Conference

DeepSec 2018 Talk: Information, Threat Intelligence, and Human Factors – John Bryk

Posted by on September 21, 2018 at 8:45 am

“Across the ICS spectrum, organizations are gathering threat data (information) to protect themselves from incoming cyber intrusions and to maintain a secure operational posture.”, says John. “Organizations are also sharing information; along with the data collected internally, organizations need external information to have a comprehensive view of the threat landscape. Cyber threat information comes from […]

DeepSec 2018 Talk: Injecting Security Controls into Software Applications – Katy Anton

Posted by on September 20, 2018 at 8:45 am

“SQL Injection was first mentioned in a 1998 article in Phrack Magazine. Twenty years later, injection is still a common occurrence in software applications (No.1 in latest OWASP Top 10 2017). For the last 20 years, we have been focusing on vulnerabilities from an attacker’s point of view and SQL injection is still King. Something […]

DeepSec 2018 Talk: New Attack Vectors for the Mobile Core Networks – Dr. Silke Holtmanns / Isha Singh

Posted by on September 19, 2018 at 9:05 am

DeepSec has a long tradition of tackling the security of mobile networks and devices alike. The first DeepSec conference featured a presentation about the A5/1 crack. Later one we offered trainings covering mobile network security and weaknesses. So we are proud to announce Isha Singh’s and Silke Holtmanns’ talk about new attack vectors. Here is […]

DeepSec 2018 Talk: Pure In-Memory (Shell)Code Injection in Linux Userland – reenz0h

Posted by on September 18, 2018 at 9:15 am

A lot of research has been conducted in recent years on performing code injection in the Windows operating system without touching the disk. The same cannot be said about *NIX (and Linux specifically). Imagine yourself sitting in front of a blinking cursor, using a shell on a freshly compromised Linux server, and you want to […]

DeepSec 2018 Talk: Orchestrating Security Tools with AWS Step Functions – Jules Denardou & Justin Massey

Posted by on September 17, 2018 at 12:30 pm

Increasingly frequent deployments make it impossible for security teams to manually review all of the code before it is released. Jules Denardou and Justin Massey wrote a Terraform-deployed application to solve this problem by tightly integrating into the developer workflow. The plugin-based application has three core components, each represented by at least one Lambda function: […]

DeepSec 2018 Talk: Without a Trace – Cybercrime, Who are the Offenders? – Edith Huber & Bettina Pospisil

Posted by on September 14, 2018 at 9:45 am

Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation in Austria, no evidence-based scientific analysis exists that depicts the bright field of Cybercrime. Therefore an interdisciplinary research group investigated the phenomenon cybercrime regarding the questions – Edith Huber and Bettina Prospisil will present their findings at […]

DeepSec 2018 Talk: Left of Boom – Brian Contos

Posted by on September 13, 2018 at 8:45 am

By Brian Contos, CISO of Verodin: “The idea for my presentation “Left of Boom” was based on conversations I was having with some of my co-workers at Verodin. Many people on our team are former military and some served in Iraq and Afghanistan where they engaged in anti-IED (Improvised Explosive Device) missions. During these conversations […]

Translated Press Release: Bug Bounty Programs – Vulnerabilities as a worthwhile Investment

Posted by on September 12, 2018 at 9:15 am

DeepSec Conference offers trainings for security researchers Vienna (pts010 / 04.09.2018 / 08:30) – This year, in addition to lectures about the failing of security measures, the DeepSec In-Depth Security Conference will offer a workshop for finding vulnerabilities. Unfortunately the testing of software in the context of quality assurance is no longer sufficient in the […]

Translated Press Release: Intelligence Agencies want to abolish Information Security

Posted by on September 11, 2018 at 8:15 pm

https://www.pressetext.com/news/deepsec-konferenz-veroeffentlicht-programm-fuer-2018.html DeepSec Conference criticizes the open Attack on secure End-to-End Encryption Vienna (pts014/21.08.2018/09:25) – Ever since security measures have been in existence, there have been discussions about their benefits and their strength. In digital communication, the topic of back doors keeps coming up. In the analog world high quality locks are desired to protect against […]

DeepSec 2018 Training: Attacking Internet of Things with Software Defined Radio – Johannes Pohl

Posted by on September 10, 2018 at 10:15 am

In Johannes Pohls training participants will learn how to reverse engineer the wireless communication between Internet of Things (IoT) devices with Software Defined Radios (SDR) using the Universal Radio Hacker (URH). The workshop covers required HF (high frequency) basics such as digital modulations and encodings and shows how to reveal the protocol logic step by […]

DeepSec 2018 Talk: Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering – Kevin Sheldrake

Posted by on September 6, 2018 at 8:35 am

HiTag2 is an Radio-Frequency Identification (RFID) technology operating at 125KHz.  It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all.  As a result […]

Translated Press Release: DeepSec Conference releases Schedule for 2018

Posted by on September 6, 2018 at 8:15 am

Focusing on the Insecurity of Things and infrastructure Vienna (pts014 / 21.08.2018 / 09:25) – This year’s DeepSec In-Depth Security Conference will focus on the topic of Insecurity of Things (IoT) and components of everyday infrastructure. The ever-advancing networking opens up completely new ways for attackers – faster than developers and manufacturers can fix bugs. […]

DeepSec 2018 Talk: Defense Informs Offense Improves Defense – How to Compromise an ICS Network and How to Defend It – Joe Slowik

Posted by on September 5, 2018 at 9:50 am

Industrial control system (ICS) attacks have an aura of sophistication, high barriers to entry, and significant investment in time and resources. Yet when looking at the situation – especially recent attacks – from a defender’s perspective, nothing could be further from the truth. Initial attack, lateral movement, and entrenchment within an ICS network requires – […]

DeepSec 2018 Talk: Can not See the Wood for the Trees – Too Many Security Standards for Automation Industry – Frank Ackermann

Posted by on September 4, 2018 at 9:05 am

“Plant operators and manufacturers are currently faced with many challenges in the field of automation.”, says Frank Ackermann. “Issues such as digitization, Industry 4.0, legal requirements or complex business processes that connect IT and OT are paramount. Related security problems and risks need to be addressed promptly and lastingly. Existing and newly created industry security […]

DeepSec 2018 Talk: Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests – Tomasz Tuzel

Posted by on September 3, 2018 at 8:45 am

Over the last decade we have seen a rapid rise in virtualization-based tools in which a hypervisor is used to gain insight into the runtime execution of a system. With these advances in introspection techniques, it is no longer a question of whether a hypervisor can be used to peek inside or even manipulate the […]