Industrial Espionage and Data Tapping are commonplace in IT – DeepSec Conference provides Training for early Detection, Analysis and Mitigation

Sanna/ September 10, 2019/ Conference, Security

The excitement used to be great when organizations, parties, celebrities, companies, or government agencies reported intrusions into their own or outsourced digital infrastructure. Meanwhile, reports of data leaks and compromised systems are almost a part of the weather forecast. Security applications on smartphones or portals offer this information to allow the user to check if they might be affected too. The networked world of everyday life makes it seemingly possible to present attack and defence in the same breath. Affected, attackers, defenders and beneficiaries move closer together. But anyone who has this impression has fallen victim to the looming simplification. Modern information technology has to deal with dangerous situations every day that have far more facets. This requires a good deal of specialist knowledge and experience. First Responders, Analysis and Detection of Threats All

Read More

DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Sanna/ September 5, 2019/ Conference, DeepIntel, Press, Schedule, Security, Security Intelligence

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no more islands. Increasing networking is reaching more and more areas of everyday life and society. So this year’s DeepSec In-Depth Security Conference wants to look soberly at the Internet of facts and fear from an information security perspective. Systems are currently less isolated and much more complex than the theory of information security technically allows. The DeepSec conference therefore dedicates its two days of conference and two days of training to current technologies and their vulnerabilities. At the same

Read More

DeepSec 2019 Talk: Well, That Escalated Quickly! – A Penetration Tester’s Approach to Windows Privilege Escalation – Khalil Bijjou

Sanna/ September 4, 2019/ Conference, Security

Since the early stages of operating systems, users and privileges were separated. Implemented security mechanisms prevent unauthorized access and usage of data and functions. These security mechanisms have been circumvented a number of times, which has led to steady improvements. Nevertheless, attackers find new vulnerabilities and security holes. Security experts often encounter Mirosoft® Windows endpoints or systems and gain low privileged access. To fully compromise the system, privileges have to be escalated. Windows contains a great number of security concepts and mechanisms. These render privilege escalation attacks difficult. Penetration testers should have a sound knowledge base about Windows components and security mechanisms in order to understand privilege escalation concepts profoundly and to apply them properly. Khalil’s presentation at DeepSec 2019 imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most

Read More

DeepSec2019 Talk: SD-WAN Secure Communications Design and Vulnerabilities – Denis Kolegov

Sanna/ September 2, 2019/ Conference, Security

Hardening communication protocols against network attacks is hard. And yet a lot of products are available on the market that allow you to transport data and messages. Since virtualisation entered the world of technology all things software-definded (SD) have become popular. Denis Kolegov will explain at DeepSec 2019 what the state of affairs in terms of information security is. The SD-WAN New Hope project targets the security of SD-WAN (software defined wide area network) products. It was started in December 2017, when a customer decided to buy a very secure and well-known SD-WAN product from one of the Top 5 vendors and wanted us to perform threat modelling and a vulnerability assessment. We were doing that for 6 months and found out that the product was awful from a security perspective. It had multiple

Read More

DeepSec2019 Talk: Android Malware Adventures – Analyzing Samples and Breaking into C&C – Kürşat Oğuzhan Akıncı & Mert Can Coşkuner

Sanna/ August 29, 2019/ Conference, Security

Android malware is evolving every day and is everywhere, even in Google Play Store. Malware developers have found ways to bypass Google’s Bouncer as well as antivirus solutions, and many alternative techniques to operate like Windows malware does. Using benign looking applications working as a dropper is just one of them. This talk is about android malware on Google Play Store targeting Turkey such as Red Alert, Exobot, Anubis, etc. The presentation held at DeepSec 2019 will cover the following issues: Techniques to analyze samples: Unencrypted samples are often used to retrieve personal information to sell and do not have obfuscation. Encrypted samples however are used for sophisticated tasks like stealing banking information. They decrypt themselves by getting the key from a twitter account owned by the malware developer and operate by communicating with

Read More

DeepSec2019 Talk: Mastering AWS Pentesting and Methodology – Ankit Giri

Sanna/ August 28, 2019/ Conference, Legal, Security

The Cloud (whatever it really is) is the future (of whomever taking advantage of it). This is how information security experts see the outsourcing technologies based on virtualisation and application containment. Ankit Giri explains at DeepSec 2019 what defenders need to be aware of and how you can test your security controls before your adversaries do this. (Pen)Testing the Cloud The intent here is to highlight the fact that pentesting cloud environment comes with legal considerations. AWS (Amazon Web Services) has established a policy that requires a customer to raise a permission request to be able to conduct penetration tests and vulnerability scans to or originating from the AWS environment. We can focus on user-owned entities, identity and access management, user permissions configuration and use of the AWS API integrated into the AWS ecosystem.

Read More

DeepSec Training: Black Belt Pentesting / Bug Hunting Secrets you’ve always wanted to know

René Pfeiffer/ August 26, 2019/ Conference, Security, Training

The Web and its technologies have become the perfect frontier for security experts for finding bugs and getting a foothold when doing penetration tests. Everything has a web server these days. And everything web server will happily talk to web clients. The components involved are more than just simple HTML and JavaScript. The developer notion of doing things full stack requires security experts to do the same. This is where our DeepSec 2019 training session Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan comes into play. Dawid Czagan will show you how modern applications work, how they interact, and how you can analyse their inner workings. He will enable you to efficiently test applications, find bugs, and compile the set of information needed to fix the

Read More

Translated Article: Reporters Without Borders protest against planned Criminalization of Tor Servers

Sanna/ July 10, 2019/ Discussion, Press, Security

Reporter ohne Grenzen protestiert gegen geplante Kriminalisierung von Tor-Servern for netzpolitik.org by Markus Reuter [Note: netzpolitik.org is a German news portal covering the impact of a networked world on society and digital rights. They rely on donations and welcome your support. We translated this article for them, because we both like their work and use Tor on a daily basis.] With the new IT security law Interior Minister Horst Seehofer wants to criminalize the Tor network. That hurts the freedom of the press and the protection of sources. Opposition and Reporters Without Borders protest sharply against the plan. With the IT Security Act 2.0 the Federal Ministry of the Interior is planning to criminalize the operation of Tor servers. According to the draft, the person who “offers an internet-based service whose access and accessibility

Read More

Translated Article: EU Prosecutors call for Security Holes in 5G Standards

Sanna/ June 3, 2019/ Communication, Discussion, High Entropy, Security

EU-Strafverfolger fordern Sicherheitslücken in 5G-Standards for fm4 by Erich Moechel The telecoms are to be forced to align the technical design of their 5G networks with the monitoring needs of the police authorities. In addition, security holes in the 5G protocols are required to enable monitoring by IMSI catchers. Gilles de Kerchove, EU counter-terrorism coordinator, warns against the planned security standards for the new 5G mobile networks. The reason for this are neither network components of the Chinese manufacturer Huawei, nor technical defects. De Kerchove’s warnings are directed against the planned high degree of network security, according to an internal document of the EU Council of Ministers, available to ORF.at. These measures to protect against criminals as well as the planned 5G network architecture stand in the way of the installation of backdoors for

Read More

Use Handshake Data to create TLS Fingerprints

René Pfeiffer/ May 25, 2019/ Discussion, Security

While the whole world busily works on the next round of the Crypto Wars, the smart people work on actual information security. TLS has always been in the focus of inspection. Using on-the-fly generated certificates to look inside is a features of many gadgets and filter applications. Peeking at the data is moot if you control either the server or the client. If you have to break TLS on purpose (hopefully) inside your own network, you probably have to deal with software or system you cannot control. In this case TLS is the least of your security problems. Dealing with a lot of network traffic often uses a metadata approach in order not to process gigantic amounts of data. Enter TLS fingerprinting. The TLS handshake contains a lot of parameters such as version numbers,

Read More

Getting ready for BSidesLondon – Support the Rookie Track!

René Pfeiffer/ May 24, 2019/ Security

Deadlines are great. They serve as a great syscall. Everything must be ready and be written to disk. The schedule of BSidesLondon was already stored and forwarded. Have a look! It’s worth it! The titles sound great. We recommend having some IPv6 as a starter (IPv4 is really getting scarce these days). The main dish should have some pieces of cloud platforms, RF hacking, SOCs, and power grid. Emotet, GPUs, and Windows Event Log forensics. Don’t forget to support the rookies by attending their presentations. They put a lot of effort into the preparation, and they have lots of interesting topics ready for you. The 15 minute slots are great to get an in-depth introduction into the topic. In addition the rookies rely on the feedback of everyone of you, especially the exploit-hardened veterans

Read More

The fine Art of Mentorship

René Pfeiffer/ March 8, 2019/ Discussion, Security

We will support the Rookie Track at BSidesLondon in 2019 again. This is a perfect way for rookies to get started on presenting at a conference. However it is much more – the stages before the presentation is held. Preparing for 15 minutes of talk will keep you busy for ten or twenty times the amount you spend presenting. It depends on the research you have to do, the illustrations you have to create, the code samples, the tests, and a lot more things that need to be sorted out. That’s not an easy task. But you do not have to do it alone. BSidesLondon is looking for rookies and mentors. If you have experience in IT security, being on stage for presentations, research, and preparing materials for workshops and talks, then you should

Read More

Translated Article: Campaign of the Spy Alliance “Five Eyes” against WhatsApp and Co

Sanna/ January 8, 2019/ Discussion, High Entropy, Security

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone. Every two years, around the same time, a campaign of the espionage alliance “Five Eyes” against encryption programs takes place. Unlike in 2016, the new campaign has reached its first goal in a flash. In early December, a bill was passed in the Australian Parliament obliging Internet companies to break up encrypted communications. The providers of Whatsapp, Snapchat, and Co are hereby required to build surveillance interfaces into their apps to give hidden access to the Australian law enforcement. In a parliamentary coup – without discussion or amendments – the “Assistance

Read More

Thank you all for attending and speaking at DeepSec 2018!

René Pfeiffer/ December 3, 2018/ Conference, Security

DeepSec 2018 is over. Thank you for attending and presenting at our conference! Without your interest and your configuration there would be no talks, no workshops, and no one else present.We had a great time, and we hope you enjoyed everything. We are now dealing with the administrative backlog, the metric ton of receipts, the post-processing of the video recordings, and lots of other things. Among the tasks is the feedback you gave us. We will try to improve, so the next DeepSec conference will feature some or all of your suggestions. Dates for DeepSec and DeepINTEL 2019 will be available soon. We will publish this information on Twitter, on our web site, and on our blog. As for the video recordings, please give us some time. The post-production has to deal with the

Read More

DeepSec 2018 Talk: Attacks on Mobile Operators – Aleksandr Kolchanov

Sanna/ November 21, 2018/ Conference, Security

I’d like to talk about telecom security. My research contains information about security of mobile operators: classic and new (or very rare) attack vectors and vulnerabilities. This presentation will consist of three main parts: First, I will share information on the security of mobile operators in general. I’ll tell you a little bit about why it is important (usually, phone numbers are used as a key to social networks, messengers, bank accounts, etc). So, if an attacker can hack a mobile operator, he can gain access to a big amount of user data and money. Also, in this part, I will tell you about typical SS7 attacks (how to intercept SMS or send fake ones). During the second part, I will tell you about different vulnerabilities and security issues. All of the problems I

Read More