Security

DeepSec 2019 Talk: What’s Wrong with WebSocket APIs? Unveiling Vulnerabilities in WebSocket APIs – Mikhail Egorov

Posted by on October 16, 2019 at 9:30 am

WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported […]

DeepSec 2019 Workshop: Attacks on the Diffie-Hellman Protocol – Denis Kolegov & Innokentii Sennovskii

Posted by on September 27, 2019 at 9:00 am

This workshop is a hands-on task-based study of the Diffie-Hellman protocol and its modern extensions focusing on vulnerabilities and attacks. It is not a full day training, but it will be held during the conference. Everyone interested in applied cryptography and attacks connected to this topics should attend. Seats are limited! Some of the topics […]

DeepSec 2019 Talk: What Has Data Science Got To Do With It? – Thordis Thorsteins

Posted by on September 26, 2019 at 9:15 am

In this talk I want to shed some light on data science’s place within security. You can expect to learn how to see through common data science jargon that’s used in the industry, as well as to get a high level understanding of what’s happening behind the scenes when data science is successfully applied to […]

DeepSec 2019 Talk: The Turtle Gone Ninja – Investigation of an Unusual Crypto-Mining Campaign – Ophir Harpaz

Posted by on September 20, 2019 at 9:15 am

Despite the absence of blockchain and „crypto“ at DeepSec we have some content which covers security incidents connected to both terms. Ophir Harpaz will present her insights into an attack that is used to do „crypto“ mining. She describes what to expect in her own words: At first sight, Nansh0u is yet another attack campaign […]

DeepSec 2019 Training: Analysing Intrusions with Suricata – Peter Manev & Eric Leblond

Posted by on September 18, 2019 at 9:05 am

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to […]

DeepSec 2019 Talk: Lauschgerät – Gets in the Way of Your Victim’s Traffic and Out of Yours – Adrian Vollmer

Posted by on September 11, 2019 at 9:05 am

The talk will present a new tool for pentesters called „Lauschgerät“. This python script acts as a convenient man-in-the-middle tool to sniff traffic, terminate TLS encryption, host malicious services and bypass 802.1X – provided you have physical access to the victim machine, or at least its network cable. There are three ways to run it: […]

Industrial Espionage and Data Tapping are commonplace in IT – DeepSec Conference provides Training for early Detection, Analysis and Mitigation

Posted by on September 10, 2019 at 9:05 am

The excitement used to be great when organizations, parties, celebrities, companies, or government agencies reported intrusions into their own or outsourced digital infrastructure. Meanwhile, reports of data leaks and compromised systems are almost a part of the weather forecast. Security applications on smartphones or portals offer this information to allow the user to check if […]

DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Posted by on September 5, 2019 at 6:35 pm

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no […]

DeepSec 2019 Talk: Well, That Escalated Quickly! – A Penetration Tester’s Approach to Windows Privilege Escalation – Khalil Bijjou

Posted by on September 4, 2019 at 2:23 pm

Since the early stages of operating systems, users and privileges were separated. Implemented security mechanisms prevent unauthorized access and usage of data and functions. These security mechanisms have been circumvented a number of times, which has led to steady improvements. Nevertheless, attackers find new vulnerabilities and security holes. Security experts often encounter Mirosoft® Windows endpoints […]

DeepSec2019 Talk: SD-WAN Secure Communications Design and Vulnerabilities – Denis Kolegov

Posted by on September 2, 2019 at 9:45 am

Hardening communication protocols against network attacks is hard. And yet a lot of products are available on the market that allow you to transport data and messages. Since virtualisation entered the world of technology all things software-definded (SD) have become popular. Denis Kolegov will explain at DeepSec 2019 what the state of affairs in terms […]

DeepSec2019 Talk: Android Malware Adventures – Analyzing Samples and Breaking into C&C – Kürşat Oğuzhan Akıncı & Mert Can Coşkuner

Posted by on August 29, 2019 at 9:30 am

Android malware is evolving every day and is everywhere, even in Google Play Store. Malware developers have found ways to bypass Google’s Bouncer as well as antivirus solutions, and many alternative techniques to operate like Windows malware does. Using benign looking applications working as a dropper is just one of them. This talk is about […]

DeepSec2019 Talk: Mastering AWS Pentesting and Methodology – Ankit Giri

Posted by on August 28, 2019 at 9:15 am

The Cloud (whatever it really is) is the future (of whomever taking advantage of it). This is how information security experts see the outsourcing technologies based on virtualisation and application containment. Ankit Giri explains at DeepSec 2019 what defenders need to be aware of and how you can test your security controls before your adversaries […]

DeepSec Training: Black Belt Pentesting / Bug Hunting Secrets you’ve always wanted to know

Posted by on August 26, 2019 at 10:37 am

The Web and its technologies have become the perfect frontier for security experts for finding bugs and getting a foothold when doing penetration tests. Everything has a web server these days. And everything web server will happily talk to web clients. The components involved are more than just simple HTML and JavaScript. The developer notion […]

Translated Article: Reporters Without Borders protest against planned Criminalization of Tor Servers

Posted by on July 10, 2019 at 4:00 pm

Reporter ohne Grenzen protestiert gegen geplante Kriminalisierung von Tor-Servern for netzpolitik.org by Markus Reuter [Note: netzpolitik.org is a German news portal covering the impact of a networked world on society and digital rights. They rely on donations and welcome your support. We translated this article for them, because we both like their work and use […]

Translated Article: EU Prosecutors call for Security Holes in 5G Standards

Posted by on June 3, 2019 at 8:45 am

EU-Strafverfolger fordern Sicherheitslücken in 5G-Standards for fm4 by Erich Moechel The telecoms are to be forced to align the technical design of their 5G networks with the monitoring needs of the police authorities. In addition, security holes in the 5G protocols are required to enable monitoring by IMSI catchers. Gilles de Kerchove, EU counter-terrorism coordinator, […]