Conference

DeepSec 2018 Talk: RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues – Ulrike Hugl

Posted by on November 14, 2018 at 9:05 am

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for […]

ROOTS 2018 Talk: The Swift Language from a Reverse Engineering Perspective – Malte Kraus & Vincent Haupert

Posted by on November 13, 2018 at 11:02 am

Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising adoption of this new […]

Last Call for your Web Application Security Training – Break all teh Web and enjoy it!

Posted by on November 9, 2018 at 5:22 pm

The Internet is full of web applications. Sysadmins used to joke that HTTP is short for Hypertext Tunnelling Protocol, because anything but web content is transported via HTTP these days. It’s the best way to break out of restricted environment, too. So the chances are good that you will need the skills for dealing with […]

ROOTS 2018: How Android’s UI Security is Undermined by Accessibility – Anatoli Kalysch

Posted by on November 9, 2018 at 3:15 pm

Android’s accessibility API was designed to assist users with disabilities, or temporarily preoccupied users unable to interact with a device, e.g., while driving a car. Nowadays, many Android apps rely on the accessibility API for other purposes, including apps like password managers but also malware. From a security perspective, the accessibility API is precarious as […]

DeepINTEL 2018 Talk: Risk Management in Complex Scenarios – Oscar Serrano

Posted by on November 8, 2018 at 1:06 pm

ICT risk management is a well-stabilized practice and as such is supported by international security standards and guidelines. But, despite advances in the legal and policy areas and the maturation of standardized frameworks for efficient risk management, it has still not become a controlled, systematic process in the cyber security domain of most organizations. One […]

DeepSec 2018 Training: Advanced Infrastructure Hacking – Anant Shrivastava

Posted by on November 5, 2018 at 1:35 pm

Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. We asked Anant a few more questions about his […]

DeepINTEL 2018 Security Intelligence Event – Preliminary Schedule is available

Posted by on November 3, 2018 at 10:03 pm

It took us longer than anticipated, but the schedule for DeepINTEL 2018 is final and available. The topics covered are ICT risk assessment in interconnected and complex environments, drone threats (to critical infrastructure), drone countermeasures, assessment of digital black markets (you can call them darkweb/crypto markets if you must), live threats to the information industry […]

DeepSec 2018 Talk: Suricata and XDP, Performance with an S like Security – Eric Leblond

Posted by on November 2, 2018 at 9:30 am

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in […]

DeepSec2018 Talk: Manipulating Human Memory for Fun and Profit – Stefan Schumacher

Posted by on October 31, 2018 at 9:15 am

Manipulating the Human Memory for Fun and Profit, or: Why you’ve never met Bugs Bunny in DisneyLand Hacking is not limited to technical things — like using a coffee machine to cook a soup — but also makes use of social engineering. Social engineering is the (mis)use of human behaviour like fixed action patterns, reciprocity […]

DeepSec 2018 Talk: Mapping and Tracking WiFi Networks / Devices without Being Connected – Caleb Madrigal

Posted by on October 30, 2018 at 8:45 am

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, Kismet, et al. But what if you just want to view a list of all networks in your area along with all the devices connected to them? Or maybe you want to know who’s hogging all the bandwidth? Or […]

DeepSec 2018 Talk: Drones, the New Threat from the Sky – Dom (D#FU5E) Brack

Posted by on October 29, 2018 at 4:18 pm

I will talk about drones (not military ones). Drone risks and countermeasures. Drones have become an inherent risk not just for critical infrastructure, but also public events (sports, concerts) and privacy. I will speak about the exclusive risk catalogue I have developed for a small highly specialised start-up called DroneGuard. The catalogue contains over 140 […]

ROOTS Schedule almost ready, mind your DeepSec Training Tickets, DeepINTEL Schedule is coming up

Posted by on October 19, 2018 at 10:23 am

The review process for ROOTS has been completed a few days ago. Proper reviews are hard, this is why it took a bit longer. The accepted papers will be in the schedule at the beginning of next week for we need the redacted abstracts of all presentations. The research topics are worth it, so make […]

DeepSec 2018 Talk: Security Response Survival Skills – Benjamin Ridgway

Posted by on October 17, 2018 at 9:15 am

Jarred awake by your ringing phone, bloodshot eyes groggily focus on a clock reading 3:00 AM. A weak “Hello?” barely escapes your lips before a colleague frantically relays the happenings of the evening. As the story unfolds, you start to piece together details leading you to one undeniable fact: Something has gone horribly wrong… Despite […]

Translated Press Release: Systemic Errors as Vulnerabilities – Backdoors and Trojan Horses

Posted by on October 9, 2018 at 9:01 pm

DeepSec and Privacy Week highlight consequences of backdoors in IT Vienna (pts009/09.10.2018/09:15) – Ever since the first messages were sent, people try to intercept them. Today, our modern communication society writes more small, digital notes than one can read along. Everything is protected with methods of mathematics – encryption is omnipresent on the Internet. The […]

DeepSec 2018 Talk: A Tour of Office 365, Azure & SharePoint, through the Eyes of a Bug Hunter – Dr.-Ing Ashar Javed

Posted by on October 5, 2018 at 9:00 am

Cross-Site Scripting (XSS) outbreak has started almost twenty years ago and since then it has been infecting web applications at a concerning pace. It is feared that the influx of programs and bug hunters arriving at bug bounty platforms will worsen the situation given more disclosed cases of bug(s) or public citing and viewing. According […]