DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Sanna/ September 5, 2019/ Conference, DeepIntel, Press, Schedule, Security, Security Intelligence

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no more islands. Increasing networking is reaching more and more areas of everyday life and society. So this year’s DeepSec In-Depth Security Conference wants to look soberly at the Internet of facts and fear from an information security perspective. Systems are currently less isolated and much more complex than the theory of information security technically allows. The DeepSec conference therefore dedicates its two days of conference and two days of training to current technologies and their vulnerabilities. At the same

Read More

DeepSec 2018 Conference “Smart is the new Cyber” – Preliminary Schedule published

René Pfeiffer/ August 17, 2018/ Conference, Schedule, Security

The preliminary schedule for DeepSec 2018 has been published. It took us some time to select and review all submissions. We cracked the 100 submissions mark, thus we are pleased that you made it very difficult for us this year. The number of slots for presentations and workshops has been constant. The number of content being submitted is steadily growing. So we hope we did a good job and that you find a pleasant mixture of topics (as pleasant as information security can get). All speakers have been informed. There may be some changes to the schedule which we will announce on our blog. The abstracts of every presentation and workshop will be discussed in-depth here on the blog as well. We have asked the trainers and speakers some questions. As soon as we

Read More

DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

Sanna/ November 3, 2016/ Conference, Press, Schedule, Training

If you follow the news on information security, you see superlative after superlative. Millions of passwords were stolen. Hundreds of thousands of cameras suddenly became tools for blackmail. Countless data got copied unauthorized. Often, after a few paragraphs, your read about technical solutions that should put a stop to these burglaries. Therefore one forgets that nowadays hermetically locked doors can be easily opened just by a telephone call or an e-mail message. According to a publication of the British Federation of Small Businesses, almost 50% of attacks are social engineering attacks, which means attacks through social manipulation.Thus, investments in technical defense measures remain completely ineffective. Mere security awareness does not help anymore In the past approaches to defend against attacks on the weak spot human being have focused on awareness trainings. But in our

Read More

DeepSec2016: 0patch – Self-healing Security Updates. DeepSec and ACROS Security Introduce a Platform for Micropatches

Sanna/ October 20, 2016/ Conference, Development, Schedule, Security, Training

As soon as a security gap in an computer application is made public the anxious wait begins. Whether it is software for your own network, online applications or apps for your mobile devices, as a user you will quickly become aware of your own vulnerability. The nervousness increases. When will the vendor publish the security update? In the meanwhile is there anything you can do to reduce the risks? Alternatively, how long can you manage without this certain software? To provide answers to these questions is the central point of security management. Some vendors have fixed dates for security updates. However, occasionally unscheduled updates take place, while some vendors wait quite a few years before they release another update. And this is only true for applications that are still in production or come with a support

Read More

DeepSec 2016 Schedule explained in a Series of Articles

René Pfeiffer/ September 1, 2016/ Administrivia, Conference, Schedule

We have almost finished the reviews of the submissions for DeepSec 2016. The preliminary schedule is already online. Our staff got quite some impatient requests about what to expect from the conference. Due to the sheer amount of submissions it was very difficult to review the content. We really read what you submit. We ask questions; we discuss the focus of the conference. While we try to suggest a motto when sending out the Call for Papers, we never know what the focus will be. It all depends on the presenters and trainers. Hopefully we found the right balance for all of you. Since the schedule is a short summary we have started to compile material about every talk and workshop. The series of articles will start tomorrow. It is a good way to

Read More

Preliminary Schedule of DeepSec 2016 – almost done

René Pfeiffer/ August 20, 2016/ Administrivia, Call for Papers, Conference, Schedule

We got over 100 submissions for DeepSec 2016! This is a new record. Consider that we have only room for about 40% of the content. While you may be impatient to hear about the trainings and the talks, please bear with us. We are in the final round of reviews and will have the preliminary schedule ready the day after tomorrow. You will be able to enjoy reading the announcement during your morning coffee break. Promised. To give you a little sneak preview, here are the main topics we will be addressing with the content: cryptography, Internet of Things (IoT), social engineering, threat hunting, the current state of affairs in information security, networking stuff (both wired and wireless), penetration testing, exploit automation, attacking web applications, iOS exploits, physical security, world domination a.k.a. „cyber“ threats,

Read More

DeepSec Video: The German Data Privacy Laws and IT Security

René Pfeiffer/ January 27, 2016/ Conference, Discussion, Legal, Schedule

Data protection and information security are often seen as different species. Why? Where is the difference between protection, defence, security, and offence? There are a lot of relations between the terms. Stefan Schumacher (Magdeburger Institut für Sicherheitsforschung) gave a presentation at DeepSec 2015 on how to link privacy with security: „Hesse introduced the first data privacy law in the world in 1970. Since then, the German data privacy laws evolved over time and led to the creations of several tools and methods to protect private data. Though it is aimed at data protection it can be utilized for IT security. This talk introduces the data privacy law and it’s main ideas. This presentation will also show how it can be used to further IT security especially in the SME sector. This mostly refers to

Read More

Nikhil Mittal has two Black Hat Europe passes for his attendees

Mika/ October 21, 2015/ Conference, Schedule

Nikhil Mittal offers two passes for Black Hat Europe, Amsterdam, Nov. 10-13 for his workshop attendees at our DeepSec in Vienna. If more than two are interested we will make a raffle or a sweepstake. Workshop: Powershell for Penetration testers Deadline is in two weeks, when we make final decisions about our workshops. So if you are interested in Powershell and have spare-time in November it’s a good time to book for DeepSec and visit Black Hat Europe for free: DeepSec Registration Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients, including many global corporate giants. He is also a member of Red teams of selected

Read More

DeepSec Talk: Got RATs? Enter Barn Cat (OSint)

Mika/ October 21, 2015/ Conference, Schedule

We are happy to have John Bambenek (Fidelis Cybersecurity & SANS Internet Storm Center) on stage to present his new Open Source Intelligence Project Barn Cat. OSINT Barn Cat: Mining Malware for Intelligence at Scale I like the name of the project: Barn cats are the best mousers and this new project is targeted to catch (not only) RATs. In reality we have a hard time to keep track and ensure up-to-date signatures, with half a million unique samples pouring into the analysis machinery of the AV-industry and signature producers every day. Barn cat has a new approach: Instead of learning every time from scratch how a new mouse looks like, Barn Cat monitors the criminal infrastructure to detect undesired activity in your network. It’s like a true barn cat couching in front of

Read More

DeepSec 2014 Video – “The Measured CSO”

René Pfeiffer/ December 19, 2014/ Discussion, Schedule, Stories

The first recording of DeepSec 2014 has finished post-processing. Just in time for the holidays we have the keynote presentation by Alex Hutton ready for you. Despite its title “The Measured CSO” the content is of interest for anyone dealing with information security. Alex raises questions and gives you lots of answers to think about. Don’t stay in the same place. Keep moving. Keep thinking.

DeepSec 2013 Schedule is Final!

René Pfeiffer/ September 22, 2013/ Administrivia, Conference, Schedule

The schedule for DeepSec 2013 is final. We had to rearrange some talks, because not all of the speakers we selected confirmed their appearance (that’s real life interference; we hope to see them at some future DeepSec events). The topics look great! We hope you get as much restless nights worrying about your data and infrastructure as we do! ☺ The workshop line-up is especially impressive. It now features 9 trainings in total. Two of the trainings are one day courses, so it might be easier to convince your workload to squeeze some lectures by experts into your busy schedule. This year’s workshops allow you to learn about attacking GSM networks (and thus their clients!), web applications (and their clients too), people (don’t pick up the phone!), IDS/IPS systems (we bet you never saw

Read More

DeepINTEL 2013 – Preliminary Schedule

René Pfeiffer/ July 16, 2013/ Conference, Schedule, Security Intelligence

The preliminary schedule of the DeepINTEL conference is ready! We have selected the presentations carefully and tried to address in-depth threats to (y)our infrastructure and (y)our data. Here are the abstracts of the talks (in alphabetical order, according to the speakers name), that we are allowed to publish publicly: Compliance and Transparency of Cloud Features against Security Standards (Yury Chemerkin) Nowadays cloud vendors provide a solid integration, virtualization and optimization in many fields (for example medical, business, and education) for online services. Such services operate with sensitive data which attracts attackers. There are quite different security controls and metrics for every Cloud service provider. It is generally known that several industrial organizations are focused on keeping an appropriate security level by offering solutions to improve the transparency of Cloud security controls among different vendors.

Read More

DeepINTEL 2012 – Preliminary Schedule

René Pfeiffer/ July 3, 2012/ Administrivia, Schedule

This is the preliminary schedule of the first DeepINTEL seminar taking place in September 2012. We have more talks in the pipeline and the final decision won’t be long. Bear in mind that we will receive some additional information for some of the abstracts soon. The registration for DeepINTEL is online, too. If you are interested in attending DeepINTEL, please get in touch with us (you know, the vetting process and such). Please note that all further updates will be published at the main DeepINTEL web site. You will also find the speaker’s biographies there. Preventing and Detecting Mass-Malware and Advanced Threats (Tom “c-APT-ure” Ueltschi) Your organization has firewalls, network IDS/IPS, anti-virus on multiple layers, maybe even HIPS, hardening and patching done and feels pretty safe and secure. But lots of companies and organisations

Read More

Schedule is stable

René Pfeiffer/ November 19, 2010/ Schedule

The schedule of DeepSec 2010 has been declared stable¹. Unfortunately three speakers had to cancel their presence because of unforeseen reasons. We have managed to fill the slots, so that we have a full schedule and lots of issues to think about. The schedule on the web will now be frozen for print. Any further changes will always be reflected on our web site. We’re looking forward to see you all! ¹ We thought it would be a good idea since declaring code stable is common in software development. ☺

Schedule for DeepSec 2010 published

René Pfeiffer/ August 20, 2010/ Schedule

Reviewing the submissions took us a while longer than anticipated. The reason was the high-quality content you submitted. We had to make some tough decisions and could have easily filled three or four days of In-Depth security talks and many more workshops. We hope that the schedule we published yesterday satisfies your interest and gives some CIOs something to think about. We tackle the security of the GSM network (which is failing, as was reported at DeepSec 2009 already). We also show you how to probe the security of GSM networks (there’s a whole two-day workshop if you want to dive into the gory details). Watch out for remote binary planting! Just yesterday Mitja Kolsek reveiled that about 200 Microsoft Windows applications are vulnerable to remote code execution. We deal with SAP security by

Read More