some limits regarding event security, and contrary to cloud platforms, we cannot sell more capacity than we have. Please consider accessing the live streams if you want to follow the presentations. You will also have the means to comment and ask questions. The stream access will also give you full access to all the recordings once we finished post-processing.

DeepSec 2023 Press Release: Open Source Intelligence Training for Companies – DeepSec Conference offers OSINT Training in IT Security Skills.

Sanna/ November 7, 2023/ Conference

In information security, the focus is often placed on technical solutions and ready-made security products. Successful attacks always start with the reconnaissance of information from freely available sources. This so-called Open Source Intelligence (OSINT) is closely interwoven with social engineering methods, which are an indispensable part of successful attacks. The DeepSec conference offers a two-day intensive training course on this topic. A head start through the right information Reports on data leaks at companies rarely reflect the actual process. Although it is often simplistically mentioned that social engineering was used in a phishing attack, the methods have changed considerably in recent years. The path to a successful phishing message involves many steps and enormous preparation. Any publicly available information is collected and analysed by the attackers. Most companies and organisations have weak points in

Read More

DeepSec on Air – Live on Radio Orange, 1000 (CEST), 6 November 2023

René Pfeiffer/ November 4, 2023/ Communication, Conference

We do not maintain a podcast or a video streaming channel. It’s hard to keep up with writing texts. On Monday, 6 November 2023, at 1000 (CEST) there will be a live broadcast. We will talk about the upcoming DeepSec and DeepINTEL events, the topics on the DeepSec schedule, and many more aspects. If you can spare an hour of your time, you can listen to us. The conversation will be in German, though. Maybe some stochastic parrot with a filter can produce a transcript later. The show announcement can be found on the Radio Orange web site. For the sake of convenience, here is a quote: 14. bis 17. November findet die DeepSec 2023 statt, am 15. folgt die DeepINTEL, dazwischen treibt der Third-Person-Track sein Wesen. Vier Tage, an denen im Rahmen von

Read More

DeepSec 2023 Talk: Oil – But at What Cost: Azerbaijan and the EU’s Murky Partnership – Pavle Bozalo

Sanna/ November 3, 2023/ Conference

Since Russia’s invasion of Ukraine, the European Union has rightfully sought to reduce its dependence on Russian oil with the ultimate aim of completely eliminating it. In this quest for trustworthy oil suppliers, Brussels has turned to countries such as Azerbaijan who, although wealthy in oil, have dubious human rights records and who, in many ways, are at the forefront of cyber surveillance and cyberwarfare. This quest has come at a cost, with the EU keeping mum on Azerbaijan’s armed invasion of the Nagorno-Karabakh territories southwards of Armenia – a scenario otherwise eerily similar to Russia’s armed invasion. As it cracks down on spyware within the EU, the European Commission buys Azeri President Aliyev’s oil, apparently unaware of hackers from Baku rolling out spyware and remote access trojans. Not only do Armenian officials find

Read More

DeepSec 2023 Tech Track Workshop: Tabletop Exercise/War Games – Julian Botham & Aron Feuer

Sanna/ October 21, 2023/ Conference

The objective of an tabletop exercise is to assess and enhance an organization’s preparedness and executive decision-making protocols in the event of a ransomware attack. The exercise will simulate a ransomware attack on critical systems, culminating in encrypted files and a ransom demand. Participants will role-play as C-suite executives, IT security managers, legal advisors, and the public relations team. The exercise will cover key activities, such as initial incident identification, activation of the incident response team, internal and external communication protocols, decision-making concerning ransom payment, coordination with law enforcement, system recovery and restoration, and post-incident analysis. We asked Julian and Aron a few more questions about their tabletop exercise. Please tell us the top 5 facts about your talk. The average ransom in 2023 is $1.54 million, almost double the 2022 figure of $812,380

Read More

DeepSec 2023 Talk: Improving Cyber Resilience Through Micro Attack Simulations – Christian Schneider & Kevin Ott

Sanna/ October 20, 2023/ Conference

With the increasing adoption of Red Teaming and Purple Teaming in the cybersecurity industry, organizations that have achieved high levels of security maturity can greatly benefit from these activities. However, organizations at the onset of building a security program are often left out. This talk introduces Micro Attack Simulations, an innovative approach that allows organizations to validate specific security controls without waiting for full-blown Red Teaming exercises. Micro Attack Simulations focus on assessing single or multiple security controls that are already implemented, providing a valuable approach for organizations aiming to bolster their cyber resilience. These simulations not only focus on technical aspects but also consider non-technical security controls such as escalation procedures and reporting paths during security incidents. As a result, organizations can derive specific Red Team unit tests and perform a gap analysis

Read More

DeepSec 2023 Talk: The Attackers Guide to Exploiting Secrets in the Universe – Mackenzie Jackson

Sanna/ October 12, 2023/ Conference

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the

Read More

DeepSec 2023 Talk: Up Close & Personnel – Chris Carlis

Sanna/ October 11, 2023/ Conference

You work hard to defend against internet-based threats, but how prepared are you when the attacker is on your literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can cause a difficult to detect network compromise. Attendees will gain a stronger understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited. We asked Chris a few more questions about his talk. Please tell us the top 5 facts about your talk. People often underestimate the amount of practice and level of skill needed to execute a good number of physical testing techniques. Your perimeter is probably bigger than you think or would

Read More

DeepSec 2023 Talk: KENOUGH: More Than Just a Pretty Interface – Daniel Kroiss & Stefan Prinz

Sanna/ October 9, 2023/ Conference

The vast majority of organizations on our planet are SMEs who do not have the capability to leverage professional Threat Intelligence Tools or even have Threat Intelligence Teams. They continuously struggle to prioritize their efforts fixing security problems but are typically not focusing on the right stuff. Not all threat actors are equally likely to penetrate your organization. Therefore, not all TTPs are equally likely to be leveraged against you. MITRE ATT&CK is the de facto standard in researching current TTPs and figuring out how to detect and prevent them from happening. We created a small but powerful tool based on MITRE ATT&CK to easily figuring out connections between Threat Actors, malware, TTPs and their relevance to your industry to help you figure out what to focus on. The tool is specifically built for

Read More

DeepSec 2023 Talk: Adding Intelligence into a Security Program – Catalin Curelaru

Sanna/ October 6, 2023/ Conference

Cyber threat intelligence has become a critical security area for organisations trying to defend against threat actors. It is slowly making the shift from a buzzword to an actionable true program. But how confident are you as a security professional that you are moving in the right direction? Should a CTI program heavily focus on the APTs and ransomware groups, or could the focus be elsewhere? The following presentation will walk you through an APT case, present some key prioritizations on what is relevant at a specific time for a CTI program and evolve as time goes on. A reference case can be found online. We asked Catalin a few more questions about his talk. Please tell us the top 5 facts about your talk. APTs, Pandas, Bears, Visma Security Program, Cyber Threat Intelligence

Read More