The past four days were quite busy for the DeepSec Organisation Team. We had to prepare the realspace implementation of our mission control in our office. We had to fight some gremlins in hardware and software, but we managed to create the stream feeds. We hope you enjoyed the presentations! The streams were recorded, and we will start with the post-processing. Due to the dual-track – and the ROOTS event – one always has to decide which presentation to watch. In our long-time tradition attendees and speakers will get to watch the videos first (for quality assurance), and then we will release the whole DeepSec 2020 collection. We recommend your favourite lounge, drink, and company for watching the recordings later. A very big thanks go to everyone contributing content, being part of the events,
The stream link for the DeepSec 2020 Right Pirouette track has changed. Somehow the cloud ate our old link (end event). No recordings were lost, just the link to the streaming platform. We apologies for this change, but there is not much we can investigate. The password is the same. For a complete list: DeepSec 2020 Right Pirouette track – https://vimeo.com/481384818 DeepSec 2020 Left Pirouette track – https://vimeo.com/event/475468 The closing presentation will be after the last presentation in the Right Pirouette (as always when on-site at the conference hotel).
Machine learning based models have proven to be effective in a variety of problem spaces, especially in malware detection and classification. However, with the discovery of deep learning models’ vulnerability to adversarial perturbations, a new attack has been developed against these models. The first attacks based on adversarial example research focused on generating feature vectors, but more recent research shows it is possible to generate evasive malware samples. In this talk, I will discuss several attacks that have been developed against machine learning based malware classifiers that leverage adversarial perturbations to develop an adversarial malware example. Adversarial malware examples differ from adversarial examples in the natural image domain in that they must retain the original malicious program logic in addition to evading detection or classification. Adversarial machine learning has become increasingly popular and is
Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which
DeepSec 2020 Talk: Old Pareto had a Chart: How to achieve 80% of Threat Modelling Benefits with 20% of the Efforts – Irene Michlin
The earlier in the lifecycle you pay attention to security, the better are the outcomes. Threat modelling is one of the best techniques for improving the security of your software. It is a structured method for identifying weaknesses on design level. However, it is often perceived by the organisations as too expensive to introduce, or too slow to fit modern lifecycles, be it Agile, Lean, or DevOps. This talk will show how to fit threat modelling in fast-paced software development, without requiring every developer to become an expert. The outcomes should be immediately applicable, hopefully empowering you to try it at work the day after the conference. We asked Irene a few more questions about his talk. Please tell us the top 5 facts about your talk. Based on my experience introducing threat modeling
We have verified the DeepSec schedule and did some changes. The layout looks a bit shifted. The reason is a time-shift between the two DeepSec main tracks Left Pirouette and Right Pirouette (named after the rooms in our long-time conference hotel). Since we have set up our mission control in our office and lack the space to have two session chairs use the stage and the camera feed simultaneously the two tracks need to be time-shifted. The presentations in the Left Pirouette start 20 minutes later than the presentations in the Right Pirouette. We tried hard to avoid this, but the current configuration requires adding this feature to the schedule. The two tracks overlap any way, so if you are interested in either talk, then you have to make up your mind with or
Technology is evolving. This is especially true for computer science and the related information technology branch. When everything is outdated after a couple of months, the wind of change turns into a storm. It also affects the way we work, processes which enable us to get work done, and changes perspectives how we see the world, code, and its applications. Dev, DevOps, and DevSecOps is a good example how these changes look like at the top of the iceberg. Subjectively information security is always a few steps behind the bleeding edge. The word „bleeding“ is a good indication of why this is the case. However, security professionals cannot turn back time and ignore the way the world works. New technology will always get pushed into all areas of our lives until its creators realise
ROOTs 2020: No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial – Fabrício Ceschin
Adversarial machine learning is so popular nowadays that Machine Learning (ML) based security solutions became the target of many attacks and, as a consequence, they need to adapt to them to be effective. In our talk, we explore attacks in different ML-models used to detect malware, as part of our experience in the Machine Learning Security Evasion Competition (MLSEC) 2020, sponsored by Microsoft and CUJO AI’s Vulnerability Research Lab, in which we managed to finish in first and second positions in the attacker’ and defender challenge, respectively. During the contest’s first edition (2019), participating teams were challenged to bypass three ML models in a white box manner. Our team bypassed all three of them and reported interesting insights about the models’ weaknesses. This year, the challenge evolved into an attack-and-defense model: the teams should either propose
Like every year, DeepSec and DeepINTEL get to the bottom of the current state of information security. So far, 2020 has shown that surprises and critical events are always to be expected. Information security still knows no break. On the contrary: weak points in software, hardware, legislature and infrastructure are a permanent threat to digital information. So that those affected still have better chances against constant attacks, the DeepSec and DeepINTEL conferences will take place this year completely digitally via the Internet. Security can only be achieved through joint efforts. Therefore, this November, as every year, there will be an exchange between experts, users, software developers, administrators and those responsible! Solving problems instead of postponing them Hardly any other area is constantly inventing new terms like information technology. Unfortunately, misunderstandings and obscuring their meaning
Effective end-to-end encryption is a critical component in everyday and business life. Over 300 years ago, cryptanalysis, i.e. the method for decrypting secret codes, had its heyday in Europe. In so-called black chambers or black cabinets (also known as cabinet noir) in post offices all letters from certain people were secretly opened, viewed, copied and closed again. The letters intercepted in this way were then delivered. The purpose was to find dangerous or harmful news for the regents of the time. The most active and efficient chamber in Europe was the Secret Cabinet Chancellery in Vienna. This early form of wiretapping was only ended in the 19th century. And this scenario of the imperial and royal courts is now facing all European companies and individuals. End-to-end encryption is to be provided with back doors
The discussion about how to tackle end-to-end encryption (E2EE) and how to reconcile it with surveillance is almost 30 years old. The very first Crypto War was sparked by the Comprehensive Counter-Terrorism Act of 1991 (no, there is no mention of cryptography in it, because it was the first draft of a series of legislative texts dealing with a reform of the US justice system; have a look at the author of the act). In the following years things like strong cryptography, export bans on mathematics, or the creation of Phil Zimmerman’s Pretty Good Privacy (PGP) were a follow-up. Even the proposal of having the Clipper chip present in telecommunication devices and the concept of key escrow was discussed in the wake of the reform. Sometimes laws have to grow with the technology. All
Auf den Terroranschlag folgt EU-Verschlüsselungsverbot by Erich Moechel for fm4.ORF.at In the EU Council of Ministers, a resolution was made ready within five days, obliging platform operators such as WhatsApp, Signal and Co to create master keys for monitoring E2E-encrypted chats and messages. The terrorist attack in Vienna is used in the EU Council of Ministers to enforce a ban on secure encryption for services such as WhatsApp, Signal and many others in a fast track procedure. This emerges from an internal document dated November 6th from the German Presidency to the delegations of the member states in the Council, which ORF.at has received. This should now be understood as the “further steps against terrorism” that French President Emmanuel Macron wants to discuss with Federal Chancellor Sebastian Kurz (ÖVP) in a video conference at
We wish to express our deepest condolences and sympathies to the families of the victims and wish a speedy recovery to the injured of last nights attacks in Vienna. Our thoughts are with them and the many women and men protecting the everyday life in the city. Vienna is one of the safest cities in Europe. Since 2007 the DeepSec team enjoys bringing you all to this wonderful city. We will continue to do this. Information security is a team effort and so is creating safe places for everyone. Don’t give the extremists the stage. Ignore them and care about the ones deserving your attention. Stay safe, stay healthy!
DeepSec 2020 Talk: TaintSpot: Practical Taint Analysis and Exploit Generation for Java – Dr. – Ing. Mohammadreza Ashouri
“In this talk I will introduce a scalable and practical security analysis and automatic exploit generation approach, which is called TaintSpot. It works based on an optimized hybrid taint analysis technique that combines static and dynamic vulnerability analysis. TaintSpot generates concrete exploits based on concolic testing for programs written for the Java Virtual Machine (JVM) ecosystem.TaintSpot is specially designed for operating on large-scale proprietary executable binaries with multiple external dependencies. TaintSpot is under development system; for now, it targets JVM binaries, but I plan to extend it to android applications.” We asked Mohammadreza a few more questions about his talk. Please tell us the top 5 facts about your talk. Static and dynamic taint analysis have various advantages and disadvantages; I consider consolidating the best of these techniques to improve the effectiveness and scalability
On 31 October 2020 at 1730 the Austrian government held a press release to announce new COVID-19 regulations. Since this press release was only the political message and the actual legally binding regulation is still not published we cannot give you an update yet. We don’t know when the regulation will be published. Given these circumstances we cannot give you any more details, but we are working on it. We hope to have more details on Tuesday/Wednesday. We assure you that we have contingency plans, because we expected this situation a few months ago.