2210, 2021

DeepSec 2021 Talk: SSH spoofing attack on FIDO2 Devices in Combination with Agent Forwarding – Manfred Kaiser

Sanna/ October 22, 2021/ Conference

Since OpenSSH 8.2 there is the possibility to secure a private key with a with a FIDO2 token (Nitrokey, Yubikey, …). A key protected by FIDO2 must be manually confirmed each time the key is used and prevents misuse of the key if an SSH agent is compromised. Although it is known that agent forwarding is a security risk and should not be used, support has been extended with OpenSSH 8.5 (Released: 3.3.2021). Prior to OpenSSH 8.5, it was not possible to forward an SSH agent during file transfers (SCP/SFTP) to another server. This was one of the reasons why AUT-milCERT (BMLV) took a closer look at the SSH protocol. The goal was to find out whether a FIDO2 protected key can provide sufficient protection against misuse in case of a leaked agent. During

2110, 2021

Hardwear.io Interview: Teardown and feasibility study of IronKey – the most secure USB Flash drive

René Pfeiffer/ October 21, 2021/ Security

Portable storage devices are small and can be easily lost. Using security measures to protect the data on them is therefore a good idea. Vendors offer USB storage devices with built-in encryption capabilities. What happens if you analyse how they work? What are the attack modes on these devices? There will be a presentation at Hardwear.io regarding a specific brand of storage devices. We have asked the author Sergei Skorobogatov about the security properties of IronKey devices. HDD and SSD vendors have provided their devices with secure deletion and encryption features. How do IronKey devices compare to normal storage media? Some HDD and SSD devices do offer encryption and secure deletion, as well as vendors of other USB Flash drives. The fundamental difference is that IronKey devices are certified with FIPS140-2 Level 3. This

2110, 2021

DeepSec 2021 Talk: Releasing The Cracken – A Data Driven Approach for Password Generation – Or Safran & Shmuel Amar

Sanna/ October 21, 2021/ Conference

By now, it should be well known that passwords are like underwear, they should be changed often, the longer the better and it’s better not to leave them lying around. While the big players advocating for passwordless authentication, passwords are still the most common authentication method. In the wild, we’ve seen thousands of organizations experiencing password spraying and bruteforce attacks on their users. Although MFA should mitigate some of the threats, it’s still not implemented on all protocols and in some cases was bypassed by security flaws in the IDP. In this talk, we’ll present a new concept for password security – smartlists, built on a new data driven approach that utilizes recent advancements in NLP. Together with this talk, we are proud to release a new FOSS tool that makes these new concepts

2010, 2021

DeepSec 2021 Talk: Firmware Surgery: Cutting, Patching and Instrumenting Firmware for Debugging the Undebuggable – Henrik Ferdinand Nölscher

Sanna/ October 20, 2021/ Conference

Embedded systems can be challenging to analyze. Especially on automotive systems, many things that we take for granted on other software such as debugging and tracing do not always work. This is further complicated by watchdogs and peripheral processors, that go haywire when strict timing and communication requirements are violated. On some systems, debugging is even impossible because debugging resources such as pins are either used for something else or they don’t exist at all! Assuming that code can be dumped, the solution for this can be emulation, however emulating a rich automotive system can be painful and many times, only few aspects of the system can be sufficiently modeled. What if there was an in-between? How can we debug, fuzz and tamper embedded firmware without access to real-time debugging or emulation? In this

1910, 2021

DeepSec 2021 Talk: When Ransomware fails – Sreenidhi Ramadurgam

Sanna/ October 19, 2021/ Conference

Ransomware is a piece of code that is written by an attacker to encrypt the victim’s files. Even though it has been around for many years, its popularity has increased since the outbreak of Wannacry which shook the whole cyber world. When the logic of the ransomware code is observed we can see a common pattern here. It is similar to how humans interact with the system. I.e, to access the files, the code has to access the logical drive first. Here each logical drive is assigned a letter by the operating system. For example, when a code has to access the files in D drive, it has to access the drive ‘D’ first. What if there is a logical drive in the system which doesn’t have any letter assigned to it? Well, now

1510, 2021

DeepSec 2021 Talk: Large-scale Security Analysis Of IoT Firmware – Daniel Nussko

Sanna/ October 15, 2021/ Conference

Today, the number of IoT devices in both the private and corporate sectors are steadily increasing. IoT devices like IP cameras, routers, printers, and IP phones have become ubiquitous in our modern homes and enterprises. To evaluate the security of these devices, a security analysis has to be performed for every single device. Since manual analysis of a device and reverse engineering of a firmware image is very time-consuming, this is not practicable for large-scale analysis. To be able to conduct a large-scale study on the security of embedded network devices, an approach was applied that allows a high number of firmware images to be statically analyzed. For data acquisition, a crawler was used to identify and retrieve publicly available firmware images from the Internet. In this way, more than 10,000 individual firmware images

1310, 2021

DeepSec 2021 Talk: Post-quantum Encryption System for 5G – Maksim Iavich

Sanna/ October 13, 2021/ Conference

Nowadays, many leading scientists and experts are actively working on the creation of quantum computers. On October 23 2019, Google announced that it has achieved quantum supremacy. This means the great speedup of the quantum processors compared to the fastest classic computer. On December 06 2020, scientists in China also announced that they also achieved quantum supremacy. Quantum computers will probably destroy most cryptosystems that are widely used in practice. A variety of “resistant to quantum attacks,” alternatives are developed. These alternatives are hash-based, code-based, lattice-based and multivariate crypto schemes. However, to date a number of successful attacks is recorded on the given system. It is also shown that these schemes have efficiency problems. The amount of traffic carried over wireless networks and the number of mobile devices (including IoT) are growing rapidly and

0110, 2021

DeepSec2021 Press Release: Company Desktops as a Gateway for Digital Attacks

Sanna/ October 1, 2021/ Conference, Press

Home office relocates the digital company door across countries and cities into the living space. Teleworking has been around for over 50 years. The virtual way of working has gained a lot in importance since last year. The pandemic has increased the distance and technology for the home workplace has made a real breakthrough. Unfortunately, the same cannot be said for information security. Many installations lack basic security, especially when using personal devices without company in-house configuration. The DeepSec conference and Certitude Consulting warn against the use of systems without adequate protection. Bring your own demise with private hardware The COVID-19 pandemic has created great pressure to give employees access to their work environment from home. The implementation requires careful planning and the use of secure end devices and protocols in network transmission. Popular

2709, 2021

DeepSec 2021 Talk: I Will Hide, You Come And Seek – Discovering The Unknown in Known Malwares using Memory Forensics – Shyam Sundar Ramaswami

Sanna/ September 27, 2021/ Conference

Malware analysis is a key phase to extract IOCs like domains, ip, mutex and other signatures. What if malware knows what online sandboxes look for and what tools look for, decides to “showcase only 90%” and hide the rest? Well, Memory forensics comes to our rescue. This was tried and tested with a lot of samples during the pandemic phase and was aided in extracting a lot of hidden process, domains, urls and even ip. This is what the talk covers: Talk about the traditional malware analysis process Introduction to memory forensics and why Introducing tools like Volatility and Rekall Running Orcus RAT, Agent Tesla and Sodinobki Ransomware malwares usingt traditional methods like Any.run online sandbox and malware runs Playing a game by capturing memory of the infected machine by invoking WMI module and

2409, 2021

DeepSec 2021 Talk: Do you have a PlugX? Artem Artemov, Rustam Mirkasymov

Sanna/ September 24, 2021/ Conference

Deep overview of a tool used by the Chinese nation-state APTs based on a real-life Incident Response case with a big industrial company. Investigation yielded the presence of PlugX in the infrastructure. This presentation gives a full overview of the tools functionality, its past versions, and nowadays usage (Thor is a new version of plugX). We show why it is hard to find and why it’s important for big industrial companies. And also we talk about our assumption that all recent big attacks – first Sunburst and then Exchange exploits (proxylogon related to Hafnium) are links of one chain. We asked Artem and Rustam a few more questions about their talk. Please tell us the top 5 facts about your talk. It’s about pro-government APT The described threat is silent The threat target is

2309, 2021

DeepSec 2021 Press Release: DeepSec and DeepINTEL Publish Conference Program

Sanna/ September 23, 2021/ Conference, DeepIntel, Press

IT security has a lot of catching up to do, digitization is on an insecure foundation. The COVID-19 pandemic will celebrate its second birthday next year. Our everyday life has become more dependent on digital tools and platforms. If you want to rely on the convenience of the digital world, data and communication must not be threatened by weak points. Unfortunately, this is not the case, which is why the annual DeepSec IT security conference will again address threats for companies and authorities this year. Expectations Digitization is largely viewed uncritically as a metaphorical bringer of salvation. It should make work easier, make information more accessible, reduce administration and, in principle, solve or at least reduce problems in every area. The term Artificial Intelligence is often used when promoting the future. In the key

2009, 2021

Hardware Security – Hacking on the Layer 1 – Training and Conference

René Pfeiffer/ September 20, 2021/ Conference

In system administration there is an easy way to distinguish between software and hardware: hardware are the parts that can be kicked. This happens usually when things break. Since breaking things is a major part of security research, we have teamed up with the Hardwear.io Security Conference. The Spectre and Meltdown bugs have shown that hardware is a crucial part of everyone’s security architecture. Few software developers realise that this foundation can cause a lot of havoc. So we recommend checking out the schedule. Reverse engineering hardware can be very rewarding, because you learn a lot on how it reacts to perturbations. There will be a training at Hardwear.io on how to do this with celullar baseband firmware. This piece of code sits on the gateway to the mobile network. During the training you

1709, 2021

DeepSec 2021 Talk: Revenge is Best Served over IOT – Chris Kubecka

Sanna/ September 17, 2021/ Conference

Welcome to the new Cold War in the Middle East. In 2012, Iran’s first Shamoon attacks almost crashed every world economy, nearly bringing the world to its knees. Since then, the game of spy vs. spy has intensified digitally with the pandemic accelerating connectivity. Join Chris on a 2.5 year Iranian espionage campaign attempting to recruit her for the most innocent of jobs: teaching critical infrastructure hacking with a focus on nuclear facilities. A journey of old school espionage with a cyber twist. Bribery, sockpuppets, recruitment handlers, propaganda VVIP luxury trip mixed with a little IOT camera revenge and 2021 police protection. We asked Chris a few more questions about her talk. Please tell us the top 5 facts about your talk. Our skills as ethical hackers are in high demand, especially by sanctioned

1309, 2021

DeepSec 2021 Presentation: Don’t get Hacked, get AMiner! Smart Log Data Analytics for Incident Detection – Florian Skopik, Markus Wurzenberger, Max Landauer

Sanna/ September 13, 2021/ Conference, Security

“Prevention is ideal, but detection is a must”. Active monitoring and intrusion detection systems (IDS) are the backbone of every effective cyber security framework. Whenever carefully planned, implemented and executed preventive security measures fail, IDS are a vital part of the last line of defence. IDS are an essential measure to detect the first steps of an attempted intrusion in a timely manner. This is a prerequisite to avoid further harm. It is commonly agreed that active monitoring of networks and systems and the application of IDS are a vital part of the state of the art. Usually, findings of IDS, as well as major events from monitoring, are forwarded to, managed and analyzed with SIEM solutions. These security information and event management solutions provide a detailed view on the status of an infrastructure

0909, 2021

Translated Article: New ETSI Standard for Reporting Security Vulnerabilities

Sanna/ September 9, 2021/ Stories

Neuer ETSI-Standard zur Meldung von Sicherheitslücken by Erich Moechel for fm4.ORF.at The European Standards Institute for Telecommunications ETSI, previously known more for the standardization of back doors for surveillance authorities than for IT security, is now concerned with finding non-standardized security vulnerabilities. Late but still, the discovery of ever new, critical security gaps in IT equipment in industry has finally woken up the European Standards Institute for Telecommunications (ETSI). The public review period for an ETSI specification, which is intended to standardize the reporting process of security vulnerabilities by third parties, runs until September 15. Since the introduction of LTE (4G), the standards of the IT world have increasingly applied to the formerly proprietary networks of the telecoms. This specification takes this into account by standardizing important IT security processes for the world of telecommunications. However,

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: