Training

DeepSec 2018 Training: Malware Analysis Intro – Christian Wojner

Posted by on September 28, 2018 at 8:45 am

With malware (malicious software) featuring crypto-trojans (ransomware), banking-trojans, information- and credential-stealers, bot-nets of various specifications, and, last but not least, industry- or even state-driven cyber espionage, the analysis of this kind of software ıs becoming more and more important these days. With a naturally strong focus on Microsoft Windows based systems this entertaining first-contact workshop […]

DeepSec 2018 Training: ERP Security: Assess, Exploit and Defend SAP Platforms – Pablo Artuso & Gaston Traberg

Posted by on September 27, 2018 at 9:05 am

Your SAP platform contains the business crown jewels of your company. However, while leading organizations are protecting their systems from new types of SAP threats, still many are prone to SAP-specific vulnerabilities that are exposing their business to espionage, sabotage and financial fraud risks. Gaston’s and Pablo’s training empowers Security Managers, Internal/External Auditors and InfoSec […]

DeepSec 2018 Training: Professional Bug Hunting for Early Bird Millionaires – Sensitive Data Exposure

Posted by on September 24, 2018 at 2:21 pm

DeepSec’s Early Bird Tariff is still valid for today. If you are interested in bug hunting for money, i.e. bug bounties, then you should hurry. Dawid Czagan is conducting a training at DeepSec 2018 where you can learn all you need to get started. If you don’t know what to expect, we recommend one of […]

DeepSec 2018 Training: Advanced Penetration Testing in the Real World – Davy Douhine & Guillaume Lopes

Posted by on September 24, 2018 at 8:45 am

Guillaume and Davy, senior pentesters, will share many techniques, tips and tricks with pentesters, red teamers, bug bounty researchers or even defenders during a 2-day 100% “hands-on” workshop. This is the very training you’d like to have instead of wasting your precious time trying and failing while pentesting. The main topics of the training are: […]

DeepSec 2018 Training: Attacking Internet of Things with Software Defined Radio – Johannes Pohl

Posted by on September 10, 2018 at 10:15 am

In Johannes Pohls training participants will learn how to reverse engineer the wireless communication between Internet of Things (IoT) devices with Software Defined Radios (SDR) using the Universal Radio Hacker (URH). The workshop covers required HF (high frequency) basics such as digital modulations and encodings and shows how to reveal the protocol logic step by […]

DeepSec Training: Bug Bounty Hunting – How Hackers Find SQL Injections in Minutes with Sqlmap

Posted by on September 7, 2018 at 9:15 am

In a previous article we talked about the Bug Bounty Hunting training by Dawid Czagan at DeepSec 2018. In case you do now know what to expect, there is a little teaser consisting of a full blown tutorial for you. Dawid has published as video tutorial that shows you how to use Sqlmap in order […]

DeepSec 2018 Special Training: Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

Posted by on August 29, 2018 at 8:49 am

How do bugs in software get fixed? Well, first of all you have to find them. All code has bugs. Most probably, that is. Usually developers and users of applications find bugs. The history of information security has taught us that now attackers also look for bugs in software. Therefore flaws in code leading to […]

DeepSec 2018 Training: Hunting with OSSEC – Xavier Mertens

Posted by on August 28, 2018 at 10:44 am

“OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points”, says Xavier Mertens, who’s giving a training called “Hunting with OSSEC” at this years DeepSec. “During this training, […]

DeepSec 2017 Workshop: Smart Lockpicking – Hands-on Exploiting Contemporary Locks and Access Control Systems – Slawomir Jasek

Posted by on October 31, 2017 at 4:07 pm

You can, quite reasonably, expect smart locks and access control systems to be free from alarming security vulnerabilities – such a common issue for an average IoT device. Well, this training will prove you wrong. After performing multiple hands-on exercises with a dozen of real devices and various technologies, you will never look at the […]

DeepSec2017 Workshop: Mobile App Attack – Sneha Rajguru

Posted by on October 16, 2017 at 3:30 pm

The world’s gone mobile. Mobile devices have surpassed the standard computer (i.e. desktop) installation multiple times. In turn this means that you will encounter these devices most definitely when testing or implementing security measures. Usually adversaries do not use the platform itself. They use software to gain entry. This is why mobiles apps are the […]

DeepSec 2017 Workshop: Hunting The Adversary – Developing And Using Threat Intelligence – John Bambenek

Posted by on October 12, 2017 at 11:46 am

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just […]

DeepSec2017 Workshop: SAP CTF Pentest : From Outside To Company Salaries Tampering – Yvan Genuer

Posted by on October 10, 2017 at 9:03 pm

The SAP business suite is widespread among enterprises. It is the heart of the operation, at least in terms of business logic, administration, accounting, and many other cornerstones of big companies. SAP itself was founded in 1972. Its software has now grown up and lives with the Internet and cloud platforms next door. Due to […]

DeepSec 2017 Training: The ARM IoT Exploit Laboratory

Posted by on August 29, 2017 at 5:25 pm

If the Internet of Things (IoT) will ever leave puberty, it has to deal with the real world. This means dealing with lies, fraud, abuse, exploits, overload, bad tempered clients (and servers), and much more. Analysing applications is best done by looking at what’s behind the scenes. IoT devices, their infrastructure, billions of mobile devices, […]

DeepSec 2017 Preliminary Schedule published

Posted by on August 17, 2017 at 3:33 pm

After two weeks of intense reviewing we have published the preliminary schedule for DeepSec 2017. There are some blanks to fill, but this will be done in the coming weeks. We still have to do some reviews and wait for the speaker’s confirmation. In case you noticed, the ROOTS track is not filled yet. The […]

DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

Posted by on November 3, 2016 at 8:05 pm

If you follow the news on information security, you see superlative after superlative. Millions of passwords were stolen. Hundreds of thousands of cameras suddenly became tools for blackmail. Countless data got copied unauthorized. Often, after a few paragraphs, your read about technical solutions that should put a stop to these burglaries. Therefore one forgets that […]