Security

DeepSec 2019 Talk: Abusing Google Play Billing for Fun and Unlimited Credits! – Guillaume Lopes

Posted by on November 22, 2019 at 2:30 pm

In 2017, the estimated global in-app purchase revenue was projected to exceed $37 billion. Just in the Google Play Store, for 2018, more than 200 000 apps are offering in-app purchases. However, the Google Play Billing API is vulnerable by design and allows an attacker to bypass the payment process. I analyzed several android games […]

DeepSec 2019 Talk: S.C.A.R.E. – Static Code Analysis Recognition Evasion – Andreas Wiegenstein

Posted by on November 11, 2019 at 9:15 am

Andreas Wiegenstein has expert advise for software security: Companies increasingly rely on static code analysis tools in order to scan (their) (custom) code for security risks. But can they really rely on the results? The typical SCA tool is designed to detect security issues in code that were created by accident / lack of skill. […]

DeepSec 2019 Talk: Security Analytics and Zero Trust – How Do We Tackle That? – Holger Arends

Posted by on November 8, 2019 at 7:15 pm

For many years we’ve all been in an arms race, fighting daily against new malware varieties and new attack techniques that malicious actors use to fool us and compromise our systems. Many of us rely on state of the art safeguards and have invested tremendous amounts in defending our systems and networks, yet even so, […]

DeepSec 2019 Talk: Setting up an Opensource Threat Detection Program – Lance Buttars

Posted by on November 1, 2019 at 9:15 am

Through the use of event detection monitoring and do it yourself monitoring techniques on a Linux Apache PHP MySQL stack, I will demonstrate how you can create different alarms and reporting surfaces that alert you when your application is being attacked. This case study will demonstrate the use of hacking tools as a defense strategy […]

DeepSec 2019 Talk: Still Secure. We Empower What We Harden Because We Can Conceal – Yury Chemerkin

Posted by on October 30, 2019 at 9:15 am

The launch of Windows 10 has brought many controversial discussions around the privacy factor of collecting and transmitting user data to Microsoft and its partners. But Microsoft was not the first, Apple did it many years ago and there was no public research on how much data were leaked out from MacOS. There is a […]

DeepSec 2019 Talk: Chinese Police and CloudPets – Abraham Aranguren

Posted by on October 29, 2019 at 9:15 am

[In our Call for Papers we mentioned that DeepSec and specifically DeepINTEL will have a connection to geopolitics. Well, the following description of a presentation at DeepSec gives you an idea of what we meant.] This talk is a summary of three different security audits with an interesting background: First, CloudPets, their epic track record, […]

DeepSec 2019 Talk: Comparing GnuPG With Signal is like Comparing Apples with Smart Light Bulbs – Hans Freitag

Posted by on October 28, 2019 at 9:05 am

GnuPG is not designed to be used only in E-Mail, it plays an important role in securing all sorts of mission critical data. In this talk I will show you applications of GnuPG that are not E-Mail or Instant Messaging. We asked Hans a few more questions about his talk. Please tell us the top […]

DeepSec 2019 Talk: What’s Wrong with WebSocket APIs? Unveiling Vulnerabilities in WebSocket APIs – Mikhail Egorov

Posted by on October 16, 2019 at 9:30 am

WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported […]

DeepSec 2019 Workshop: Attacks on the Diffie-Hellman Protocol – Denis Kolegov & Innokentii Sennovskii

Posted by on September 27, 2019 at 9:00 am

This workshop is a hands-on task-based study of the Diffie-Hellman protocol and its modern extensions focusing on vulnerabilities and attacks. It is not a full day training, but it will be held during the conference. Everyone interested in applied cryptography and attacks connected to this topics should attend. Seats are limited! Some of the topics […]

DeepSec 2019 Talk: What Has Data Science Got To Do With It? – Thordis Thorsteins

Posted by on September 26, 2019 at 9:15 am

In this talk I want to shed some light on data science’s place within security. You can expect to learn how to see through common data science jargon that’s used in the industry, as well as to get a high level understanding of what’s happening behind the scenes when data science is successfully applied to […]

DeepSec 2019 Talk: The Turtle Gone Ninja – Investigation of an Unusual Crypto-Mining Campaign – Ophir Harpaz

Posted by on September 20, 2019 at 9:15 am

Despite the absence of blockchain and „crypto“ at DeepSec we have some content which covers security incidents connected to both terms. Ophir Harpaz will present her insights into an attack that is used to do „crypto“ mining. She describes what to expect in her own words: At first sight, Nansh0u is yet another attack campaign […]

DeepSec 2019 Training: Analysing Intrusions with Suricata – Peter Manev & Eric Leblond

Posted by on September 18, 2019 at 9:05 am

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to […]

DeepSec 2019 Talk: Lauschgerät – Gets in the Way of Your Victim’s Traffic and Out of Yours – Adrian Vollmer

Posted by on September 11, 2019 at 9:05 am

The talk will present a new tool for pentesters called „Lauschgerät“. This python script acts as a convenient man-in-the-middle tool to sniff traffic, terminate TLS encryption, host malicious services and bypass 802.1X – provided you have physical access to the victim machine, or at least its network cable. There are three ways to run it: […]

Industrial Espionage and Data Tapping are commonplace in IT – DeepSec Conference provides Training for early Detection, Analysis and Mitigation

Posted by on September 10, 2019 at 9:05 am

The excitement used to be great when organizations, parties, celebrities, companies, or government agencies reported intrusions into their own or outsourced digital infrastructure. Meanwhile, reports of data leaks and compromised systems are almost a part of the weather forecast. Security applications on smartphones or portals offer this information to allow the user to check if […]

DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Posted by on September 5, 2019 at 6:35 pm

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no […]