2012, 2022

Translated Article: US ‘Chat Control’ Now with Exception for E2E Encryption

Sanna/ December 20, 2022/ Stories

US-„Chatkontrolle“ nun mit Ausnahme für E2E-Verschlüsselung by Erich Moechel for fm4.ORF.at [This is the second summary article describing the concerted attack on IT security around the globe. Erich has researched the current state of affairs. It is of interest that the US lawmakers have understood the importance of ent-to-end-encryption, while their UK and EU counterparts have not.] The US regulation on child protection provides for a right of refusal in search warrants for E2E providers, as they do not have access to the requested data. The regulations planned in the EU and UK, on the other hand, require WhatsApp and others to install backdoors. In the British House of Commons, the surveillance bill “Online Safety Bill” is getting out of hand. After incorporating the amendments from the beginning of the week, the British “chat control” with

Read More

1912, 2022

Translated Article: Regulation on “Chat Control” Launched in EU Parliament

Sanna/ December 19, 2022/ Security, Stories

Verordnung zur „Chat-Kontrolle“ im EU-Parlament gestartet by Erich Moechel for fm4.ORF.at [We have translated the article from Erich’s column, because end-to-end encryption is a fundamental part of IT security. Erich has researched a lot regarding the concerted attack on secure communication. He provides important background information to understand why the attack on encryption is presented in different countries at the same time.] At the same time as the EU regulation, the British “Online Safety Bill” and a US law on the safety of children online are on their way through the parliaments. A comparison shows astonishing parallels in terms of content and method. On Wednesday, work on the regulation on warrantless searches of social network users’ smartphones and PCs started in the EU Parliament’s Civil Liberties Committee (LIBE). In this first meeting, the timetable for this

Read More

1712, 2022

Late thank you for attending and speaking at DeepSec / DeepINTEL 2022

René Pfeiffer/ December 17, 2022/ Administrivia, Conference

Usually we are under high load after the conference because of the administrative tasks. 2022 was no exception, but the change of location still requires some attention. So this is a much delayed thank you for attending our events and speaking at DeepSec and DeepINTEL 2022! It was great to meet all of you in person. We also enjoyed talking about experiences with IT security, exchanging insights, sharing stories, and gathering inspiration for the next year. While virtual meetings can save time and help a lot, some things are best discussed face to face. The videos are nearly fully post-processed. We will inform our attendees and speakers first. In January 2023, you can enjoy the videos on our Vimeo account. The slides of the presentations can be downloaded from our DeepSec 2022 slide collection.

Read More

3011, 2022

DeepINTEL Report: The view from Vienna: OPSEC, Iran’s cyberpower, and tech decoupling

René Pfeiffer/ November 30, 2022/ DeepIntel, Security Intelligence

We are a bit late with the summaries from our event. Let’s start with some public information from DeepINTEL 2022. The conference is a closed event where security experts can openly discuss updates on threats, capabilities of potential adversaries, and all kinds of intelligence information related to information security. Steph Shample, an expert from the Middle East Institute (MEI), gave an update on Iran’s capabilities in past and present APT, cybercrime, ransomware, and cryptocurrency. The connections of Iran with China and Russia were discussed, too. Given the invasion of Ukraine, Russia is trying to get support for its digital operations. Mohammed Soliman, also from the Middle East Institute, presented his research on the technology containment strategy by the US administration. The stance regarding 5G serves as a blueprint. It is important to emphasise that

Read More

1711, 2022

DeepSec 2022 has started – two Days of Presentation about Information Security

René Pfeiffer/ November 17, 2022/ Conference, Security

The DeepSec Conference 2022 has started. We will be busy handling the presentation tracks, the TraceLabs OSINT CTF event, and the ROOTS track. We covered most of the presentations in brief interviews on this blog. There is more to come after the conference has ended. The live streams from the conference are available to registered attendees. The recordings will be published on our video platform after post-precessing. Updates from the event will be posted to our Twitter and Mastodon accounts. In case you want to be part of the conversation, please use the #DeepSec hashtag.

1611, 2022

DeepINTEL 2022 has started – Conference on Security Intelligence

René Pfeiffer/ November 16, 2022/ Conference, DeepIntel

We often abuse the term big picture as an analogy for a better perspective on things. With security intelligence, this is true. The DeepINTEL conference covers the strategic aspects of IT security, analyses the capabilities of potential (and actual) adversaries, and helps to bridge the gap between individual experiences of security researchers and targets. DeepINTEL 2022 has started. Topic-wise advanced persistent threats, the current geopolitical situation, psychological warfare with digital means, and techniques of malicious software in attacks are the primary focus. Selected aspects will be published in articles on this blog after the conference, because the DeepINTEL is a TLP:AMBER event.

1511, 2022

Reminder for virtual Training: Exploiting Race Conditions

René Pfeiffer/ November 15, 2022/ Security, Training

A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multi-threading. Because of this attack, an attacker who has $1000 in his bank account can transfer more than $1000 from his bank account. This is just one example, but it clearly shows how dangerous this attack is. In a free video Dawid Czagan (DeepSec instructor) will show you step by step how this attack works and will tell you how to prevent this attack from happening. Watch this free video and feel the taste of Dawid Czagan’s live online training ”Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”- Because of our hybrid configuration of DeepSec for trainings and the conference, the Mastering Web Attacks with Full-Stack Exploitation

Read More

1511, 2022

DeepSec 2022 Trainings have started

René Pfeiffer/ November 15, 2022/ Security, Training

The DeepSec trainings have started. Today is the first day. The topics cover attacking modern desktop applications, network threat hunting, incident response, creating malicious office documents for offensive tests, and secure code review. The spectrum covers a lot of content, and it will be very helpful for defending the information security landscape. One of our trainings can still be booked. The workshop titled “Web Hacking Expert: Full-Stack Exploitation Mastery” by Dawid Czagan has been postponed to 28/29 November 2022. It will be an online training. You can take part virtually. Bookings are still possible via our ticket shop.

1111, 2022

DeepSec 2022 Talk: Industrial-Security vs. IT-Security – What Can We Learn From Each Other? – Michael Walser

Sanna/ November 11, 2022/ Conference

In the age of digitalisation, classic IT and industry are moving ever closer together. Devices are being networked and more and more smart devices are flooding the production hall. However, IT security is often disregarded in the process. Every device in the network can be compromised and requires an adapted strategy. Experience from 30 years of IT security gives the industry an orientation – but does not solve its problems. The challenges are often completely different, and the situation often requires completely different approaches. We try an approach and show experiences from the work with our customers and partners and give food for thought on what an IT security strategy for industry can look like and what both worlds can learn from each other. We asked Michael Walser a few more questions about his

Read More

1011, 2022

DeepSec 2022 Talk: Cyber Maturity Doesn’t Just Happen. True Tales Of A Cyber Maturity Concept – Uğur Can Atasoy

Sanna/ November 10, 2022/ Conference

Having a proper(!) security posture is more challenging than ever. Implementing the bare necessities for usability and security is scalable (literally), but the reality is always full of surprises. Dozens of assets, services, tools, requirements, workforce, risks and threats. How to keep the balance between usability, security and reputation while being honest with yourself? Many enterprises suffer from “keywords” and “trends” and have to pretend to be “proactive” by implementing the “latest” trends and approaches instead of solving the problems on “bits” that need “change”. When you look at enterprise-level security incidents, you can quickly notice that they have the latest tools, technologies and services, implemented the “Zero Trust Security” model, achieved base standards and compliance requirements, and hired the experts. Literally, they are prepared for almost all possible risks and threats, but they

Read More

1011, 2022

DeepSec 2022 Talk: Communicative Incident Response – Hauke Gierow, Paul Gärtner

Sanna/ November 10, 2022/ Conference

Crisis communication is probably the hardest part of communication to get right – and the most important. Combine this with a successful attack attempt on a company’s network that completely shatters operation and you have all the ingredients for disaster. But especially in situations like this, it is imperative to stay calm and remain in contact with the outside world. In this talk, we will relay best practices for crisis communication and how they specifically apply to IR situations. We will show the best and the worst attempts to manage a crisis – and show that situations like this can reposition a company and build trust rather than loosing it. We asked Hauke Gierow and Paul Gärtner a few more questions about their talk. Please tell us the top 5 facts about your talk.

Read More

0811, 2022

DeepSec 2022 Keynote: Complexity killed the Cat

René Pfeiffer/ November 8, 2022/ Conference

Complex systems is not a term indicating that you have stopped to understand something. The colloquial phrase „it’s complicated“ is often used as a joke. Complex systems have their own science. Information technology has managed to make our daily life easier. Applications manage vast amount of data, communication protocols transport countless numbers of messages, systems just work, and everything is fine. The problem is that code usually grows and never shrinks. This has implication for software development and for information security. The keynote will take you on a tour through complex systems, complexity, the limits of growth, and how the consequences can be managed in a sane way. The presentation will also try to remind you to ask questions, think twice about selecting appropriate metrics, and how to apply this approach to the tools

Read More

0211, 2022

DeepSec Press Release: Analysis IT Security – DeepSec conference offers rich education for digital defence

Sanna/ November 2, 2022/ Conference, Press

Defending one’s digital infrastructure has never been more important. The fundamental problem of many defensive structures is the lack of an overview. Penetration tests help little if you don’t know exactly how your systems are connected to the rest of the world. This year’s DeepSec security conference offers rich support and content to sustainably increase one’s own security. On board is our supporter, the company NVISO, focusing specially on companies and organisations in critical areas. Security landscape requires collaboration Modern information technology is based on complex and extensive architectures. How do you determine the state of your own security? Many companies are not familiar with the different approaches of testing methods. The term “penetration test” has already entered the minds of many, but what findings and facts are obtained during such tests is often

Read More

3110, 2022

We have a Mastodon account – please come and follow us!

René Pfeiffer/ October 31, 2022/ Conference

The swinging moods of billionaires have hit Twitter. 230 million users have switched ownership and now follow the erratic decisions of a single person. „Mars first!”, or something. DeepSec is using Twitter as a channel to link to blog posts and to share information about ongoing events. This will not change for the moment. However, we have created a new Mastodon account to be on the safe side. The account name is already visible on our Twitter profile page. Please follow us, if you want to receive further news without interruption. DeepSec is fond of decentralised communication channels. While this means more effort to filter and selecting sources, it is true to the original character of the Internet. We also maintain our own mailing lists which cover press releases, random scuttlebutt behind the scenes,

Read More

2810, 2022

DeepSec 2022 Talk: Fighting Fire with Fire – Detecting DNS-Tunneling with DNS – Artsiom Holub

Sanna/ October 28, 2022/ Conference

DNS tunneling used as a covert-channel method to bypass security policies has ballooned in the landscape of Ransomware attacks in recent years. This can be attributed to CobaltStrike post exploitation tools becoming modus operandi of cybercrime syndicates operating with ransomware. Most of the detections rely on packet inspection, which suffers from scalability performance when an extensive set of sockets should be monitored in real time. Aggregation-based monitoring avoids packet inspection, but has two drawbacks: silent intruders (generating small statistical variations of legitimate traffic) and quick statistical fingerprints generation (to obtain a detection tool really applicable in the field). Our approach uses statistical analysis coupled with behavioral characteristics applied directly in the DNS resolver. This presentation will cover examples of the malicious tools used by threat actors and detections designed to protect from such tools.

Read More