1207, 2024

Reminder: Call for Papers DeepSec/DeepINTEL is still open!

René Pfeiffer/ July 12, 2024/ Conference/ 0 comments

It’s this time of the year again where the hot weather and deadlines collide. The call for papers for both DeepSec and DeepINTEL is still open! We are looking for original content, your creative ideas, and your invaluable experience. Please submit your proposal to our CfP manager. As always, we have a variety of topics we are interested in. The wonderful world of „artificial intelligence“ has taken the world and its CO2 output by storm. Large Language Models (LLMs) have „learned“ the Internet multiple times. Companies offering their LLM-based services promise to solve all kinds of tasks. What does this mean for IT security? Disinformation and propaganda are a big topic. Europe has already seen elections where structural disinformation played (and plays!) a vital role. Using false information in order to influence the voting

Read More

1207, 2024

IT Security, Standards, and Compliance

René Pfeiffer/ July 12, 2024/ Call for Papers, Conference, Legal/ 0 comments

You can often see the classic divide between technical and compliance persons in information technology within teams or organisations. Writing guidelines and writing configurations for implementation seem very different, with no overlaps. In reality, everyone has procedures. While they might not be written or follow a standardized format, having your ways of doing things is crucial to succeed in IT. The same goes for security. Creating policy documents and describing procedures in a way that technical minds can actually use them is a challenge. There is a crossover with the profession of writers who are experts in conveying nonfiction stories. And this is the origin of the schism between technicians and the compliance world. Badly written policies are a security risk, because no one takes them seriously. The purpose of your procedure documentation is

Read More

0406, 2024

DeepSec 2024 Press Release: The limits of ‘AI’ language models lie in security. DeepSec warns: ‘AI’ language models generate content and override authorisations

Sanna/ June 4, 2024/ Conference, Press/ 0 comments

    Language model algorithms, also known as generative artificial intelligence, continue to celebrate their supposed triumphant advance through many media platforms. Security researchers have analysed the products and revealed a number of weaknesses in the ‘AI’ applications. This year’s DeepSec conference is dedicated to the threats posed by ‘AI’ learning models that use incomplete restrictions to analyse public and sensitive data. Large Language Models (LLMs) as Auto-Completion The technical description of the many ‘artificial intelligence’ (‘AI’) products on the market is impressive. In simple terms, the concept behind the advertising campaigns consists of algorithms that copy as much data as possible, break it down and then recombine it to provide answers to any questions. The learning process when creating the language model is not initially monitored or moderated. Only in later phases does

Read More

2505, 2024

Science Fictions meets Large Language Models

René Pfeiffer/ May 25, 2024/ Conference/ 0 comments

Given the advertising of the manufacturers using a Large Language Model (LLM) is just like having a conversation with a person. The reality looks different. Google’s AI search has recently recommended to glue pizza together, eats rocks, or jump off the Golden Gate bridge when being depressed. This is clearly bad advice. Apparently these answers are or were part of the learning process. Incidents like this and the hallucinations of LLM algorithms have been discussed already. Science fictions fans will recall conversations with computer or AI simulations where someone tries to trick the machine do override security checks. The Open Worldwide Application Security Project (OWASP) created a list of threats to LLM applications. The target audience are developers, designers, architects, managers, and organizations. Marc Pesce wrote an article about tests with different LLM implementations.

Read More

0403, 2024

Memory Safety revisited

René Pfeiffer/ March 4, 2024/ Conference/ 0 comments

Memory safety is the most important problem in information security. This is something the White House and the NSA want you to believe. The recommendation is to use a different programming language, and all our problems will magically disappear. The proposal sounds a lot like the typical magical bullet solution, just like one of the many marketing promises of vendors since the 1990s. Attacks on memory buffers is the least of your current problems. Attackers use „living off the land“ attacks which use memory-safe scripting languages. If you look at the CWE statistics, then there are lots and lots of input validation errors that will bring down the security of many applications. Most web applications use questionable frameworks that are neither mature nor well-tested. Access to storage systems (SQL or NoSQL) still feature injections

Read More

0602, 2024

Encryption refreshed, Plans for 2024

René Pfeiffer/ February 6, 2024/ Conference/ 0 comments

Computer science is all about automation. Repetitive tasks are best done by machines. This is true for our TLS certificate, but maybe you noticed it expired a few days ago. As always, this was because of an automated task that didn’t do what it was supposed to do. We changed parts of our infrastructure, so a few lines of code were not running on the new hardware. Blame it on ChatGPT, but your browser can trust our certificate again. Last year’s DeepSec conference had a focus on the zoo of artificial intelligence algorithms. The AI revolution has so far only pushed the Large Language Model (LLM) algorithms and a discussion about copyright. The battlefield is real. Researchers from the University of Chicago have published the Glaze and Nightshade algorithms to counter unrestricted harvesting by

Read More

2411, 2023

Thanks for attending DeepSec and DeepINTEL 2023!

René Pfeiffer/ November 24, 2023/ Administrivia, Conference, DeepIntel

DeepSec 2023 ended a week ago, and it was amazing! We shout out a big thanks to all the speakers and all the attendees that made the conference memorable! Usually there is a period of several days after the conference where you hear nothing from us. We are not hibernating; we are in full post-production mode. Office life has caught up. The video material is currently being prepared for upload. Everyone who attended the conference will get early access to the presentations. Bear with us. We will send a notification once everything is ready. For everyone who missed the closing presentation, here are the dates for our events in 2024. Open your calendar, mark the dates. Also, do not forget to book early! We have a limit because of the conference venue safety regulations.

Read More

1511, 2023

DeepSec 2023 Talk and Breakout Session: Let’s Prepare for the Unexpected – Erlend Andreas Gjære

Sanna/ November 15, 2023/ Conference

What happens when a large group of more or less connected individuals need to deal with a cyber incident, together? In this interactive hands-on session, we will try to experience – first-hand – just how challenging it can be to keep information flowing, make the right decisions and protect our assets while dealing with a simulated crisis. We asked Erlend a few more questions about his talk and breakout session. Please tell us the top 5 facts about your talk and workshop. This will be an interactive session, and everyone can join! We are going to prepare for a cyber incident, together People share anonymous inputs via their phones Participants also receive individual updates on their phones There will be a breakout session afterwards for a deep-dive tabletop How did you come up with

Read More

0811, 2023

DeepSec 2023 – ENOMEM/EFBIG – Tickets sold out!

René Pfeiffer/ November 8, 2023/ Administrivia, Conference

This is the first time for us. The tickets for attending DeepSec on-site at the conference hotel are exhausted. We have no room to spare. You can only book training tickets (i.e. training without the conference) or tickets for accessing the live streams. Existing orders are still valid and will be processed. We have to take this step, because the space at the conference hotel gets too crowded. Furthermore, we have some limits regarding event security, and contrary to cloud platforms, we cannot sell more capacity than we have. Please consider accessing the live streams if you want to follow the presentations. You will also have the means to comment and ask questions. The stream access will also give you full access to all the recordings once we finished post-processing.

0711, 2023

DeepSec 2023 Press Release: Open Source Intelligence Training for Companies – DeepSec Conference offers OSINT Training in IT Security Skills.

Sanna/ November 7, 2023/ Conference

In information security, the focus is often placed on technical solutions and ready-made security products. Successful attacks always start with the reconnaissance of information from freely available sources. This so-called Open Source Intelligence (OSINT) is closely interwoven with social engineering methods, which are an indispensable part of successful attacks. The DeepSec conference offers a two-day intensive training course on this topic. A head start through the right information Reports on data leaks at companies rarely reflect the actual process. Although it is often simplistically mentioned that social engineering was used in a phishing attack, the methods have changed considerably in recent years. The path to a successful phishing message involves many steps and enormous preparation. Any publicly available information is collected and analysed by the attackers. Most companies and organisations have weak points in

Read More

0411, 2023

DeepSec on Air – Live on Radio Orange, 1000 (CEST), 6 November 2023

René Pfeiffer/ November 4, 2023/ Communication, Conference

We do not maintain a podcast or a video streaming channel. It’s hard to keep up with writing texts. On Monday, 6 November 2023, at 1000 (CEST) there will be a live broadcast. We will talk about the upcoming DeepSec and DeepINTEL events, the topics on the DeepSec schedule, and many more aspects. If you can spare an hour of your time, you can listen to us. The conversation will be in German, though. Maybe some stochastic parrot with a filter can produce a transcript later. The show announcement can be found on the Radio Orange web site. For the sake of convenience, here is a quote: 14. bis 17. November findet die DeepSec 2023 statt, am 15. folgt die DeepINTEL, dazwischen treibt der Third-Person-Track sein Wesen. Vier Tage, an denen im Rahmen von

Read More

0311, 2023

DeepSec 2023 Talk: Oil – But at What Cost: Azerbaijan and the EU’s Murky Partnership – Pavle Bozalo

Sanna/ November 3, 2023/ Conference

Since Russia’s invasion of Ukraine, the European Union has rightfully sought to reduce its dependence on Russian oil with the ultimate aim of completely eliminating it. In this quest for trustworthy oil suppliers, Brussels has turned to countries such as Azerbaijan who, although wealthy in oil, have dubious human rights records and who, in many ways, are at the forefront of cyber surveillance and cyberwarfare. This quest has come at a cost, with the EU keeping mum on Azerbaijan’s armed invasion of the Nagorno-Karabakh territories southwards of Armenia – a scenario otherwise eerily similar to Russia’s armed invasion. As it cracks down on spyware within the EU, the European Commission buys Azeri President Aliyev’s oil, apparently unaware of hackers from Baku rolling out spyware and remote access trojans. Not only do Armenian officials find

Read More

2110, 2023

DeepSec 2023 Tech Track Workshop: Tabletop Exercise/War Games – Julian Botham & Aron Feuer

Sanna/ October 21, 2023/ Conference

The objective of an tabletop exercise is to assess and enhance an organization’s preparedness and executive decision-making protocols in the event of a ransomware attack. The exercise will simulate a ransomware attack on critical systems, culminating in encrypted files and a ransom demand. Participants will role-play as C-suite executives, IT security managers, legal advisors, and the public relations team. The exercise will cover key activities, such as initial incident identification, activation of the incident response team, internal and external communication protocols, decision-making concerning ransom payment, coordination with law enforcement, system recovery and restoration, and post-incident analysis. We asked Julian and Aron a few more questions about their tabletop exercise. Please tell us the top 5 facts about your talk. The average ransom in 2023 is $1.54 million, almost double the 2022 figure of $812,380

Read More

2010, 2023

DeepSec 2023 Talk: Improving Cyber Resilience Through Micro Attack Simulations – Christian Schneider & Kevin Ott

Sanna/ October 20, 2023/ Conference

With the increasing adoption of Red Teaming and Purple Teaming in the cybersecurity industry, organizations that have achieved high levels of security maturity can greatly benefit from these activities. However, organizations at the onset of building a security program are often left out. This talk introduces Micro Attack Simulations, an innovative approach that allows organizations to validate specific security controls without waiting for full-blown Red Teaming exercises. Micro Attack Simulations focus on assessing single or multiple security controls that are already implemented, providing a valuable approach for organizations aiming to bolster their cyber resilience. These simulations not only focus on technical aspects but also consider non-technical security controls such as escalation procedures and reporting paths during security incidents. As a result, organizations can derive specific Red Team unit tests and perform a gap analysis

Read More

1210, 2023

DeepSec 2023 Talk: The Attackers Guide to Exploiting Secrets in the Universe – Mackenzie Jackson

Sanna/ October 12, 2023/ Conference

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the

Read More