Today begins the „darker half“ of the year. The harvesting season has ended. The year ends as well (depending on how you count the days and mark the start of the year). People celebrate Samhain, Halloween, or other festive days. In information security there is always a harvest season, and there is no darker half of the year. 2020 is no exception despite the extraordinary situation given the SARS-CoV-2 outbreak. So how do you decide what exceptions look like? What is a trick? What’s the difference between a trick and a threat? If you supervise any kind of digital infrastructure or set of systems, then these questions are very important. Metrics is a hot topic – an euphemism for a dirty word – in computer science. It is used in other fields as well.
DeepSec2020 Talk: What’s Up Doc? – Self Learning Sandboxes to Defeat Modern Malwares Using RSA: Rapid Static Analysis – Shyam Sundar Ramaswami
“Catch me if you can!” is the right phrase to describe today’s malware genre. Malwares have become more stealthy, deadly and authors have become more wiser too. What if sandboxes started performing rapid static analysis on malware files and passed on the metadata to spin a sandbox environment based on malware attributes and the malware does not evade? Well, the talk deals with about how to do RSA (Rapid Static Analysis, i coined it), pass on the attributes and how we defeat modern malwares by dynamically spinning sandboxes. RSA embedded in “H.E.L.E.N” and “Dummy” and how we extracted the real IOC from Ryuk forms the rest of the talk and story! The talk also covers how these key “attributes” that are extracted are used for ML, how we build bipartite graphs, build instruction based
DeepSec 2020 Talk: “I Told You So!” – Musings About A Blameless Security Culture – Tim Berghoff, Hauke Gierow
The concept of a blameless culture is familiar to agile software development teams the world over. Going blameless has lots of merits, yet in many organizations and management teams true blamelessness is far from being the norm. This is especially true for the security sector, where the thinking is perhaps even more linear than elsewhere in an organization. This way of thinking is not necessarily bad, but not always helpful. On the other hand, sugarcoating any shortcoming will not help things along either. In truth, the security industry is still facing a lot of work when it comes to dealing with people. This talk will address and explore some of the fundamental problems of corporate security culture and why it keeps companies from moving forward. We asked Tim and Hauke a few more questions
IT security is one of the most challenging global issues of recent years. But apart from the establishment of countless “cyber security” authorities, politics doesn’t seem to come up with something substantial. However, Free Software can be the solution to many pressing security problems. In this session, we will look at pros and cons and use concrete examples to illustrate why security and openness are not contradictory. For security professionals, the growing complexity of today’s digital world is no big surprise. But decision-makers are often overwhelmed by these new challenges and the uncertainties they entail. As a result, many fall for cheap selling arguments for black-boxed solutions and lose sight of a general strategy. We don’t know the exact security threats in five or ten years, but it is obvious that nobody can face
Interesting times call for extraordinary measures. Due to current restrictions DeepSec and DeepINTEL move to a new location. Both conferences will be at the Vienna Marriott Hotel right next to the inner city. The conference is easy to reach and a lot of historic places are in walking distance. Inside the hotel DeepSec and DeepINTEL will be conducted as a hybrid conference. We will have a mixture of on-site and virtual presentations. Information about participating (links and codes) will be sent to you after registration.
Demonstrating an exploit in a container environment (three dockers) across three different networks, I will demonstrate different pivot, vulnerability exploit, and privilege escalation techniques on all machines using Alpine linux, Gogs app, and other Linux platforms using Pentest methodologies such as recon, enumeration, exploitation, post exploitation. By the end of this presentation everyone will be able to see different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker. We asked Filipi a few more questions about his talk. Please tell us the top 5 facts about your talk. During this presentation, we are looking at some important facts such as: Observability in different environment, vulnerability exploit, use of privilege escalation techniques, some misconfigurations or maybe no good
Welcome to the new Cold War in the Middle East. In 2012, Iran’s first Shamoon attacks almost crashed every world economy, nearly bringing the world to its knees. Since then, the game of spy vs. spy has intensified. Join Chris on a 2.5 year Iranian espionage campaign attempting to recruit her for the most innocent of jobs; teaching critical infrastructure hacking with a focus on nuclear facilities. A journey of old school espionage with a cyber twist. Bribery, sockpuppets, recruitment handlers, propaganda VVIP luxury trip mixed with a little IOT camera revenge. We asked Chris a few more questions about his talk. Please tell us the top 5 facts about your talk. Governments friendly, friendemy and enemy actively recruit for cyber offensive talent Finding the correct place to report active espionage and illegal bribery
DeepSec 2020 Talk: The Great Hotel Hack: Adventures In Attacking The Hospitality Industry – Etizaz Mohsin
Have you ever wondered if your presence might be exposed to an unknown entity even when you are promised full security and discretion at a hotel? Well, it would be scary to know that the hospitality industry is a prime target nowadays for cyber threats as hotels offer many opportunities for hackers and other cybercriminals to target them and therefore resulting in data breaches. Not just important credit card details are a prime reason, but also an overload of guest data, including emails, passport details, home addresses and more. Marriot International where 500 million guests’ private information was compromised is one of the best examples. Besides data compromise, surgical strikes have been conducted by threat actors against targeting guests at luxury hotels in Asia and the United States. The advanced persistent threat campaign called
Fault attacks induce incorrect behavior into a system, enabling the compromise of the entire system and the disclosure of confidential data. Traditionally, fault attacks required hardware equipment and local access. In the past five years multiple fault attacks have been discovered that do not require local access, as they can be mounted from software. We will discuss the Rowhammer attack and how it can subvert a system. We then show that a new primitive, Plundervolt, can similarly lead to a system compromise and information disclosure. We asked Daniel a few more questions about his talk. Please tell us the top 5 facts about your talk. Software-based fault attacks, like Rowhammer, enables unprivileged attackers to manipulate hardware Hardware flaws can lead to privilege escalation and a full system compromise Plundervolt is another fault attack we
DeepSec Press Release: DeepSec and DeepINTEL 2020 as a hybrid conference. IT security in unusual times – events enable virtual access.
There’s nothing like “business as usual” in information security. Vulnerabilities in software, malware, campaigns to attack companies and organizations as well as defending your own infrastructure know no break. In recent months, digital networking has been put to the test as the most important pillar of society and working life. It is often forgotten that not every chic app, every portal and digital trend is trustworthy. For security reasons the annual DeepSec and DeepINTEL conferences will run as a hybrid event. Virtual lectures and face-to-face presentations will be equally accessible to all participants and speakers. Digital protection has never been more important Digitization is quickly pronounced. Software is even faster labelled as secure. Unfortunately, the last few decades of security research have shown that weak points can only be reduced through consistent secure design
My talk on ransomware will be technical, but also tells the story of how it’s evolved, highlighting specific and interesting infections. I’ll walk through the history of ransomware, its relationship to cryptojacking, and the supporting software made up of malspam and exploit kits. We’ll also address the recent phase of ransomware data extortion. There will be demonstrations of current malware infections as well as unique methods and ideas for detection and hunting. We’ll end with multiple methods of prevention and mitigation, some using paid products, but with the focus primarily on opensource options. Since I work with approximately 15% of the internets DNS traffic in my job, I will be using some of that data to show statistics. Despite that, I’ve done my best to make sure this is not a talk about products from my company, and aim
Administrivia: DeepSec and DeepINTEL Preparations, Anti-Virus Issues, Schedule, and digital Conference
We have been stuck in administrative tasks for the past weeks. So to break the radio silence: Yes, DeepSec and DeepINTEL will happen. We currently prepare the hybrid configuration for the streams and the virtual platforms to bring speakers to the audience and vice versa. The conference hotel has confirmed that we can conduct the event at the usual location. Claiming that things look good is a bit of an exaggeration. Nevertheless we would like to go forward. Exchanging ideas and discussing current threats has never been more important than now. We hope to give you this opportunity, and we hope that you are able to participate. We have also created a couple of mailing lists for informal news, official press releases/articles, and future Calls for Papers to keep you informed. All lists are
Hacking, hackers and bug bounties are really getting constant headlines into the mainstream news. In the past few years we have seen an impressive growth in Bug Bounty Programs and at this point we really need to ask: Is a Bug Bounty Program a new layer to secure applications? Implementing a Bug Bounty Program can be challenging and requires some understanding of the nuances of how to make it successful or not. Actually, running a successful bug bounty program starts far before it is launched officially. What are the prerequisites and why can we consider a bug bounty program as a layer for your Application Security Program? How do you measure if you are successful or not and what are the KPIs? When are you ready to start such a program? Based on the
Red team operations involve many skills, the operation requires a lot of monitoring, consolidating and caution. In order to perform red team operations faster and stealthier, without thinking about the infrastructure, every team has its’ own habits and standards. However, there is a problem with those habits and standards: There are tons of tools but no operation management, No aggregation between these tools, When OPSEC fails due to problems above or any other reason, it’s essential to possess the capability of maintaining robust infrastructure which can be recreated if discovered, and more importantly, without any issues upon deployment. In this talk, infrastructure challenges we face as a red teamer will be discussed. Along with challenges, a solution will be proposed based on DevOps practices such as: Design your infrastructure based on the standards and
DeepSec 2020 Talk: Security of Home Automation Systems – A Status Quo Analysis For Austrian Households – Edith Huber, Albert Treytl
Home Automation System (HAS) are a growing market, which is very diverse ranging from consumer electronics like TVs, mobile phones and gaming consoles via WLAN connected sensors, power plugs or lightbulbs to building automation devices for HVAC systems or access solutions. Beside “classical” network technologies IoT technologies gain increasing spread and importance. This paper presents results of a representative survey analysing the security awareness and perception as well as susceptibility to cybercrime of HAS users in Austria. The aim of this survey is to investigate the spread of the device types, cybercrime attacks and security risks. These results are compared with technical vulnerabilities of such devices to identify relevant security risks and countermeasures. Additionally, a concept to protect sensor values directly in the analogue circuit is presented as an outlook to ongoing research. We asked Edith and Albert a few more questions about their talk. Please tell us the top facts about your talk. The most common HAS are Smart TV, voice assistants and surveillance cameras, but many other applications are on the rise. Respondents of the survey say