2809, 2023

DeepSec 2023 Talk: The Evolution of Linux Binary Exploitation: From Outdated Techniques to Sophisticated Modern Attacks – Ofri Ouzan & Yotam Perkal

Sanna/ September 28, 2023/ Conference/ 0 comments

In the ever-evolving realm of cybersecurity, the cat-and-mouse game between attackers and defenders continues to intensify. To safeguard critical systems against malicious exploitation, the hardening of binary files has emerged as a fundamental security measure. However, no security measure remains impervious to threats, and binary hardening techniques face ongoing challenges. This talk aims to shed light on the significance of binary hardening as a countermeasure against growing vulnerabilities. Through a comprehensive examination, we explore both traditional and contemporary binary exploitation techniques, providing real-world insights into modern exploiting methodologies that bypass protective mechanisms implemented through binary hardening. Our research addresses the lack of accurate and complete sources of information on binary hardening, emphasizing the importance of understanding ELF file structure and attacker avoidance strategies. By encouraging vigilance among developers and defenders, we aim to raise

2709, 2023

DeepSec 2023 Talk: Using RPA to Simulate Insider Threats – Andrei Cotaie & Cristian Miron

Sanna/ September 27, 2023/ Conference/ 0 comments

In a world where trust is a currency, and information is power, meet Jim, the innocent accountant, with access to many financial secrets. When his dream promotion slips through his fingers, Jim crosses the line from hero to rogue, unleashing a hidden fury fueled by betrayal. Lacking any technical skills but armed with insider knowledge, he becomes the ultimate insider threat. He can steal data without a trace, eluding the watchful eyes of the very firm that underestimated him. As colleagues celebrate their achievements, Jim orchestrates a daring heist of classified information, and security tools can’t detect him. He is the insider threat. Can he be caught as he employs ChatGPT knowledge and just google searches to grab and exfiltrate data from his company? In a thrilling tale of vengeance and deception, witness how

2609, 2023

DeepSec 2023 Talk: RansomAWARE in 2023 – Steph Shample

Sanna/ September 26, 2023/ Conference/ 0 comments

Ransomware’s explosion has been sustained for years. As tech changes, so too do the actor TTPs. It’s imperative to explore the 2023 mindset of ransomware actors: they are going after “target rich, cyber poor” industries that will make them money by selling data, exploiting the victims they hit as well as the partners and third party services linked to the victims. While double-, triple-, and quadruple- extortion practices are still around, actors are also adapting/changing their encryption processes to better emulate protective services such as anti-virus and file scanning software to blend in and provide no red flags to technical and cyber practitioners. This allows for a long-term, stealth presence in networks, which facilitates lateral movement to collect as much information as possible. We asked Steph a few more questions about her talk. Please

2209, 2023

DeepSec 2023 Talk: I’m Ok, You’re Ok, We’re Ok: Living with AD(H)D in Infosec – Klaus Agnoletti

Sanna/ September 22, 2023/ Conference/ 0 comments

[This is a different topic than information security. Klaus’ presentation was included in the DeepSec 2023 schedule, because it deals with the way some of us are dealing with the individual thought processes. The work environment doesn’t fit for everyone.] I was diagnosed with AD(H)D almost three years ago, aged 44. Getting the diagnosis and being able to get proper medicine meant the world to me; suddenly I understood all those symptoms and I could function remarkably better. Better understanding also meant that I got more insight to why it was becoming increasingly harder for me to get and keep a job. So something had to happen. I’ve been an InfoSec professional for almost 20 years but after my diagnosis I moved to community marketing which basically meant doing the spare-time thing I love

2009, 2023

DeepSec 2023 Press Release: Digitalisation Requires More Than Just Technology – DeepSec Conference Combines Digitalisation With IT Security Trainings

Sanna/ September 20, 2023/ Conference, Press/ 0 comments

Digitalisation is a great opportunity and has arrived in all areas of society. However, there is more to it than using digital data and computer systems. Processes and ways of working need to be adapted. In addition, information security must be considered throughout, from design to implementation. The DeepSec conference again has extensive training on this topic in its programme. Digitalisation generates opportunities and markets The basic idea of digitalised processes in companies and administration is simplification through the use of IT infrastructure. Data is more easily available. Documents can be searched and found more easily. This also means that more information is available in digital form. The opportunities and markets generated by this are not all legal. In 2022, data from one billion Chinese nationals was copied. In 2018, the Indian government reported

1909, 2023

DeepSec 2023 Talk: WEFF : p2p Communication without Third Party – Nikolaos Tsapakis

Sanna/ September 19, 2023/ Conference/ 0 comments

References in public available literature pertaining to a completely serverless connection method between two peers behind routers implementing NAT are scarce. In this talk, we are describing a more generic method for NAT traversal that requires no intermediate server and relies on a multiple port testing method which resembles a brute force attack. We have created a proof of concept for verifying and showing our results. This talk relates to p2p communication without the need for a third party (intermediate server or other) for initiating the communication. We asked Nikolaos a few more questions about his presentation. Please tell us the top 5 facts about your talk. Privacy Decentralized communications Secure communications Easy to implement Fun to use How did you come up with it? Was there something like an initial spark that set

1809, 2023

DeepSec 2023 Talk: Skynet wants your Passwords! The Role of AI in Automating Social Engineering – Alexander Hurbean & Wolfgang Ettlinger

Sanna/ September 18, 2023/ Conference/ 0 comments

We techies love solving problems with cool technology, to where we attempt to implement the economy in code. Although important in general, we know that, for example, blockchain, cryptography, and Secure Software Development Life Cycle (SSDLC) are irrelevant when the user enters their credentials on a phishing site. From an attacker’s point of view, though, we see that modern technologies such as artificial intelligence are immensely beneficial to attack one of the weakest links in security – humans. We will explore how modern technologies, for instance DeepFakes, Deep Neural Networks (DNNs), and Transformers, can be misused by bad actors. We will explore some interesting ideas for attacks, discuss their practical feasibility and show implementations of some of these attacks. We will also look at approaches to detect and defend against AI-powered attacks. We asked

1509, 2023

Early Bird Tickets turn into „Last of Us“ – get them while available

René Pfeiffer/ September 15, 2023/ Conference/ 0 comments

Grab your early bird tickets quickly before they run out! Our ticket shop will switch to the regular tickets soon (on Tuesday). If you still need out to sort your budget, here is a way to save money. You can also send us your order before the deadline in order to get the early bird tariff. Join DeepSec 2023 in November and improve your odds in beating security incidents. A good defence rests on knowledge and exchange of information. Get in contact with security experts from all over the world! See you in Vienna!

1209, 2023

DeepSec 2023 Streaming Tickets available

René Pfeiffer/ September 12, 2023/ Conference/ 0 comments

COVID-19 forced us to explore the wonderful world of streaming and to review our video equipment. Since 2020, all DeepSec conferences feature live streams. The processes behind the streams are now mature. This means that you can attend DeepSec virtually. Our ticket shop now has streaming video tickets for you. This ticket allows you to watch the live streams and to get early access to the post-processed presentation videos once we have uploaded them. The live streams also offer you to get into contact with the speakers by asking questions. You just use the chat function and ask what you want to know. Click and join us!

1109, 2023

DeepSec 2023 Talk: !CVE: A New Platform for Unacknowledged Cybersecurity !Vulnerabilities – Hector Marco & Samuel Arevalo

Sanna/ September 11, 2023/ Conference/ 0 comments

In the ever-evolving cybersecurity landscape, the identification and acknowledgment of vulnerabilities through the Common Vulnerabilities and Exposures (CVE) system plays a crucial role. However, vendor discretion in determining whether a security issue warrants a CVE assignment often results in overlooked vulnerabilities that pose significant risks. This presentation introduces the !CVE initiative, a groundbreaking platform that addresses this critical gap by identifying, tracking, and sharing unacknowledged cybersecurity vulnerabilities. Our presentation begins with an overview of the CVE system and the challenges security researchers face in dealing with unacknowledged vulnerabilities. We discuss real-world examples of security issues ignored by vendors and explore the potential consequences of these hidden threats. We then delve into the !CVE platform, detailing its mission, features, and collaborative approach to empower the security community. Through case studies, we show the value of

0809, 2023

DeepSec 2023 Talk: Introducing CS2BR – Teaching Badgers New Tricks – Moritz Thomas & Patrick Eisenschmidt

Sanna/ September 8, 2023/ Conference/ 0 comments

Staying under the radar and remaining undetected is one of our priorities during Red Teaming assessments. After all, we’re simulating real threat actors and want to reach our objectives without raising any suspicion. This becomes a more and more challenging task as new defences are implemented, requiring us to add new tools and techniques to our tool belt. Occasionally, though, there is a new technique that brings a broad set of features and doesn’t leave countless traces. This talk is about one such technique: beacon object files (BOFs)! BOFs aren’t exactly the new hot stuff, as a matter of fact, they’ve been around for more than two years now. In those two years, a de-facto BOF standard has been adapted by many C2 frameworks out there. But what happens when your C2 doesn’t support

0709, 2023

DeepSec 2023 Talk: 1h Talk – LeaveHomeSafe: The Good, the Bad, the Ugly – Abraham Aranguren

Sanna/ September 7, 2023/ Conference/ 0 comments

The COVID-19 pandemic has led to the development and deployment of various contact tracing apps worldwide, including the Hong Kong government’s LeaveHomeSafe app. In this talk, we will present the findings of our comprehensive security assessment of LeaveHomeSafe, which uncovered a range of vulnerabilities from minor to critical. We will discuss the overall app design and functionality, the uncovered issues related to data privacy and security, as well as interesting edge-case scenarios. We will delve into the technical details of the vulnerabilities we found, demonstrating the tools and techniques used to identify and exploit them. Our talk will also cover the disclosure process, as well as the subsequent press and official Hong Kong government reactions, which garnered international attention. The talk will break down the good, the bad and the ugly of this security

0709, 2023

DeepSec 2023 Talk: Zero-Touch-Pwn: Abusing Zoom’s Zero Touch Provisioning for Remote Attacks on Desk Phones – Moritz Abrell

Sanna/ September 7, 2023/ Conference/ 0 comments

Cloud communication platforms like Zoom have become a fundamental aspect of modern communication and are widely used in daily work. However, in certain scenarios, traditional endpoints such as desk phones or analog gateways are still required. Today, these devices can be integrated with most major cloud communication providers through the use of their provisioning services, which centralize configurations and firmware. This session is about a security analysis of the Zoom “Zero Touch Provisioning” method with certified hardware. It will reveal several vulnerabilities that, when combined, allow an attacker to remotely compromise arbitrary devices, enable massive eavesdropping on conversations or rooms, remote control of devices, or using them as a pivot point to attack the adjacent corporate network. Be curious about the details of hard-coded cryptographic material, improper authentication, lack of immutable root of trust,

0609, 2023

DeepSec 2023 Talk: Automating Incident Response: Exploring the Latest Conversational AI Tools – Hagai Shapira

Sanna/ September 6, 2023/ Conference/ 0 comments

As security incidents become increasingly complex, it’s crucial for SOC and incident response teams to focus on actual malicious investigations. However, their ability to do so is often limited by time-consuming human interactions with stakeholders. In this talk, we’ll explore different levels of automation approaches for incident response, culminating in the latest additions of conversational AI tools. These tools enable full investigations with human stakeholders to be performed automatically, with an analyst only as a silent observer/supervisor. We’ll discuss the benefits and limitations of using conversational AI tools in incident response, as well as real-world examples of how these tools have been used effectively. By the end of the talk, attendees will have a better understanding of how to leverage this technology to streamline their incident response processes and improve their overall security posture.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: