DeepSec 2023 Workshop: Black Belt Pentesting / Bug Hunting Millionaire (100% Hands-On, Live Online Training, 24-25 October) – Dawid Czagan

Sanna/ June 1, 2023/ Conference, Training

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training! I will discuss security bugs found by several bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session. Watch 3 exclusive videos

Read More

DeepSec 2023 Workshop: Web Hacking Expert: Full-Stack Exploitation Mastery [Video Training, Lifetime Access] – Dawid Czagan

Sanna/ May 30, 2023/ Conference, Training

Watch the trailer for your training! Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique video training, and take your professional pentesting career to the next level. Dawid Czagan has found security bugs in many companies, including Google, Yahoo, Mozilla, Twitter, and in this video training he will share his experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively. Almost 5 hours of high-quality video courses with lots of recorded demos You will get lifetime access to these 5 video courses: Bypassing Content Security Policy in Modern Web Applications –

Read More

DeepSec Workshop 2023: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access – Dawid Czagan

Sanna/ May 26, 2023/ Conference, Training

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory. For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. Also, when the training is over, you can take the complete lab environment home to hack again at your own pace. I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers. Key Learning Objectives After completing this training, you will

Read More

DeepSec Twitter Account is scheduled for Deletion

René Pfeiffer/ May 19, 2023/ Administrivia, Conference

A passive stance to IT security doesn’t always work. The same is true for “social” media. The DeepSec Twitter account is scheduled for deletion. We have saved all tweets and will publish them as an archive. Meanwhile you can follow updates from DeepSec and DeepINTEL on Mastodon, our blog, or our LinkedIn company site. No, we won’t join BlueSky until it is out of its pre-gamma prototype phase. So, please join us or subscribe to our mailing list(s).

Understanding Artificial Intelligence, its Use Cases, and Security Implications

René Pfeiffer/ May 15, 2023/ Conference

Hypes and trends are great. You can talk a lot about s specific topic without really understanding the underlying technology. Ever since the AI train has left the station, everyone is talking about it and is trying to solve all kinds of problem with a single algorithmic approach. Large language models (LLMs) are apparently the best invention since division and multiplication. While there is nothing wrong with exploring how technology can be used, the current discussion about the use of AI algorithms has drifted to shamanism. Companies want to feature one of these new algorithms for good luck, promising business models and to save all kinds of effort when dealing with data. Let’s take a step back and review the history of artificial intelligence in computer science. In the 1970s and 1980s expert systems

Read More

DeepSec 2023 Call for Papers is open

René Pfeiffer/ March 9, 2023/ Call for Papers, Conference, DeepIntel

The call for papers of DeepSec 2023 and DeepINTEL 2023 is open! You can submit your ideas for presentations and trainings via our CfP manager form. Content for DeepINTEL should be sent to use directly (but you can use the same web form, just mention what you have in mind). This year’s focus will be on the wonderful world of artificial intelligence, machine learning, and related algorithms. The GPT language models have gained notoriety in the media. All the shiny algorithms still lack cognitive skills, but they are decent simulations of communication. Big companies rush to add dumb conversation simulators to their products. What does this mean from the information security perspective? If you have found weaknesses in chat simulators or AI/ML filters, please let us know. It’s your turn to tell HAL 9000

Read More

DeepSec News Channels and Twitter Third Party Apps

René Pfeiffer/ January 20, 2023/ Conference

A couple of days ago the Talon app we use for reading and writing on Twitter stopped working. Code that stops working or APIs that turn into bouncers at the nightclub is normal operation in some fields of IT. As for Twitter, it has turned into a personal playground of one person. The platform has nothing to do with the microblogging service it once was. Decisions are made random or with a questionable agenda. It’s time to leave. And no, we are not going to Mars like Ryba Zhfx promised the public over ten years ago. You can find links to our articles on our Mastodon account. We have this blog, and we have our mailing lists. We will try to turn our Twitter postings into an archive and publish it on our servers

Read More

Late thank you for attending and speaking at DeepSec / DeepINTEL 2022

René Pfeiffer/ December 17, 2022/ Administrivia, Conference

Usually we are under high load after the conference because of the administrative tasks. 2022 was no exception, but the change of location still requires some attention. So this is a much delayed thank you for attending our events and speaking at DeepSec and DeepINTEL 2022! It was great to meet all of you in person. We also enjoyed talking about experiences with IT security, exchanging insights, sharing stories, and gathering inspiration for the next year. While virtual meetings can save time and help a lot, some things are best discussed face to face. The videos are nearly fully post-processed. We will inform our attendees and speakers first. In January 2023, you can enjoy the videos on our Vimeo account. The slides of the presentations can be downloaded from our DeepSec 2022 slide collection.

Read More

DeepSec 2022 has started – two Days of Presentation about Information Security

René Pfeiffer/ November 17, 2022/ Conference, Security

The DeepSec Conference 2022 has started. We will be busy handling the presentation tracks, the TraceLabs OSINT CTF event, and the ROOTS track. We covered most of the presentations in brief interviews on this blog. There is more to come after the conference has ended. The live streams from the conference are available to registered attendees. The recordings will be published on our video platform after post-precessing. Updates from the event will be posted to our Twitter and Mastodon accounts. In case you want to be part of the conversation, please use the #DeepSec hashtag.

DeepINTEL 2022 has started – Conference on Security Intelligence

René Pfeiffer/ November 16, 2022/ Conference, DeepIntel

We often abuse the term big picture as an analogy for a better perspective on things. With security intelligence, this is true. The DeepINTEL conference covers the strategic aspects of IT security, analyses the capabilities of potential (and actual) adversaries, and helps to bridge the gap between individual experiences of security researchers and targets. DeepINTEL 2022 has started. Topic-wise advanced persistent threats, the current geopolitical situation, psychological warfare with digital means, and techniques of malicious software in attacks are the primary focus. Selected aspects will be published in articles on this blog after the conference, because the DeepINTEL is a TLP:AMBER event.

DeepSec 2022 Talk: Industrial-Security vs. IT-Security – What Can We Learn From Each Other? – Michael Walser

Sanna/ November 11, 2022/ Conference

In the age of digitalisation, classic IT and industry are moving ever closer together. Devices are being networked and more and more smart devices are flooding the production hall. However, IT security is often disregarded in the process. Every device in the network can be compromised and requires an adapted strategy. Experience from 30 years of IT security gives the industry an orientation – but does not solve its problems. The challenges are often completely different, and the situation often requires completely different approaches. We try an approach and show experiences from the work with our customers and partners and give food for thought on what an IT security strategy for industry can look like and what both worlds can learn from each other. We asked Michael Walser a few more questions about his

Read More

DeepSec 2022 Talk: Cyber Maturity Doesn’t Just Happen. True Tales Of A Cyber Maturity Concept – Uğur Can Atasoy

Sanna/ November 10, 2022/ Conference

Having a proper(!) security posture is more challenging than ever. Implementing the bare necessities for usability and security is scalable (literally), but the reality is always full of surprises. Dozens of assets, services, tools, requirements, workforce, risks and threats. How to keep the balance between usability, security and reputation while being honest with yourself? Many enterprises suffer from “keywords” and “trends” and have to pretend to be “proactive” by implementing the “latest” trends and approaches instead of solving the problems on “bits” that need “change”. When you look at enterprise-level security incidents, you can quickly notice that they have the latest tools, technologies and services, implemented the “Zero Trust Security” model, achieved base standards and compliance requirements, and hired the experts. Literally, they are prepared for almost all possible risks and threats, but they

Read More

DeepSec 2022 Talk: Communicative Incident Response – Hauke Gierow, Paul Gärtner

Sanna/ November 10, 2022/ Conference

Crisis communication is probably the hardest part of communication to get right – and the most important. Combine this with a successful attack attempt on a company’s network that completely shatters operation and you have all the ingredients for disaster. But especially in situations like this, it is imperative to stay calm and remain in contact with the outside world. In this talk, we will relay best practices for crisis communication and how they specifically apply to IR situations. We will show the best and the worst attempts to manage a crisis – and show that situations like this can reposition a company and build trust rather than loosing it. We asked Hauke Gierow and Paul Gärtner a few more questions about their talk. Please tell us the top 5 facts about your talk.

Read More

DeepSec 2022 Keynote: Complexity killed the Cat

René Pfeiffer/ November 8, 2022/ Conference

Complex systems is not a term indicating that you have stopped to understand something. The colloquial phrase „it’s complicated“ is often used as a joke. Complex systems have their own science. Information technology has managed to make our daily life easier. Applications manage vast amount of data, communication protocols transport countless numbers of messages, systems just work, and everything is fine. The problem is that code usually grows and never shrinks. This has implication for software development and for information security. The keynote will take you on a tour through complex systems, complexity, the limits of growth, and how the consequences can be managed in a sane way. The presentation will also try to remind you to ask questions, think twice about selecting appropriate metrics, and how to apply this approach to the tools

Read More

DeepSec Press Release: Analysis IT Security – DeepSec conference offers rich education for digital defence

Sanna/ November 2, 2022/ Conference, Press

Defending one’s digital infrastructure has never been more important. The fundamental problem of many defensive structures is the lack of an overview. Penetration tests help little if you don’t know exactly how your systems are connected to the rest of the world. This year’s DeepSec security conference offers rich support and content to sustainably increase one’s own security. On board is our supporter, the company NVISO, focusing specially on companies and organisations in critical areas. Security landscape requires collaboration Modern information technology is based on complex and extensive architectures. How do you determine the state of your own security? Many companies are not familiar with the different approaches of testing methods. The term “penetration test” has already entered the minds of many, but what findings and facts are obtained during such tests is often

Read More