1809, 2024

DeepSec Talk 2024: Blackbox Android Malware Detection Using Machine Learning and Evasion Attacks Techniques – Professor Dr. Razvan Bocu

Sanna/ September 18, 2024/ Conference

Over the past ten years, researchers have extensively explored the vulnerability of Android malware detectors to adversarial examples through the development of evasion attacks. Nevertheless, the feasibility of these attacks in real-world use case scenarios is debatable. Most of the existing published papers are based on the assumptions that the attackers know the details of the target classifiers used for malware detection. Nevertheless, in reality, malicious actors have limited access to the target classifiers. This talk presents a problem-space adversarial attack designed to effectively evade blackbox Android malware detectors in real-world use case scenarios. The proposed approach constructs a collection of problem-space transformations derived from benign donors that share opcode-level similarity with malware applications through the consideration of an n-gram-based approach. These transformations are then used to present malware instances as legitimate entities through

1709, 2024

DeepSec 2024 Talk: Far Beyond the Perimeter – Exploring External Attack Surfaces – Stefan Hager / khae

Sanna/ September 17, 2024/ Conference

Looking for intel in all the right places is an art that adversaries seem to have mastered; but for their own data, many companies seem to lose interest in examining anything that’s outside the “perimeter” – whatever that is supposed to be nowadays. Credential leaks, shadow IT, unofficial websites with official info – the list of assets far outside the data centers of companies is long and those assets nevertheless pose risks. Instead of turning a blind eye, it’s important (and necessary) to get an understanding of what kind of information is out there, ready to be used or abused and protect accordingly. What risks are “out there” and what is meant by “out there”? How can those risks be addressed? What tools are easily available? Gathering information is a valuable tool not only

1609, 2024

DeepSec 2024 Talk: Navigating the Storm: Emerging Threats in AWS Cloud Security – Miguel Hernández & Alessandro Brucato

Sanna/ September 16, 2024/ Conference

As cloud adoption speeds up, so too does the sophistication of attacks targeting cloud infrastructure. Our talk delves into the evolving landscape of AWS security, focusing on the burgeoning threat of crypto mining. We’ve witnessed a significant shift in the tactics, techniques, and procedures (TTPs) used by attackers. This session will uncover the latest trends in cloud security, spotlighting new threat groups and their innovative methods for abusing AWS services. Attendees will learn about real-world threats involving AWS resources. We will explore the intricate ways these attackers infiltrate and collaborate with other groups in a large black market for credentials. Our discussion will also cover proactive strategies for detection and mitigation, empowering security professionals to safeguard their cloud infrastructure against these evolving threats. We asked Miguel and Alessandro a few more questions about their

1309, 2024

DeepSec 2024 Talk: Reversing Windows RPC in Enterprise Software for Fun and CVEs – Andreas Vikerup

Sanna/ September 13, 2024/ Conference

This talk will walk the audience through the dissection of Windows RPC usage in the enterprise software ManageEngine ADAudit Plus, which will unravel two CVEs and crack a CTF-like encryption/decryption process. We asked Andreas a few more questions about his talk. Please tell us the top 5 facts about your talk. This talk will guide the audience through a reverse engineering method that will ultimately lead to 2 CVEs in a product known as ManageEngine ADAudit Plus. The reviewed code will be human readable (as in not assembly language) which makes it easy to follow. There will be hurdles along the way to reach the goal and these will be highlighted and discussed in the presentation. How did you come up with it? Was there something like an initial spark that set your mind

1209, 2024

DeepSec 2024 Talk: A Practical Approach to Generative AI Security – Florian Grunow & Hannes Mohr

Sanna/ September 12, 2024/ Conference

The rise of applications based on AI (mostly generative AI) forces us to think about the security and privacy implications of these systems. We will try to make sense about the attack surface of generative AI applications, what practitioners in the field need to consider in development and operations, and how they can derive security measures for these systems. We will first dive into the range of generative AI applications using examples of the OpenAI ecosystem. This will give the audience an understanding about the fundamental problem of AI from a security perspective. We then offer an insight into the attack surface that those applications have. This will help understand what needs to be secured and what can be secured. Many times, good old security best practices will be a good start, although AI

1109, 2024

DeepSec Talk 2024: GenAI and Cybercrime: Separating Fact from Fiction – Candid Wüest

Sanna/ September 11, 2024/ Conference

Are we standing at the brink of an AI Armageddon? With the rise of Generative AI (GenAI), cybercriminals allegedly now use unprecedented AI tools, flooding the digital world with sophisticated, unblockable threats. This talk aims to dissect the hype and uncover the reality behind the use of GenAI in cybercrime. We will explore the growing use of deepfakes in scams, exemplified by a million dollar fake BEC video conference call. From son-in-trouble scams to KYC bypass schemes, deepfakes are becoming versatile tools for cybercriminals and a nightmare for defenders. Turning to phishing attacks, we’ll discuss how GenAI personalizes and automates social engineering, significantly increasing the volume of attacks. However, they still require an account to send from and some payload. Having the ultimate phishing text does not mean you are not blocked. We’ll also

1009, 2024

DeepSec Talk 2024: Firmware Forensics: Analyzing Malware Embedded in Device Firmware – Diyar Saadi Ali

Sanna/ September 10, 2024/ Conference

Firmware, essential to hardware functionality, increasingly becomes a prime target for cyber threat actors because of its foundational control over devices. This presentation delves into a detailed analysis of malware embedded within purported firmware updates for Sabrent devices, a case study revealing widespread exploitation. By leveraging advanced static and dynamic analysis techniques, we uncover the intricate workings of this malware, strategically hidden within seemingly legitimate firmware patches. Through meticulous investigation, including static examination for file headers, hashes, and embedded resources, and dynamic analysis within controlled environments, we decipher the malware’s operational stages. This includes its initial execution triggers, subsequent macro-driven deployments, and ultimate persistence mechanisms through registry modifications, all orchestrated to evade detection and ensure prolonged access to compromised systems. We asked Diyar a few more questions about his talk. Please tell us the

0909, 2024

DeepSec 2024 Training: The Mobile Playbook: Dissecting iOS and Android Apps – Sven Schleier

Sanna/ September 9, 2024/ Conference, Training

This course teaches you how to analyse Android and iOS apps for security vulnerabilities, by going through the different phases of testing, including dynamic testing, static analysis and reverse engineering. Sven will share his experience and many small tips and tricks to attack mobile apps that he collected throughout his career and bug hunting adventures. We asked Sven a few more questions about his training. Please tell us the top 5 facts about your training. Focus: The course teaches penetration testing of Android and iOS apps using the OWASP Mobile Application Security Testing Guide (MASTG). The OWASP MASTG is an open-source documentation project that summarises techniques for penetration testing and reverse engineering of mobile apps. Hands-on Experience: We will go through many labs and real-world scenarios with customized apps. Many of the labs can

2308, 2024

DeepSec 2024 Training: Hacking Modern Web & Desktop Apps: Master the Future of Attack Vectors – Abraham Aranguren

Sanna/ August 23, 2024/ Conference, Training

This course is the culmination of years of experience gained via practical penetration testing of Modern Web and Desktop applications and countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide. It covers the OWASP Top Ten and specific attack vectors against Modern Web and Desktop apps. Participants in this course can immediately apply actionable skills from day 1. Please note our courses are 100% hands-on. We do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. The training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

2208, 2024

DeepSec 2024 Training: AI SecureOps: Attacking & Defending GenAI Applications and Services – Abhinav Singh

Sanna/ August 22, 2024/ Conference, Training

Acquire hands-on experience in GenAI and LLM security through CTF-styled training, tailored to real-world attacks and defense scenarios. Dive into protecting both public and private GenAI & LLM solutions, crafting specialized models for distinct security challenges. Excel in red and blue team strategies, create robust LLM defenses, and enforce ethical AI standards across enterprise services. This training covers both “Securing GenAI” and “Using GenAI for security” for a well-rounded understanding of the complexities involved in AI-driven security landscapes. We asked Abhinav a few more questions about his training. Please tell us the top facts about your talk. It covers both aspects of AI security: 1. Using AI for security; 2: Security of AI. How did you come up with it? Was there something like an initial spark that set your mind on creating this

2108, 2024

DeepSec 2024 Training: Attacking and Defending Private 5G Cores – Altaf Shaik

Sanna/ August 21, 2024/ Conference, Training

Security is paramount in private 5G networks because of their tailored nature for enterprises. They handle sensitive data, connect mission-critical devices, and are integral to operations. This advanced 5G Core Security Training is a comprehensive program designed to equip security professionals with advanced skills and techniques to identify and mitigate potential security threats in private 5G networks. Participants will gain a deep understanding of 5G core security and protocols, and learn how to develop and use the latest 5G pen testing tools and techniques to perform vulnerability assessments and exploit development. The training will also cover the latest 5G security challenges and best practices, and provide participants with hands-on experience in simulating original attacks and defenses on a local zero-RF-transmitting 5G network. We asked Altaf a few more questions about his training. Please tell

2008, 2024

DeepSec Training 2024: Software Reverse Engineering Training Course for Beginners – Balazs Bucsay

Sanna/ August 20, 2024/ Conference, Training

The training course targets attendees who have little to no knowledge of reverse engineering but possess the ability to write simple programs in a programming language of their choice and also have a desire to learn reverse engineering of compiled applications. The course spans two days, during which low-level computing and the basics of architectures are explained. The primary target architectures of this course are Intel x86 and AMD x64, where we cover the fundamentals of computing and assembly language. Throughout the course, we will explore how to create basic programs in both C and assembly, and then explore the process of reverse engineering using disassembler, decompiler and debugger on Windows. Each day of the course emphasises hands-on labs, allowing participants to apply their newly gained knowledge in practical exercises. Theory alone quickly fades,

1908, 2024

DeepSec publishes preliminary Schedule

René Pfeiffer/ August 19, 2024/ Conference, DeepIntel

We are happy and proud to present the preliminary schedule for DeepSec 2024! Again, the many submissions overwhelmed us. We could have filled the schedules for two or three conferences. The range of topics matches current events, your needs for improving digital defence, and insights into how vulnerable systems and humans are. Organic intelligence created all presentations 100%. No previous instructions had to be ignored. Also look at the trainings. We have selected very useful topics and feature expert trainers to guide you through the content. As usual, the schedule for DeepINTEL is only available on request. We hope to see you all in Vienna!

0108, 2024

DeepSec Call for Papers has officially ended – Review Phase opened

René Pfeiffer/ August 1, 2024/ Call for Papers, Conference

The call for papers process for DeepSec has officially ended. We tried to keep track with your submissions, but now we will deep dive into the review phase. You may have noticed that the trainings have already been published online. Usually, we publish the training slots earlier. We try to do this before the Summer, but this year the training review was delayed, because all reviewers were very busy. Now we have even more work because of the number of proposals for talks. Thank you all for your contributions! Creating the schedule will be hard, so bear with us and allow for one to two weeks for the reviews. We promise that all of you will receive either a confirmation when accepted or a message if your submission was declined. Don’t be discouraged or

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: