3107, 2018

DeepSec 2018 Call for Papers – Deadline today!

René Pfeiffer/ July 31, 2018/ Call for Papers, Conference

Sadly the climate does not extend deadlines. The Call for Papers of DeepSec In-Depth Security Conference 2018 ends today at midnight. Please make sure that you send us your submission in time. All submissions reaching us before the deadline ends have priority over any later submissions! We will leave the submission form online for a while longer in order to compensate for the heatwave currently rolling over Europe. Don’t forget that the Call for Papers for ROOTS 2018 (the Reversing and Offensive-oriented Trends Symposium) is still open and accepts submissions! Please spread word about ROOTS. We would like to feature „Science first!“ again in 2018. A big thank you for all who already sent us their content! As always we will have a hard time sorting through everything and selecting the presentations and trainings.

0806, 2018

BSidesLondon 2018 Rookie Track Follow-Up

René Pfeiffer/ June 8, 2018/ Conference, Discussion, High Entropy

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is to have a motivation to work hard on the presentation. From what we have seen, we were quite impressed. The quality has much improved, also thanks to the tireless efforts of the mentors (if you see someone with a mentor badge, please buy them a drink!). Apart from the 15 minute time slot some talks were hard to distinguish from their bigger cousins in the main tracks. The topics were well-chosen. The mix was great. Every single rookie did

Read More

0506, 2018

Rookie Track – BSidesLondon 2018

René Pfeiffer/ June 5, 2018/ Conference, Security

We are looking forward to see the Rookie Track at BSidesLondon 2018! If you are curious what the rookie have to say, drop by and have a look! Presentations are meant to be heard. Do the newbies a favour and listen to them. They have put a lot of work into their 15 minute talk slot. They deserve an audience. Presenting a topic is hard. You have to understand what you are talking about. Furthermore you need to know a bit extra, because people will ask questions. Richard Feynman once said: If you want to master something, teach it. A great way to learn is to teach. If you have ever conducted a workshop, this will sound familiar. DeepSec sponsors the winner of the rookie track – a ticket to DeepSec 2018 and a

Read More

3101, 2018

Change of Ticket System for DeepSec and DeepINTEL

René Pfeiffer/ January 31, 2018/ Administrivia, Conference

We have made some changes behind the scenes, as always when preparing the new events for the year. This time we decided to change the ticket shop for both DeepINTEL and DeepSec. The reason for the new shop is its focus on privacy and security. Most shops are part of a social media network or collect too much information (can be both, depends on the interaction and the platform). It doesn’t matter if the collected information is being protected by privacy procedures or not. Our intent was to streamline the process. For you this means that you can buy your tickets as easy as before. We still have vouchers, too. Ask our sponsors. Furthermore the payment is done directly to us, so we can manage your visit to DeepSec and DeepINTEL more efficiently. Also

Read More

3101, 2018

DeepSec 2018 calls for Trainings and Content – Focus Mobility

René Pfeiffer/ January 31, 2018/ Call for Papers, Conference, Discussion

The DeepSec 2018 Call for Papers is open. The focus for this year is mobility. Mobile networks and mobile devices have established themselves firmly in our society. And mobility doesn’t end here. Transport is transforming into new technologies by incorporating access to data networks (yes, that’s the „Cloud“), the power grid (think electric vehicles), drones, new propulsion systems, artificial intelligent (sometimes even both!) personal assistants and algorithms (mathematics has become mainstream). The ever growing number of dependencies between components are a fertile breeding ground for cascading errors that impact more than your new car or your latest order from your favourite online shop. Information security must become as mobile as home deliveries of goods and electric power. And it must become common. Infosec isn’t optional any more. Since bug logos have captured the minds

Read More

2401, 2018

Save the Dates for DeepSec 2018 and DeepINTEL 2018

René Pfeiffer/ January 24, 2018/ Administrivia, Conference

While everyone was busy with the holidays, Meltdown and Spectre, we did some updates behind the scenes. DeepSec 2018 will be held from 27 to 30 November 2018. We tried not to collide with Thanksgiving, so that you can come to Vienna after being with your family. As always, the first two days will be the trainings followed by two days of conference. DeepINTEL 2018 will be on 17 / 18 September 2018. We have a topical focus for both events and will present each of them in a separate article. There still some details to work out. Wordsmithing and administrivia are the equivalence of dependencies and patches in software development – necessary, but they take time. It’s worth it, you will see for yourself. We have a special message for anyone who intends

Read More

0112, 2017

DeepSec 2017 Presentation Slides

René Pfeiffer/ December 1, 2017/ Administrivia, Conference

While the videos are on their way to the rendering farm, the presentation slides for DeepSec 2017 can already be downloaded. We put them online as soon as we get the final version from our speakers. If you do some guessing URL-wise you can also find the presentations of past conferences at the very same spot. Since we collect the final slides after the conference and not ask speakers to put USB sticks into their computers during the conference, the download repository will fill in time. Unfortunately we cannot speed up this process. So bear with us, we are as curious as you (especially since some of us never get the see any presentation at DeepSec because there is too much to do). As for the videos, all speakers and attendees will also get

Read More

2211, 2017

DeepSec 2017 thanks you and DeepSec 2018 is almost ready

René Pfeiffer/ November 22, 2017/ Administrivia, Conference, Mission Statement

We caught up on sleep and are right in the middle of post-processing DeepSec 2017. Thanks to you all for attending, presenting, sending feedback, and being part of a great event. The slides will be online soon. The videos are being converted. We will upload them as bandwidth permits. All speakers and attendees will get a code to access them early. Thanks for your feedback as well! We listen, and we have some plans to address the issues you reported. 2018 will see a lot of improvements. We will announce the dates for DeepSec and DeepINTEL 2018 soon. The events will stay in November and September. We just need to coordinate with the venue and will let you know as soon as possible. The Calls for Papers open early in 2018, as does the

Read More

1511, 2017

DeepSec2017 U21 Talk: Lessons Learned: How To (Not) Design Your Own Protocol – Nicolai Davidsson

Sanna/ November 15, 2017/ Conference, Development, Security

“One of the first lessons of cryptography is “don’t roll your own crypto” but we were bold enough to ignore it”, says Nicolai. “Single Sign-On is so 2016 which is why we’d like to introduce its replacement, Forever Alone Sign-On – FASO. This talk will discuss one of the ugliest SSO solutions you’ll ever see, its updated, slightly less ugly, iteration, and, ultimately, FASO. We’ll discuss the use cases, questionable decisions made during the planning process, the actual self-rolled, totally vulnerable, cryptography, and the even worse code architecture. In all seriousness: The talk reflects on the design process of a SSO protocol and its first two iterations, going from a semi-functional workaround to an experimental OAuth-and-the-like alternative utilizing pre-shared keys, symmetric cryptography and implicit authentication.”   Nicolai is a security researcher at zyantific and

Read More

1511, 2017

ROOTS: Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications – Sophia d’Antoine

Sanna/ November 15, 2017/ Conference, Security

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities, inherent to systems which share hardware resources, will become increasingly attractive targets to malicious software authors. In this talk, Sophia will introduce a novel side channel across virtual machines through the detection of out-of-order execution. She and her colleagues created a simple duplex channel as well as a broadcast channel. She’ll discuss possible adversaries for this channel and proposes further work to make this channel more secure, efficient and applicable in realistic scenarios. In addition, she considers seven possible malicious applications of this channel: theft of encryption keys, program identification, environmental keying, malicious triggers, denial of service attacks, determining VM co-location, malicious data injection, and side channels. We asked Sophia a few questions about her talk. Please tell us the top 5 facts

Read More

1511, 2017

DeepSec 2017 Talk: OpenDXL In Active Response Scenarios – Tarmo Randel

Sanna/ November 15, 2017/ Conference

Automating response to cyber security incidents is the trend which is – considering increasing amount of incidents organizations handle and ever-increasing attack surface – already becoming mainstream. In this talk Tarmo explores the options of using OpenDXL in real life situation of mixed environments, legacy solutions and multiple vendors for connecting existing (and future) cyber security system components for coordinated information exchange and orchestrating incident response action. Tarmo is a researcher at NATO Cooperative Cyber Defence Center of Excellence, various research projects and developing for large scale cyber exercises. He’s also a developer at the Estonian eHealth Foundations, “Kickstarting” in-house development team. Tarmo’s creating supporting infrastructure, preparations and execution of plans for taking over selected external vendor development projects. He’s Head of Department at CERT-EE, Running Computer Emergency Response Team, Information security expert at CERT-EE,

Read More

1411, 2017

DeepSec2017 Talk: Building Security Teams – Astera Schneeweisz

Sanna/ November 14, 2017/ Conference

While ‘security is not a team’, you’ll find that most companies growing just beyond 60-80 people start employing a group of people focusing primarily on the topic. But the culture of secure engineering in a company does not only strongly correlate with when you start building a security team – it becomes (and grows as) a matter of how they connect with the rest of your organization, and make security, adversarial thinking, and the care for user safety and privacy part of everyone’s concern. In this talk, Astera will review what the purposes of a security team can be, which challenges you’ll face, how you can make it scale beyond the team’s boundaries; as well as proven good practices of running (fairly operational) engineering teams themselves. Whether your organization already has a security team

Read More

1411, 2017

Notes on the ROOTS Schedule and the Conference

René Pfeiffer/ November 14, 2017/ Administrivia, Conference, Discussion

We are all set for the conference on Thursday. We did some last minute changes to the schedule due to some speakers running into issues, but we can confirm almost all presentations.You may have noticed the ROOTS schedule. It’s a bit shorter than DeepSec’s, but both events are not competing. The review for ROOTS is a lot harder, because the presentation is about a scientific publication. This means your submission gets peer-reviewed and voted by the programme committee. We received some content more suitable for, let’s say, standard events. This won’t do, and this is why you see the best submissions of ROOTS published in the schedule. All in all we are very glad to present you high quality presentations from speakers who really know information security. Enjoy! See you at DeepSec!

1411, 2017

DeepSec 2017 Talk: How I Rob Banks – Freakyclown

Sanna/ November 14, 2017/ Conference, High Entropy, Security

You are in for an adventure at DeepSec this year. We have a tour on robbing banks for you: A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the worlds largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempted to take you through the lessons to be learned from an ethical hacker with a penchant for breaking into the impossible. Let me take you on a rollercoaster ride of epic fails and grandiose plans and my Jason Bourne like adventures including Lockpicking, Kidnap, Police chases and multi-million pound bank heists. FC is a well-known ethical hacker and social engineer. He has been working in the infosec field for over 20 years

Read More

0311, 2017

Screening of “The Maze” at DeepSec 2017

René Pfeiffer/ November 3, 2017/ Administrivia, Conference, High Entropy

We have some news for you. Everyone attending DeepSec 2017 will get a cinematic finish on the last day of the conference. We will be showing The Maze by Friedrich Moser. For all who don’t know Friedrich’s works: He is the director of A Good American which was screened at DeepSec 2015. The Maze is a documentary covering terrorism, counter-terrorism, surveillance, business, and politics. So it’s basically information security in a nutshell. Right after the closing of DeepSec you can enjoy The Maze – with popcorn and hopefully everyone who is attending DeepSec. We have seen the documentary before, and we highly recommend it! The Maze from Friedrich Moser on Vimeo.