DeepSec 2021 Presentation: Don’t get Hacked, get AMiner! Smart Log Data Analytics for Incident Detection – Florian Skopik, Markus Wurzenberger, Max Landauer

Sanna/ September 13, 2021/ Conference, Security

“Prevention is ideal, but detection is a must”. Active monitoring and intrusion detection systems (IDS) are the backbone of every effective cyber security framework. Whenever carefully planned, implemented and executed preventive security measures fail, IDS are a vital part of the last line of defence. IDS are an essential measure to detect the first steps of an attempted intrusion in a timely manner. This is a prerequisite to avoid further harm. It is commonly agreed that active monitoring of networks and systems and the application of IDS are a vital part of the state of the art. Usually, findings of IDS, as well as major events from monitoring, are forwarded to, managed and analyzed with SIEM solutions. These security information and event management solutions provide a detailed view on the status of an infrastructure

Read More

DeepSec 2021 Talk: Real-Time Deep Packet Inspection Intrusion Detection System for Software Defined 5G Networks – Dr. Razvan Bocu

Sanna/ September 2, 2021/ Conference

The world of the Internet of Things apparently becomes fundamental for the envisioned always connected human society. The 5G data networks are expected to dramatically improve the existing 4G networks’ real world importance, which makes them particularly necessary for the next generation networks of IoT devices. This talk reports the authors experience, which was acquired during the implementation of the Vodafone Romania 5G networked services. Consequently, this blogpost about our talk describes a machine learning-based real time intrusion detection system, which has been effectively tested in the context of a 5G data network. The system is based on the creation of software defined networks, and it uses artificial intelligence based models for the deep inspection of the transferred data packets. It is able to detect unknown intrusions through the usage of machine learning-based software

Read More

DeepSec 2021 Talk: Web Cache Tunneling – Justin Ohneiser

Sanna/ August 31, 2021/ Conference

By using cache poisoning to store arbitrary data, we can use public web caches as open ephemeral storage to facilitate anonymous and evasive communication between network clients. We asked Justin a few more questions about his talk. Please tell us the top facts about your talk. Public web caches, when improperly configured, can be used as open ephemeral storage. Combined with a synchronization technique, this ephemeral storage can be used to tunnel arbitrary data between network clients. Tunneling data in this manner requires no listening service, as all endpoints behave as clients to the web cache server, allowing trivial use of anonymizing protocols. The conditions for this technique are present on several extremely popular websites, and the use of this technique by malware could make network detection nearly impossible. How did you come up

Read More

DeepSec 2021 Training: Mobile Network Operations and Security – David Burgess

Sanna/ August 30, 2021/ Conference

This workshop describes security risks in mobile networks, both in the core network and in the radio network, based on case studies reported in the press. For each case, we will dig into the technical elements of what actually happened. The workshop will be especially useful for IT security people who are responsible for mobile devices but are not yet familiar with mobile network technology. The material will also be useful for anyone who works with individuals who have special security concerns, or who report on telecom security topics. The workshop will start with an overview of cellular technology in general and types of security flaws common to all mobile networks, and then proceed to specific examples for different network segments and technology types. The workshop will include demonstrations of some security failures and

Read More

DeepSec 2021 Talk: Those Among Us – The Insider Threat facing Organizations – Robert Sell

Sanna/ August 27, 2021/ Conference

Organizations spend a considerable amount of time and money protecting themselves from external threats while practically ignoring the significant threats from within. Cybercrime has an estimated cost of $2 trillion in 2019 with an average cost per data breach of $3.9 million. This global cost is expected to grow to $6 trillion annually by 2021.  In 2018, 34% of those data breaches involved internal factors and this trend continues to grow. This hard on the outside but soft in the middle approach by Information Security departments leaves organizations susceptible to a variety of insider threats that could be avoided. In this talk, I will present the extent of the issue, the types of insider threats to expect and how organizations can mitigate these risks. We asked Robert a few more questions about his talk.

Read More

DeepSec 2021 Talk: How to Choose your Best API Protection Tool? Comparison of AI Based API Protection Solutions – Vitaly Davidoff

Sanna/ August 26, 2021/ Conference

As the world becomes more and more connected, Application Security becomes an important concern. Especially regarding the Internet of Things (IoT), Application Programming Interface (API), and Microservices spaces. In addition, the proper access management needs to be seriously addressed to ensure company assets are securely distributed and deployed. There are many tools on the market providing AI based API protection and anomaly detection but what really works? How to choose the best solution? During my talk, I will share results from the research of reviewing different architecture approaches and AI solutions introduced by different favorite tools on the market, from WAF to workload protection systems. We asked Vitaly a few more questions about his talk. 1) Please tell us the top facts about your talk. This talk is a first try to dive deep

Read More

DeepSec 2021 Talk: Hunting for LoLs (a ML Living of the Land Classifier) – Tiberiu Boros, Andrei Cotaie

Sanna/ August 25, 2021/ Conference

Living of the Land is not a brand-new concept. The knowledge and resources have been out there for several years now. Still, LoL is one of the preferred approaches when we are speaking about highly skilled attackers or security professionals. There are two main reasons for this: Experts tend not to reinvent the wheel Attackers like to keep a low profile/footprint (no random binaries/scripts on the disk) This talk focuses on detecting attacker activity/Living of the Land commands using Machine Learning, for both Linux and Windows systems. Most of the AV vendors do not treat the command itself (from a syntax and vocabulary perspective) as an attack vector. And most of the log-based alerts are static, have a limited specter and are hard to update. Furthermore, classic LoL detection mechanisms are noisy and somewhat

Read More

Breaking News: DeepSec preliminary Schedule available, some Reviews still continue, all Hardware & Software is still not completely safe to use

René Pfeiffer/ August 20, 2021/ Conference, Schedule

We confess. Our review cycle was interrupted by a week of holiday. Our team takes turns before the fourth wave breaks. We will keep watching the regulations for travel and our conference hotel. This being said, the schedule for DeepSec 2021 is ready and is published on our web site. 🥳 The contributions from our speakers and trainers look very promising. We tried to select the submissions according to a mix of technical details, academic research, ways to improve your defence, and details of attack techniques which might be deployed against your organisation. The trainings cover a wide range of topics from attacks on modern desktops app, fallacies of mobile networks, penetration testing of industrial control systems, breaking single sign-on systems, and dealing with threats and defence. We hope to offer you in-depth knowledge

Read More

Thanks for your submission! We are working on final reviews.

René Pfeiffer/ August 2, 2021/ Conference

In the past months we kept blogging about various issues in information security and news regarding our event in November. The Summer months are hard on the process of following news with articles. A lot of things happen, and software still has security-relevant bugs. It’s just that fewer people (than usual) care. We care, and therefore we will complete the reviews of your submissions. The preliminary schedule will be published soon. Thanks for taking your time! We appreciate your contributions. You have made the reviews very hard, as every year. 😉 If you still have some ideas, feel free to submit them!

DeepSec 2021 Press Release: Surveillance as Organized Crime – DeepSec Conference Criticizes Pegasus Spy Software as a legal Vacuum

Sanna/ July 30, 2021/ Conference, DeepIntel, Press

The information published by the Pegasus Project consortium on the systematic abuse of this monitoring software for smartphones clearly shows that rampant surveillance can hardly be distinguished from organized crime. Security experts are increasingly warning against the hoarding of unknown security vulnerabilities by companies that develop espionage products. Information security for society, authorities and the economy are incompatible with the existence of such tools. In addition, they represent a threat to the national security of every country. We can only maintain a real locational advantage for Europe through consistent IT security. Battle for Communication Content Since the first discussions about the availability of strong encryption for private individuals and companies, the security of digital communication has been hotly contested. In the 1990s, the US government wanted to enshrine access to messages and calls from

Read More

Reminder +++ DeepSec and DeepINTEL 2021 Call for Papers +++ Reminder

René Pfeiffer/ July 27, 2021/ Conference

The call for papers of DeepSec and DeepINTEL 2021 have their first deadline on 31 July 2021. Use the remaining days to send us your idea for your presentation. We are interested in your research, your ideas, and your reports about new threats. If you can’t find the time for writing your submission in the scorching heat, let the Pegasus malware take care of your personal communication for a while. We passed on the opportunity to write about surveillance gone out of control, because we wrote about security failures regularly since 2007. That being said, the Pegasus malware is of course a hot topic for DeepINTEL. High-powered and unchecked surveillance software can do a lot of damage to businesses and national security. Code has a significant impact on society and politics alike. Let’s hear

Read More

Secure Communication as an endangered Species

René Pfeiffer/ July 20, 2021/ Conference

Communication is a vital part of modern life and business processes around the world. The rise of the Internet has put sending and receiving information at the centre of most activities. Anyone who has access to personal messages can use them to a significant advantage. Messengers live on billions of smartphones around the world. A compromised telephone opens the door to a treasure trove of highly valuable data. Welcome to the world of information warfare! Repeatedly we issued press articles covering broken secure communication and backdoors to devices. The most recent publications cover the initiative of the German government for mandatory security vulnerabilities in digital infrastructure. Information security cannot distinguish between the purpose of how technology is used. Especially the integrity of computer systems is either preserved or destroyed. There is no middle ground.

Read More

2021 – The Year of the Supply Chain

René Pfeiffer/ July 8, 2021/ Conference

Logistics and supplies are the fuel that keeps modern society rolling. The COVID-19 pandemic has shown that delivery of goods, medical supplies, and work place administration is a part of our daily lives. The container ship Ever Given blocking the Suez Canal serves as an illustration of how important these lifelines are. Even the digital world is based on supply chains. The computer you use receives updates regularly. Chances are high that you even have some data in online platforms (a.k.a. The Cloud™) somewhere. Thinking in terms of information security, these dependencies are a natural target for attackers. Swedish supermarket customers currently suffer from a digital attack on the US-American company Kaseya. The company develops software for managing IT infrastructure. The REvil malware hit them and disabled clients using the VSA remote managing software

Read More

Reminder: DeepSec and DeepINTEL 2021 Call for Papers is still open!

René Pfeiffer/ July 6, 2021/ Conference

The year 2021 features some milestone anniversaries. Some of these anniversaries are tragedies. Others are milestones for change. A lot of them affect the world of information security. Technologies come and go, because more often than not we find better solutions. Implementations mature. Some don’t. So let’s take the anniversary of the RSA SecureID faux pas and combine it with the deleted tweet suggesting to replace TCP/IP with Something Based On Blockchain™. In order to grow and develop better applications, we should strife to improve how we approach the challenges of information security. Here is how we will do this. Read on. The DeepSec and DeepINTEL 2021 call for papers are still open. If you have in-depth content or have some observations to share, please submit your ideas! DeepSec is a 100% blockchain-free zone,

Read More

Communiqué de Presse: Les Environnements de Bureau Modernes : Une Faille dans la Sécurité – La Conférence DeepSec propose des Formations et des Tests pour des Applications Sécurisées

Sanna/ June 21, 2021/ Conference, Press

Qu’est-ce qu’une application bureautique moderne a en commun avec un oléoduc en panne ? L’environnement de bureau qui a conduit à la catastrophe. Les interfaces utilisateur graphiques pour l’exploitation des ordinateurs remontent à des recherches menées dans les années 1960 et 1970. À l’époque, on réfléchissait à la manière dont les ordinateurs pourraient aider au mieux les gens. À partir des années 1990, le bureau est devenu un champ de bataille pour la domination du marché. Cela n’a pas changé, mais on retrouve désormais également des aspects liés à la sécurité. Après tout, l’environnement de bureau est souvent la première étape que les pirates informatiques franchissent pour accéder aux trésors numériques d’une entreprise. La conférence annuelle DeepSec propose aux professionnels de la sécurité et aux développeurs un cours intensif de deux jours consacré à la

Read More