3007, 2016

OpenPGP.conf is calling for Content

René Pfeiffer/ July 30, 2016/ Call for Papers, Conference, Security

If you don’t know what PGP means (or GPG), you should consult your favourite search engine. While it has a bad reputation for its usability, it is a lot more useful than the rumours might suggest (please attend your local CryptoParty chapter for more details). This is why the German Unix Users Group organises an OpenPGP.conf event. It takes place on 8/9 September 2016 in Cologne, Germany. The Call for Papers is still running, so  be quick and submit. The international conference, initiated by Werner Koch, maintainer of the free OpenPGP implementation Gnu Privacy Guard (GnuPG), and organized by the German Unix Users Group Association introduces the subject of confidential and untampered with communication including, but not limited to security aware users, IT managers and architects responsible for security objectives, software developers who plan to

Read More

1507, 2016

Call for Papers – DeepSec 2016 – Reminder

René Pfeiffer/ July 15, 2016/ Call for Papers, Conference

The Call for Papers for DeepSec 2016 ends on 31 July 2016. If you have some top content, a new way to break the Internet of Things, a piece of code that lets the director of the FBI sweat (for whatever reasons), then let us know. Basically anything that breaks stuff, melts networks/applications/hardware, or singes the fur off things is a good choice (see isic for the original quote). Despite the Internet of Things not being yours it can be 0wned any way. Have a go and tell us! In case you are inclined to teaching we also host top quality workshops, just before the conference. If you got material to keep a group of nerds, pentesters, and people worried about the state of information security busy, then drop us your abstract. See you

Read More

2406, 2016

Early Birds, save the Date! BSidesVienna has opened the Call for Papers!

René Pfeiffer/ June 24, 2016/ Call for Papers, Conference

Grab your calendars, you have to be in Vienna on 12 November 2016! BSidesVienna is accepting your submissions for an awesome community conference. The range of topics is wide, so don’t ask yourself “Is this interesting or not?” – just submit and come to Vienna in November! While you are preparing your submission, you might want to make some extra space in your calendar for DeepSec 2016. The submission we got so far look great. Crypto, the Internet of Stuff (IoT), exploit labs, pentesting training, and more waits for you. Make sure you get the Early Bird prices for your tickets!

1806, 2016

DeepSec welcomes Google as Sponsor for the next Conference

René Pfeiffer/ June 18, 2016/ Administrivia, Conference

We are proud and happy to announce Google as sponsor for DeepSec 2016! Google has been a supporter of DeepSec in the past. While we may not need to introduce Google to you, we would like to point out that they have a very capable security team and that members of their researchers have held presentations at DeepSec conferences. Google staff is often around, so take the advantage and talk to them.

1706, 2016

DeepSec welcomes SEC4YOU as Conference Sponsor!

René Pfeiffer/ June 17, 2016/ Conference

DeepSec would not be possible without the support from sponsors. So we welcome SEC4YOU as sponsor for the next DeepSec 2016! SEC4YOU offers services regarding advanced auditing, penetration testing, and vendor-agnostic IT security consulting. SEC4YOU experts support your team when it comes to test and to implement security measures. Especially when it comes to compliance requirements, you will need assistance to make sure that nothing goes wrong. SEC4YOU’s portfolio covers IT security analysis (dealing with risks and threats to your organisation), auditing, ISO 27001 certification (with or without BSI standards), creation of security policies, risk management, information security management system (ISMS), internal government and revision processes. Their experts are well-versed with clients from internal auditing, accounting/controlling, information technology, data protection, risk/compliance management, and information security. Plus they like hackers! Make sure you have a

Read More

1306, 2016

DeepSec 2015 Slides: Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks! Much Slides! Very Animated! Wow!

Sanna/ June 13, 2016/ Conference, Security

The presentation titled Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks was held at DeepSec 2015. Since the presentation format was not meant to be printed or viewed with generic documents viewers, the slide deck had to be converted. The slides in PDF format can be downloaded from this link: https://drive.google.com/file/d/0B_dwBl7uf6PdRndDa1Rad1dMdFk/view?usp=sharing For an animated version of the slides, use one of these links: http://prezi.com/mrzzjpzgvcr8/?utm_campaign=share&utm_medium=copy or in short http://goo.gl/mpCNWC Mind the gap and enjoy!

0406, 2016

BSides London 2016 – Schedule

René Pfeiffer/ June 4, 2016/ Conference, Security

In case you haven’t noticed, the London BSides schedule is up. The Rookie track starts right with the most important part of information security – opsec. Behaviour is on a par with expensive security hardware and your favourite protection software. Wearables, video games, hidden data, malware mythbusting, and more follow next. The main schedule features presentations about the impact of TOR/I2P traffic to your servers (think or best forget about CloudFlare), methods used by options advanced attackers, attacking Low Powered Wide Area Network (LPWAN) devices used for smart / IoT stuff, malicious software, static code analysis, threat analysis, the temptation of containers, and honey pots. There’s ample of content for everyone looking for new ideas. Don’t miss the opportunity!

2005, 2016

BSidesLondon 2016 – Rookie Track Edition

René Pfeiffer/ May 20, 2016/ Conference, Discussion

The Security BSides London 2016 is coming up. Next month you will have the chance to see presentations all around topics in information security. The schedule will be published soon. Gathering from the talks of past events you will not be disappointed. We will be present to watch over the Rookie Track. Young talents in terms of presentation experience will tell you about selected subjects covering security issues on software, administration, policies, hardware, or social interaction. The Rookie Track is unique among InfoSec events. It is a stage where the presenters can tell their ideas to an audience. They are supported by mentors who guide the content and the presenter from idea to the 15 minutes on stage. The Rookie Track was born out of the fact that a lot of people in information

Read More

1504, 2016

DeepSec 2016 Call for Papers is officially open!

René Pfeiffer/ April 15, 2016/ Call for Papers, Conference

DeepSec 2016 is coming! We have set up the Call for Paper manager to accept your submissions for talks and workshops. Keep the „cyber“ distractions low, maximise content. DeepSec is all about hard facts and solid research. The Internet of Stuff/Things has gained momentum. Given the current IoT security designs, this technology will keep security researchers busy for decades  to come. Tell us how to break the smart home of the future. The Crypto Wars are on again. Forget quantum computers! Think about how crypto will work in the age of golden keys and backdoor privileges. Of course you can also talk about the state of cryptography and post-quantum algorithms. DeepSec has always had a decent crypto content. We will give you some more ideas on what to submit in the course of the

Read More

1503, 2016

Reminder: DeepINTEL 2016 – Call for Papers – Beat Big Data and Full Take with Brains

René Pfeiffer/ March 15, 2016/ Call for Papers, Conference, Security Intelligence

We already published a Call for Papers for the upcoming DeepINTEL 2016. Here are some thoughts to get your creativity going. Standard solutions and off-the-shelf products to solve your security needs are remains from the 1990s. Everything else has gone smart, and that’s how you have to address security problems in the future. NSA director Admiral Michael Rogers told the audience of the RSA Conference 2016 that the NSA cannot counter the digital attacks it faces on its own. GCHQ, the NSA’s British counterpart, has publicly stated that the £860m budget to counter digital adversaries is not sufficient to defend Britain’s digital assets. Modern digital defence needs a sound foundation of data to base decisions on. You can neither combat a forest fire or an infectious disease by blindly throwing money at it. You

Read More

1103, 2016

Wanted: Great Content™ for BSidesLondon! Can you help out?

René Pfeiffer/ March 11, 2016/ Call for Papers, Conference

BSidesLondon is coming up. Grab your calendar, mark the dates, and think about content to submit! The Call for Papers runs until 28 March. BSidesLondon is a community-driven event, so it’s up to the infosec community to fill it with decent talks about all things cyber, shiny, and broken (by design). We are looking forward to see a great schedule after the CfP ends. Make it happen! And for all you graphic geeks out there, BSidesLondon needs a logo. The deadline was yesterday, so check out the submissions and have a vote.

0303, 2016

DeepSec Video: Visualizing Wi-Fi Packets the Hacker’s Way

René Pfeiffer/ March 3, 2016/ Communication, Conference, Security, Stories

Like the Force wireless data/infrastructure packets are all around us. Both have a light and a dark side. It all depends on your intentions. Lacking the midi-chlorians we have to rely on other sources to get a picture of the wireless forces in and around the (network) perimeter. At DeepSec 2015 Milan Gabor held a presentation about visualisation of wi-fi packets: Today visualizing Wi-Fi traffic is more or less limited to console windows and analyze different logs from an aircrack-ng toolset. There are some commercial tools, but if we want to stay in the Open/Free Source Code (FOSS) area we need to find better solutions. So we used ELK stack to gather, hold, index and visualize data and a modified version of an airodump tool for input. With this you can create amazing dashboards,

Read More

0203, 2016

DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

René Pfeiffer/ March 2, 2016/ Conference, Internet, Security

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering a browser-based configuration interface. While consumer network devices provided to customers by their ISPs are typically based on very few different hardware platforms, they are equipped with highly customized firmwares and thus contain different vulnerabilities. The knowledge of a specific device’s vulnerabilities is vital to the success of a remote attack. In a live demo Manfred shows how a remote attacker can exploit the feature-richness of modern web technologies (HTML5, WebRTC, JavaScript, CSS) to perform device discovery and fine-grained

Read More

0103, 2016

DeepSec Video: Revisiting SOHO Router Attacks

René Pfeiffer/ March 1, 2016/ Conference, Security

Routers are everywhere. If you are connected to the Internet, your next router takes care of all packets. So basically your nearest router (or next hop as the packet girls and guys call them) is a prime target for attackers of any kind. Since hard-/software comes in various sizes, colours, and prices, there is a big difference in quality, i.e. how good your router can defend itself. Jose Antonio Rodriguez Garcia, Ivan Sanz de Castro, and Álvaro Folgado Rueda (independent IT security researchers) held a presentation about the security of small office/home office SOHO routers at DeepSec 2015. Domestic routers have lately been targeted by cybercrime due to the huge amount of well-known vulnerabilities which compromise their security. The purpose of our publication is to assess SOHO router security by auditing a sample of

Read More

2602, 2016

DeepSec Video: IntelMQ

René Pfeiffer/ February 26, 2016/ Conference, Security

Handling incidents means that you have to handle information quickly. Collecting, collaboration, and getting the right piece of intel in crucial moments is the key. CERTs know this, and this is why there is IntelMQ. IntelMQ is a solution for collecting and processing security feeds, pastebins, and tweets using a message queue protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give incident responders an easy way to collect & process threat intelligence, thus improving the incident handling processes of CERTs. Get your messaging right before you run into a (security) incident.