Conference

Deconstruction and Analysis of modern IT Threats – DeepINTEL Security Intelligence Conference disenchants Complexity of Security Threats

Posted by on November 8, 2019 at 1:15 pm

The modern digital world is constantly threatened. Unfortunately, only a few understand what this actually means. Information security is always presented in distorting stereotypes that have nothing to do with reality. No attack is hammered into a keyboard in minutes. The most dangerous threats can not be detected by watching out for guys in hooded […]

DeepSec 2019 Talk: Saving Private Brian – Michael Burke

Posted by on November 5, 2019 at 11:27 am

This talk will be given as the story of Brian, an aid worker operating in a hostile third country. When he’s stopped going in at the border he had his iPhone taken from him and then returned to him 15 minutes later. Now he can’t be sure if any malware was implanted on his device. […]

DeepSec 2019 Talk: Lost in (DevOps) Space – Practical Approach for “Lightway” Threat Modeling as a Code – Vitaly Davidoff

Posted by on November 4, 2019 at 9:00 am

Threat Modeling is a main method to identify potential security weaknesses, and is an important part of any secure design. Threat Modeling provides a model to analyze how to best protect your assets, prevent attacks, harden your systems, and efficiently prioritize security investment. Regardless of programming language, Threat Modeling provides a far greater return than […]

DeepSec 2019 Talk: Setting up an Opensource Threat Detection Program – Lance Buttars

Posted by on November 1, 2019 at 9:15 am

Through the use of event detection monitoring and do it yourself monitoring techniques on a Linux Apache PHP MySQL stack, I will demonstrate how you can create different alarms and reporting surfaces that alert you when your application is being attacked. This case study will demonstrate the use of hacking tools as a defense strategy […]

DeepSec 2019 Talk: Oh! Auth: Implementation Pitfalls of OAuth 2.0 & the Auth Providers Who Have Fell in It – Samit Anwer

Posted by on October 31, 2019 at 9:05 am

Since the beginning of distributed personal computer networks, one of the toughest problems has been to provide a seamless and secure SSO experience between unrelated servers/services. OAuth is an open protocol to allow secure authorization in a standard method from web, mobile and desktop application. The OAuth 2.0 authorization framework enables third-party applications to obtain […]

DeepSec 2019 Talk: Still Secure. We Empower What We Harden Because We Can Conceal – Yury Chemerkin

Posted by on October 30, 2019 at 9:15 am

The launch of Windows 10 has brought many controversial discussions around the privacy factor of collecting and transmitting user data to Microsoft and its partners. But Microsoft was not the first, Apple did it many years ago and there was no public research on how much data were leaked out from MacOS. There is a […]

DeepSec 2019 Talk: Chinese Police and CloudPets – Abraham Aranguren

Posted by on October 29, 2019 at 9:15 am

[In our Call for Papers we mentioned that DeepSec and specifically DeepINTEL will have a connection to geopolitics. Well, the following description of a presentation at DeepSec gives you an idea of what we meant.] This talk is a summary of three different security audits with an interesting background: First, CloudPets, their epic track record, […]

DeepSec 2019 Talk: Comparing GnuPG With Signal is like Comparing Apples with Smart Light Bulbs – Hans Freitag

Posted by on October 28, 2019 at 9:05 am

GnuPG is not designed to be used only in E-Mail, it plays an important role in securing all sorts of mission critical data. In this talk I will show you applications of GnuPG that are not E-Mail or Instant Messaging. We asked Hans a few more questions about his talk. Please tell us the top […]

Threats and Solutions for Supply Chain Attacks in IT – DeepSec conference sheds light on the concatenated logistics of information technology.

Posted by on October 25, 2019 at 9:15 am

On the web you can find videos of very sophisticated constructions of many dominoes. If you knock over one domino, a whole cascade of breathtaking actions follows. The domino effect in your own IT infrastructure is much less entertaining. Even there, everything usually begins harmlessly with a small action – reading a message, forwarding a […]

L’Internet des faits et la peur dans la sécurité informatique – Les conférences DeepSec et DeepINTEL dévoilent leurs programmes – bits, bytes, sécurité et géopolitique

Posted by on October 17, 2019 at 8:39 am

« No man is an island ». Cette citation (« Aucun homme n’est une île ») est de l’écrivain anglais John Donne. Si la phrase est devenue célèbre au XVIIe siècle, elle prend un tout autre sens à l’ère du numérique. La version moderne serait plutôt : il n’y a plus aucune île. De plus en plus de domaines du […]

DeepSec 2019 Talk: What’s Wrong with WebSocket APIs? Unveiling Vulnerabilities in WebSocket APIs – Mikhail Egorov

Posted by on October 16, 2019 at 9:30 am

WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported […]

DeepSec 2019 Talk: “The Daily Malware Grind” – Looking Beyond the Cybers – Tim Berghoff, Hauke Gierow

Posted by on October 8, 2019 at 12:05 pm

Given the noise generated around all the “sexy” and no doubt interesting topics like 0days, APT, and nation state-sponsored threat actors it is easy to miss what is really going on out there, in the world of Joe Average. Actual telemetry data paints a picture that is in many respects different from what happens in […]

DeepSec Scholar Program – Call for Applications

Posted by on October 8, 2019 at 8:30 am

DeepSec has a past of supporting research projects and the researchers themselves. For 2019 and the years to come we have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their […]

ROOTS 2019 Invited Talk: Please, Bias Me! – Pauline Bourmeau

Posted by on October 1, 2019 at 11:45 am

Anyone doing research, audits, code reviews, or development will most probably use her or his brain. Have you ever considered what can influence your decisions and thinking processes? We asked Pauline Bourmeau to explain and to share her thoughts on this matter. Cognitive bias influences our decisions and affects many part of our daily life. […]

DeepSec 2019 Workshop: Attacks on the Diffie-Hellman Protocol – Denis Kolegov & Innokentii Sennovskii

Posted by on September 27, 2019 at 9:00 am

This workshop is a hands-on task-based study of the Diffie-Hellman protocol and its modern extensions focusing on vulnerabilities and attacks. It is not a full day training, but it will be held during the conference. Everyone interested in applied cryptography and attacks connected to this topics should attend. Seats are limited! Some of the topics […]