DeepSec 2021 Live Streams
You can find the live streams of DeepSec 2021 by using the following links: DeepSec 2021 Arabella Track DeepSec 2021 Boheme Track The streams also feature a live chat if you want to comment on the presentations.
1811, 2021
1711, 2021
DeepSec 2021 Talk: Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project – Dr. Andreas Enzminger & Dr. Jürgen Grimm
Incitement, radicalization, and terror are the buzzwords that currently concern us the most. Right-wing and left-wing extremist groups or religious fundamentalists act as fire accelerators for extremist tendencies, even leading to the use of political violence. In this way, they can also endanger the value-based foundations of democracy in the medium and long term. Although much discussed, the role of the media, especially social media, in radicalization within society remains conceptually and empirically unclear. While there are several case analyses based on violent events, systematic studies have yet to be conducted. To fill this gap, the COMRAD project is dedicated to researching radicalization tendencies in cyberspace, focusing on psychosocial, ideological, and communicative conditioning factors. The focus is on the “open space” of politically left-wing, right-wing, or Islamic Facebook groups, in which recruitment strategies and
1611, 2021
DeepSec2021 Talk: QKD-based Security for 5G and Next Generation Networks – Sergiy Gnatyuk, PhD. DSc.
Modern information and communication technologies (ICT) implementation in all spheres of human activity, as well as the increasing number and power of cyber-attacks on them make the cyber security of the developed digital state vulnerable and weak. Cyber-attacks become targeted (so-called APT-attacks) and attackers carefully prepare them, analyzing the identified vulnerabilities and all possible ways of attack. The security and defense capabilities of the state are considered in an additional fifth domain titled cyberspace (after land, air, water and space). World`s leading states develop strategies to protect cyberspace, create cyber troops, develop and test cyber weapons. A significant number of cyber-attacks today are aimed at critical infrastructures and government organizations. Traditional security methods (in particular, cryptographic algorithms) do not fully protect against all currently known attacks, they are potentially vulnerable to attacks based on
1311, 2021
Updated Health Protection Guidelines – Information about hybrid Configuration of DeepSec & DeepINTEL 2021
The City of Vienna has announced changes to the health protection regulations. The regulations are still not in effect, but we expect them to be in place in the course of the next week. The city council is more strict than the rest of Austria, so make sure to update on local regulations. We have updated the health protection document on our web site. Basically the access to the conference is limited to persons having recovered from CVOID-19 and vaccinated persons. Additional information can be found by using one of the following links: Latest COVID-19 information Information about COVID-19 (City of Vienna) DeepSec will be at the conference hotel and feature live streams for every track. Some speakers will present remotely. All presentation will be available on site and via the streams. Links for
0511, 2021
New health protection regulations for DeepSec and DeepINTEL 2021
The City of Vienna has announced stricter regulations regarding conferences and restaurant businesses. This directly affects our conferences. Beginning with 15 November 2021, attending events requires a proof of either having recovered from a COVID-19 infection („genesen“) or be fully vaccinated („geimpft“). This is called the „2G rule“ because of the German words used for the terms. We will update our procedures for the conference accordingly. Our conference hotel has to follow the regulations as well. This means that you cannot attend either DeepSec or DeepINTEL with only a test (of any kind). There will be no exceptions. Further information can be found at the following links: What is „3G“ rule? Questions and answers regarding coronavirus and the COVID-19 disease Up-to-date Information on the Coronavirus Situation Some of the information web sites will get
2910, 2021
DeepSec 2021 Talk: Running an AppSec Program in an Agile Environment – Mert Coskuner
Application security in an enterprise is a challenge. We can see this when we look at the statistics: There have been 16648 security vulnerabilities (CVEs) published so far in 2020 and the average severity is 7.1 out of 10. In this talk, you will find various solutions such as – Development team risk scoring based on maturity and business aspect, – SAST/DAST at CI/CD pipeline without blocking the pipeline itself, – How to leverage bug bounty program, – When to employ penetration testing, – When to employ code review, – Platform developments to remove dependency for developers to implement features, i.e. internal authorization. Most important of all, you will see these solutions lead to minimal friction within the team, which creates a fine-tuned security program. We asked Mert a few more questions about his
2910, 2021
DeepSec2021 Talk: On Breaking Virtual Shareholder Meetings: How Secure is Corporate Germany? – Andreas Mayer
The Covid-19 pandemic has had a major impact on annual general meetings (AGMs) of shareholders worldwide. Due to existing gathering restrictions the vast majority of AGMs shifted from physical to online voting events. Therefore, purely virtual AGMs emerged to the new normal where shareholders approve critical company decisions. But how secure are those virtual events really? In this talk, I will present a systematic large-scale study on the security of 623 virtual AGMs held by German companies in 2020 including corporations listed in stock indices such as DAX and MDAX. In 72% of all virtual AGMs analyzed, at least one of the three CIA triad security goals was compromised. Join my talk and I will take you on an enthralling journey through the nitty gritty details and pitfalls that lead to the severe vulnerabilities
2510, 2021
DeepSec 2021 Press Release: Organized Espionage on Digital Devices. DeepSec Conference Warns: Searching for “Forbidden” Data on Clients Compromises Information Security.
A basic principle of information security is access control. We are all used to the fact that data is only available to people and systems with the right authorizations. The discussion about the search for prohibited image files on Apple systems sparked the discussion about the so-called Client-Side Scanning (CSS) technology. Searching for specific content past access restrictions has always been an appealing shortcut. It is now clear that CSS leads to serious problems that endanger the basis of information security and do not bring the hoped-for benefits. Instead, there are additional security loopholes. Search of end devices Lately, the EU Commission and law enforcement authorities have repeatedly addressed the issue of circumventing secure encryption. In mathematical terms, we cannot carry strong encryption out without stored duplicate keys or deliberately weakening the technologies used.
2310, 2021
DeepSec 2021 Talk: Building a Cybersecurity Workforce: Challenges for Organizations – Matthieu J. Guitton
The shift of human activities from offline to online spaces has major impacts on organizations – either public or corporate – in terms of security, therefore creating a constantly growing need for cybersecurity experts. Although for small companies, expertise can come from external providers, large organizations need to build their own cybersecurity workforce. The limited number of higher education formations result for companies in tension in the employment market, and in the recruitment of people whose expertise is not primarily on cybersecurity. Furthermore, cybersecurity often focuses on technical aspects, and does not always deal enough with the human factor – while the human factor is critical for companies and other large organizations. This presentation will explore the challenges related to building a workforce in cybersecurity from the point of view of organizations. We will
2210, 2021
Hardwear.io Interview: BlueMirror – Defeating Authentication in Bluetooth protocols
Bluetooth communication has become a standard for many handheld devices, personal computers, and local area networks. Since the protocol was first published, it has gone through many improvements. Security researchers and hackers have subjected Bluetooth devices and the protocol to security tests and analysis. The most recent discovery has to do with the key agreement protocols of Bluetooth. This topic will be presented at Hardwear.io by Tristan Claverie and Jose Lopes Esteves. We have asked both of them a few questions: Bluetooth has come a long way from the first attacks almost twenty years ago. Are there fundamental design weaknesses that impact Bluetooth security up to newer protocols? If we look at recent protocols (the most recent ones being the ones standardized for Bluetooth Mesh), there is still the ability for two devices to
2210, 2021
DeepSec 2021 Talk: SSH spoofing attack on FIDO2 Devices in Combination with Agent Forwarding – Manfred Kaiser
Since OpenSSH 8.2 there is the possibility to secure a private key with a with a FIDO2 token (Nitrokey, Yubikey, …). A key protected by FIDO2 must be manually confirmed each time the key is used and prevents misuse of the key if an SSH agent is compromised. Although it is known that agent forwarding is a security risk and should not be used, support has been extended with OpenSSH 8.5 (Released: 3.3.2021). Prior to OpenSSH 8.5, it was not possible to forward an SSH agent during file transfers (SCP/SFTP) to another server. This was one of the reasons why AUT-milCERT (BMLV) took a closer look at the SSH protocol. The goal was to find out whether a FIDO2 protected key can provide sufficient protection against misuse in case of a leaked agent. During
2110, 2021
Hardwear.io Interview: Teardown and feasibility study of IronKey – the most secure USB Flash drive
Portable storage devices are small and can be easily lost. Using security measures to protect the data on them is therefore a good idea. Vendors offer USB storage devices with built-in encryption capabilities. What happens if you analyse how they work? What are the attack modes on these devices? There will be a presentation at Hardwear.io regarding a specific brand of storage devices. We have asked the author Sergei Skorobogatov about the security properties of IronKey devices. HDD and SSD vendors have provided their devices with secure deletion and encryption features. How do IronKey devices compare to normal storage media? Some HDD and SSD devices do offer encryption and secure deletion, as well as vendors of other USB Flash drives. The fundamental difference is that IronKey devices are certified with FIPS140-2 Level 3. This
2110, 2021
DeepSec 2021 Talk: Releasing The Cracken – A Data Driven Approach for Password Generation – Or Safran & Shmuel Amar
By now, it should be well known that passwords are like underwear, they should be changed often, the longer the better and it’s better not to leave them lying around. While the big players advocating for passwordless authentication, passwords are still the most common authentication method. In the wild, we’ve seen thousands of organizations experiencing password spraying and bruteforce attacks on their users. Although MFA should mitigate some of the threats, it’s still not implemented on all protocols and in some cases was bypassed by security flaws in the IDP. In this talk, we’ll present a new concept for password security – smartlists, built on a new data driven approach that utilizes recent advancements in NLP. Together with this talk, we are proud to release a new FOSS tool that makes these new concepts
2010, 2021
DeepSec 2021 Talk: Firmware Surgery: Cutting, Patching and Instrumenting Firmware for Debugging the Undebuggable – Henrik Ferdinand Nölscher
Embedded systems can be challenging to analyze. Especially on automotive systems, many things that we take for granted on other software such as debugging and tracing do not always work. This is further complicated by watchdogs and peripheral processors, that go haywire when strict timing and communication requirements are violated. On some systems, debugging is even impossible because debugging resources such as pins are either used for something else or they don’t exist at all! Assuming that code can be dumped, the solution for this can be emulation, however emulating a rich automotive system can be painful and many times, only few aspects of the system can be sufficiently modeled. What if there was an in-between? How can we debug, fuzz and tamper embedded firmware without access to real-time debugging or emulation? In this
1910, 2021
DeepSec 2021 Talk: When Ransomware fails – Sreenidhi Ramadurgam
Ransomware is a piece of code that is written by an attacker to encrypt the victim’s files. Even though it has been around for many years, its popularity has increased since the outbreak of Wannacry which shook the whole cyber world. When the logic of the ransomware code is observed we can see a common pattern here. It is similar to how humans interact with the system. I.e, to access the files, the code has to access the logical drive first. Here each logical drive is assigned a letter by the operating system. For example, when a code has to access the files in D drive, it has to access the drive ‘D’ first. What if there is a logical drive in the system which doesn’t have any letter assigned to it? Well, now