1111, 2019

DeepSec 2019 Talk: S.C.A.R.E. – Static Code Analysis Recognition Evasion – Andreas Wiegenstein

Sanna/ November 11, 2019/ Conference, Security

Andreas Wiegenstein has expert advise for software security: Companies increasingly rely on static code analysis tools in order to scan (their) (custom) code for security risks. But can they really rely on the results? The typical SCA tool is designed to detect security issues in code that were created by accident / lack of skill. But how reliable are these tools, if someone intentionally places bugs in code that are not supposed to be found? This talk explores several nasty concepts how malicious code could be camouflaged in order to avoid detection by SCA algorithms. On a technical level, the following concepts are covered covert data flow deep call stacks circular calls source mining counter-encoding data laundering Based on this, I will provide some code snippets as proof of concept for the audience to

0811, 2019

DeepSec 2019 Talk: Security Analytics and Zero Trust – How Do We Tackle That? – Holger Arends

Sanna/ November 8, 2019/ Conference, Security

For many years we’ve all been in an arms race, fighting daily against new malware varieties and new attack techniques that malicious actors use to fool us and compromise our systems. Many of us rely on state of the art safeguards and have invested tremendous amounts in defending our systems and networks, yet even so, important data is still leaked or important systems are compromised. Firewalls, IDS, IPS or SIEM systems are often unable to prevent or detect attacks. Questions are often raised: “why?” and “how?” is it possible these attacks stay undetected for long periods of time, considering the significant investments into cyber security. And so it seems obvious to say that with the introduction of IoT devices, unmanaged BYOD, combined with legacy systems and end to end encryption, the future will be

0111, 2019

DeepSec 2019 Talk: Setting up an Opensource Threat Detection Program – Lance Buttars

Sanna/ November 1, 2019/ Conference, Security

Through the use of event detection monitoring and do it yourself monitoring techniques on a Linux Apache PHP MySQL stack, I will demonstrate how you can create different alarms and reporting surfaces that alert you when your application is being attacked. This case study will demonstrate the use of hacking tools as a defense strategy in a corporate network and will cover the story of the detection of insider threats from the internal application point of view. The entire presentation is a hands-on lab that can be used after the presentation as a guide for attendees to set up a Threat Detection program. We asked Lance a few more questions about his talk. Please tell us the top 5 facts about your talk. The talk covers ways of discovering insider threats. It’s a starting

3010, 2019

DeepSec 2019 Talk: Still Secure. We Empower What We Harden Because We Can Conceal – Yury Chemerkin

Sanna/ October 30, 2019/ Conference, Security

The launch of Windows 10 has brought many controversial discussions around the privacy factor of collecting and transmitting user data to Microsoft and its partners. But Microsoft was not the first, Apple did it many years ago and there was no public research on how much data were leaked out from MacOS. There is a statement in the Privacy Policy written by Apple: “Your device will keep track of places you have recently been, as well as how often and when you visited them, in order to learn places that are significant to you, to provide you with personalized services, such as predictive traffic routing, and to build better Photos Memories… ‘Everything’ stores in iCloud service”. Both cases are the same, designed in the same manner and driven by a similar idea to simplify

2910, 2019

DeepSec 2019 Talk: Chinese Police and CloudPets – Abraham Aranguren

Sanna/ October 29, 2019/ Conference, Security

[In our Call for Papers we mentioned that DeepSec and specifically DeepINTEL will have a connection to geopolitics. Well, the following description of a presentation at DeepSec gives you an idea of what we meant.] This talk is a summary of three different security audits with an interesting background: First, CloudPets, their epic track record, what we found and what happened afterwards. Next, two mobile apps by Chinese Police: “BXAQ” and “IJOP”, both related to surveillance of ethnic minorities, but in different ways. Stay tuned. Part 1: CloudPets Wouldn’t it be cool, for a parent far from home, to be able to record a voice message with their phone and make the sound come out of a soft toy that children can hug? That’s the idea of CloudPets. Children can even respond directly from

2810, 2019

DeepSec 2019 Talk: Comparing GnuPG With Signal is like Comparing Apples with Smart Light Bulbs – Hans Freitag

Sanna/ October 28, 2019/ Conference, Security

GnuPG is not designed to be used only in E-Mail, it plays an important role in securing all sorts of mission critical data. In this talk I will show you applications of GnuPG that are not E-Mail or Instant Messaging. We asked Hans a few more questions about his talk. Please tell us the top 5 facts about your talk. GnuPG is free software that can be used to encrypt and sign data. Signal is not a free software but may be used to communicate with others. You can’t compare apples with pears. In German the term glowing pear is used for light bulb. My Key ID is: 1553A52AE25725279D8A499175E880E6DC59190F How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? I browsed the

1610, 2019

DeepSec 2019 Talk: What’s Wrong with WebSocket APIs? Unveiling Vulnerabilities in WebSocket APIs – Mikhail Egorov

Sanna/ October 16, 2019/ Conference, Security

WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported in Amazon API Gateway. WebSockets APIs have a different security model compared to REST APIs, resulting in unique attack vectors. Nevertheless, developers rarely take them into account. WebSockets in browsers do not use the same-origin policy (SOP) concept, their security model is based on origin check. Out-of-the-box WebSockets provide no authentication and authorization mechanisms. WebSocket protocol is stateful and has two main phases: A handshake and data transfer phase. Most of the time authentication and authorization logic is implemented

2709, 2019

DeepSec 2019 Workshop: Attacks on the Diffie-Hellman Protocol – Denis Kolegov & Innokentii Sennovskii

Sanna/ September 27, 2019/ Conference, Security

This workshop is a hands-on task-based study of the Diffie-Hellman protocol and its modern extensions focusing on vulnerabilities and attacks. It is not a full day training, but it will be held during the conference. Everyone interested in applied cryptography and attacks connected to this topics should attend. Seats are limited! Some of the topics that will be highlighted: Diffie-Hellman key exchange Elliptic-curve Diffie-Hellman Variants of Diffie-Hellman protocol: Ephemeral, static, anonymous, authenticated Diffie-Hellman X3DH, Noise and SIGMA protocols Forward secrecy and post-compromise security Small-subgroup attack Pollard’s rho and lambda algorithms Invalid curve attack Curve twist attack Protocol attacks (MitM, replay, KCI, UKS) Labs: Small subgroup attack against multiplicative group DH Invalid curve attack against ECDH Twist attack KCI attack Key Takeaways Learn about Diffie-Hellman key exchange Learn about applying Diffie-Hellman in modern protocols Hands-on

2609, 2019

DeepSec 2019 Talk: What Has Data Science Got To Do With It? – Thordis Thorsteins

Sanna/ September 26, 2019/ Conference, Security

In this talk I want to shed some light on data science’s place within security. You can expect to learn how to see through common data science jargon that’s used in the industry, as well as to get a high level understanding of what’s happening behind the scenes when data science is successfully applied to solve complex security problems. The talk is aimed at anyone who’s been curious or had questions about the rise of things like “machine learning” or “big data” in the context of security. No prior data science knowledge is required. We asked Thordis a few more questions about her talk which will be held at DeepSec 2019. Please tell us the top 5 facts about your talk. It will give an insight into the exciting (and sometimes terrifying) world

2009, 2019

DeepSec 2019 Talk: The Turtle Gone Ninja – Investigation of an Unusual Crypto-Mining Campaign – Ophir Harpaz

Sanna/ September 20, 2019/ Conference, Security

Despite the absence of blockchain and „crypto“ at DeepSec we have some content which covers security incidents connected to both terms. Ophir Harpaz will present her insights into an attack that is used to do „crypto“ mining. She describes what to expect in her own words: At first sight, Nansh0u is yet another attack campaign aiming to mine a marginal crypto-currency named TurtleCoin. However, things get much more interesting once you gain full access to the attacker’s infrastructure. Our investigation revealed a complete picture of how the Nansh0u campaign operates, who the infected victims are and what advanced tools are used in the attacks. Port scanner, brute-force module, remote-code execution tool, verbose log files and tens of different malware payloads – these are only a portion of the attacker’s assets we managed to put

1809, 2019

DeepSec 2019 Training: Analysing Intrusions with Suricata – Peter Manev & Eric Leblond

Sanna/ September 18, 2019/ Security, Training

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as to identify new threats through structured data aggregation and analysis. Hands-on labs consisting of real-world malware and network traffic will reinforce the course’s concepts while utilizing the latest Suricata features. Come and see what you’ve been missing in your network and unlock the full potential of network security, detection, and response with Threat Hunting with Suricata at the DeepSec 2019 training. In this course, students will learn through a combination of lecture and approximately 15

1109, 2019

DeepSec 2019 Talk: Lauschgerät – Gets in the Way of Your Victim’s Traffic and Out of Yours – Adrian Vollmer

Sanna/ September 11, 2019/ Conference, Security

The talk will present a new tool for pentesters called „Lauschgerät“. This python script acts as a convenient man-in-the-middle tool to sniff traffic, terminate TLS encryption, host malicious services and bypass 802.1X – provided you have physical access to the victim machine, or at least its network cable. There are three ways to run it: Either on its own dedicated device like a Raspberry Pi or Banana Pi, in a virtual machine with two physical USB-NICs attached, or on your regular pentest system in its own network namespace. It will look like a completely transparent piece of wire to both victim systems you are getting in the middle of, even if they are using 802.1X because it is implementing the ideas presented in a talk by Alva Lease ‘Skip’ Duckwall IV. The Lauschgerät operates

1009, 2019

Industrial Espionage and Data Tapping are commonplace in IT – DeepSec Conference provides Training for early Detection, Analysis and Mitigation

Sanna/ September 10, 2019/ Conference, Security

The excitement used to be great when organizations, parties, celebrities, companies, or government agencies reported intrusions into their own or outsourced digital infrastructure. Meanwhile, reports of data leaks and compromised systems are almost a part of the weather forecast. Security applications on smartphones or portals offer this information to allow the user to check if they might be affected too. The networked world of everyday life makes it seemingly possible to present attack and defence in the same breath. Affected, attackers, defenders and beneficiaries move closer together. But anyone who has this impression has fallen victim to the looming simplification. Modern information technology has to deal with dangerous situations every day that have far more facets. This requires a good deal of specialist knowledge and experience. First Responders, Analysis and Detection of Threats All

0509, 2019

DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Sanna/ September 5, 2019/ Conference, DeepIntel, Press, Schedule, Security, Security Intelligence

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no more islands. Increasing networking is reaching more and more areas of everyday life and society. So this year’s DeepSec In-Depth Security Conference wants to look soberly at the Internet of facts and fear from an information security perspective. Systems are currently less isolated and much more complex than the theory of information security technically allows. The DeepSec conference therefore dedicates its two days of conference and two days of training to current technologies and their vulnerabilities. At the same

0409, 2019

DeepSec 2019 Talk: Well, That Escalated Quickly! – A Penetration Tester’s Approach to Windows Privilege Escalation – Khalil Bijjou

Sanna/ September 4, 2019/ Conference, Security

Since the early stages of operating systems, users and privileges were separated. Implemented security mechanisms prevent unauthorized access and usage of data and functions. These security mechanisms have been circumvented a number of times, which has led to steady improvements. Nevertheless, attackers find new vulnerabilities and security holes. Security experts often encounter Mirosoft® Windows endpoints or systems and gain low privileged access. To fully compromise the system, privileges have to be escalated. Windows contains a great number of security concepts and mechanisms. These render privilege escalation attacks difficult. Penetration testers should have a sound knowledge base about Windows components and security mechanisms in order to understand privilege escalation concepts profoundly and to apply them properly. Khalil’s presentation at DeepSec 2019 imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: