3108, 2023

DeepSec 2023 Talk: Nostalgic Memory – Remembering All the Wins and Losses for Protecting Memory Corruption – Shubham Dubey

Sanna/ August 31, 2023/ Conference

Memory corruption, a vulnerability that emerged in the 1980s and gained prominence with the discovery of the first buffer overflow in the fingerd Unix application exploited by the Morris worm in 1988, has since become a significant concern in the field of information security. Its prevalence was further underscored by the influential Phrack edition 49 titled “Smashing the Stack for Fun and Profit” in 1996. Today, memory corruption remains one of the most pressing security challenges, compelling the entire defensive security industry to develop robust countermeasures. This session aims to delve into the progress made by the security industry in mitigating and protecting against different types of memory corruption, as well as the current state of these efforts. During the talk, I will explore various techniques that have been introduced worldwide to safeguard against

Read More

3008, 2023

DeepSec 2023 Press Release: Language Models do no cognitive Work –

Sanna/ August 30, 2023/ Conference, Press

The term Artificial intelligence (AI) is in the media, but it consists only of language simulations. If one follows the logic of the products currently offered under the AI label, we could easily remedy the shortage of skilled workers in the information technology sector. Take random people and let them consume tutorials, code examples, training videos and other documents related to the field of application for a few months. After this learning phase, skilled workers would automatically be available. TThe DeepSec conference is asking why there is still a lack of qualified personnel in IT. Algorithmically, the problem already seems to have been solved. Large Language Models (LLMs) and AI The so-called generative AI, which is now on everyone’s lips, is mathematically assigned to the research field of artificial intelligence. GPT, LLaMa, LaMDA or

Read More

3008, 2023

DeepSec 2023 Press Release: DeepSec 2023 publishes Programme – This year’s conference focuses on language models and infrastructure

Sanna/ August 30, 2023/ Conference, Press

  Everyone is discussing Artificial Intelligence language models that have vast amounts of learning data. Language models are supposed to revolutionise information technology overnight, but their first applications are actually digital attacks. TThe current state of deep fake detection, social engineering attacks, and security incident response benefits will be highlighted at the DeepSec security conference this year. Of course, there are many more presentations that are indispensable for digital defence. Language models do not think, they forge Attacks through phishing emails and social engineering bypass technical measures through communication. By imitating victims’ language, attackers try to get them to support the attack with their own actions. Artificial persuasion is the speciality of AI language models, as they are designed to simulate conversation. Alexander Hurbean discusses which tools are available for these attacks and how

Read More

2508, 2023

DeepSec 2023 Training: Security Intelligence: Practical Social Engineering & Open-source Intelligence for Security Teams – Christina Lekati

Sanna/ August 25, 2023/ Conference, Interview, Training

Social engineering attacks remain at the top of the threat landscape and data breach reports. Reports tend to oversimplify breaches as just phishing attacks, but current research shows it’s more complex. Social engineering attacks have been evolving. Successful phishing emails are usually a result of a larger attack based on research and intelligence that identifies organizational vulnerabilities. But it doesn’t stop there. Weaponized psychology is still a powerful component of social engineering attacks. Security professionals and testers need to know how social engineering works and how to stop attacks. This class aims to provide participants with the necessary knowledge on open-source intelligence and social engineering, to help security teams build better protective measures (proactive & reactive) and to inform their security strategy. It also aims to help penetration testers improve their recommendations and provide

Read More

2508, 2023

DeepSec 2023 preliminary Schedule published

René Pfeiffer/ August 25, 2023/ Administrivia, Conference

The schedule for DeepSec 2023’s first version has been published. We are still stuck in reviews, so there will be some more updates in the coming weeks. Especially the third track with technical sessions and presentations will see some updates. Read some more on the technical track in one of our next blog articles. We received a lot of submissions, so we are very grateful for your support and the great ideas you sent us. Because of the limitations of our schedule, the reviewers had a hard time making a selection. The final status of all submissions will be sent to all submitters within the next few days. The following weeks will feature every presentation in more detail with an interview or an article about the content. The mix of topics is definitely the

Read More

0708, 2023

AI Content Harvesting without Opt-Out? Goodbye, Zoom!

René Pfeiffer/ August 7, 2023/ Conference

DeepSec has used the Zoom videoconferencing tool since 2020. It was really helpful for the 100% online conferences back then. Apparently, Zoom has changed its terms of service. The new version is completely unacceptable for any conference. This means we are leaving Zoom, and we recommend you do the same. The reason is the ongoing „AI pandemic“. Content is king, but content theft is the emperor these days. If you look at the Zoom terms of services and read chapter 10.4, you see that Zoom likes to use everything you do via the platform for any use the company can think of. There is no opt-out, it seems. We have ended our subscriptions and will delete our account. We will switch to OpenTalk, which is GDPR-compliant and hosted in European data centres. OpenTalk is

Read More

3107, 2023

Helpful Hints for writing Presentations

René Pfeiffer/ July 31, 2023/ Call for Papers, Communication, Conference

Today the call for papers for DeepSec 2023 and DeepINTEL 2023 ends. If you have some ideas, please let us know by submitting a proposal. Since we have a lot of experience with reviewing presentation outlines. Before you create a brief description of your mind-blowing talk, please have a look at our suggestions. The title is important! Don’t go overboard with cryptic memes, insider jokes, or movie titles. Not everyone will have the knowledge of understanding what the presentation is about. Your title needs to reflect what you are talking about. You can always use subtitles or a tag line if you really want to mimic film posters. Also keep it short! The 80 letter limit is not only for Usenet veterans. Long titles are hard to memorise. Your title should not replace the

Read More

0407, 2023

Training Teaser: Token Hijacking via PDF File – Video Tutorial

René Pfeiffer/ July 4, 2023/ Conference, Security, Training

Tokens make the world go around. Therefore, we want to share with you the next teaser about Dawid Czagan’s training at DeepSec 2023. PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it? Dawid will show you in a free video step by step how this attack works and how you can check if your web application is vulnerable to this attack. Watch the video and consider joining Dawid Czagan’s training Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access (14-15 November, DeepSec 2023).

0307, 2023

DeepSec Scuttlebutt: Tech Monsters from Novels and the Call for Papers Reminder

René Pfeiffer/ July 3, 2023/ Call for Papers, Conference, Stories

[This message was published via our DeepSec Scuttlebutt mailing list. The text was written by a human. This is a repost via our blog and Mastodon. Our Call for Papers for DeepSec 2023 is still running. If you have interesting content, please submit your idea.] Dear readers, the wonderful world of computer science and teaching courses has kept me busy. The scuttlebutt mailing list has the aim of having at least one letter per month. It is now the end of June, and the Summer has begun here in Vienna. The university courses have finished. The grades are ready. More projects are waiting. In information society, it is never a good idea to wait until something happens. A lot of blue teams are busy improving defences, testing configurations, and rehearsing their processes. However, there

Read More

1506, 2023

Training Teaser: Token Hijacking via PDF File – Video Tutorial

René Pfeiffer/ June 15, 2023/ Conference, Training

Portable documents are nice. It’s always an advantage to read and process documents on different platforms. The Portable Document Format (PDF) is a common format. Unfortunately, PDF can be abused to attack you. PDF files are everywhere and these files can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it? In a free video, Dawid Czagan (DeepSec instructor) will show you step by step how this attack works and how you can check if your web application is vulnerable to this attack. Dawid has prepared a free video for you. Have

Read More

0606, 2023

DeepSec 2023 Talk: Deepfake vs AI: How To Detect Deepfakes With Artificial Intelligence – Dr. Nicolas Müller

Sanna/ June 6, 2023/ Conference

Artificial intelligence is developing at a breathtaking pace, already surpassing humans in some areas. But with opportunity comes potential for abuse: generative models are getting better at creating deceptively real deepfakes – audio or video recordings of people that are not real, but entirely digitally created. While the technology can be used legitimately for film and television, it has great potential for abuse. This lecture illustrates this problem using audio deepfakes, i.e. fake voice recordings. The technical background of synthesis will be highlighted, and current research on countermeasures will be presented: Can we use AI to expose deepfakes? Can we learn to recognise deepfakes, and if so, how? We asked Dr. Nicolas Müller a few questions about his talk. Please tell us the top 5 facts about your talk. We will listen to Angela

Read More

0106, 2023

DeepSec 2023 Workshop: Black Belt Pentesting / Bug Hunting Millionaire (100% Hands-On, Live Online Training, 24-25 October) – Dawid Czagan

Sanna/ June 1, 2023/ Conference, Training

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training! I will discuss security bugs found by several bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session. Watch 3 exclusive videos

Read More

3005, 2023

DeepSec 2023 Workshop: Web Hacking Expert: Full-Stack Exploitation Mastery [Video Training, Lifetime Access] – Dawid Czagan

Sanna/ May 30, 2023/ Conference, Training

Watch the trailer for your training! Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique video training, and take your professional pentesting career to the next level. Dawid Czagan has found security bugs in many companies, including Google, Yahoo, Mozilla, Twitter, and in this video training he will share his experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively. Almost 5 hours of high-quality video courses with lots of recorded demos You will get lifetime access to these 5 video courses: Bypassing Content Security Policy in Modern Web Applications –

Read More

2605, 2023

DeepSec Workshop 2023: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access – Dawid Czagan

Sanna/ May 26, 2023/ Conference, Training

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory. For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. Also, when the training is over, you can take the complete lab environment home to hack again at your own pace. I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers. Key Learning Objectives After completing this training, you will

Read More

1905, 2023

DeepSec Twitter Account is scheduled for Deletion

René Pfeiffer/ May 19, 2023/ Administrivia, Conference

A passive stance to IT security doesn’t always work. The same is true for “social” media. The DeepSec Twitter account is scheduled for deletion. We have saved all tweets and will publish them as an archive. Meanwhile you can follow updates from DeepSec and DeepINTEL on Mastodon, our blog, or our LinkedIn company site. No, we won’t join BlueSky until it is out of its pre-gamma prototype phase. So, please join us or subscribe to our mailing list(s).