DeepSec 2023 Tech Track Workshop: Tabletop Exercise/War Games – Julian Botham & Aron Feuer

Sanna/ October 21, 2023/ Conference

The objective of an tabletop exercise is to assess and enhance an organization’s preparedness and executive decision-making protocols in the event of a ransomware attack. The exercise will simulate a ransomware attack on critical systems, culminating in encrypted files and a ransom demand. Participants will role-play as C-suite executives, IT security managers, legal advisors, and the public relations team. The exercise will cover key activities, such as initial incident identification, activation of the incident response team, internal and external communication protocols, decision-making concerning ransom payment, coordination with law enforcement, system recovery and restoration, and post-incident analysis. We asked Julian and Aron a few more questions about their tabletop exercise. Please tell us the top 5 facts about your talk. The average ransom in 2023 is $1.54 million, almost double the 2022 figure of $812,380

Read More

DeepSec 2023 Talk: Improving Cyber Resilience Through Micro Attack Simulations – Christian Schneider & Kevin Ott

Sanna/ October 20, 2023/ Conference

With the increasing adoption of Red Teaming and Purple Teaming in the cybersecurity industry, organizations that have achieved high levels of security maturity can greatly benefit from these activities. However, organizations at the onset of building a security program are often left out. This talk introduces Micro Attack Simulations, an innovative approach that allows organizations to validate specific security controls without waiting for full-blown Red Teaming exercises. Micro Attack Simulations focus on assessing single or multiple security controls that are already implemented, providing a valuable approach for organizations aiming to bolster their cyber resilience. These simulations not only focus on technical aspects but also consider non-technical security controls such as escalation procedures and reporting paths during security incidents. As a result, organizations can derive specific Red Team unit tests and perform a gap analysis

Read More

DeepSec 2023 Talk: The Attackers Guide to Exploiting Secrets in the Universe – Mackenzie Jackson

Sanna/ October 12, 2023/ Conference

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the

Read More

DeepSec 2023 Talk: Up Close & Personnel – Chris Carlis

Sanna/ October 11, 2023/ Conference

You work hard to defend against internet-based threats, but how prepared are you when the attacker is on your literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can cause a difficult to detect network compromise. Attendees will gain a stronger understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited. We asked Chris a few more questions about his talk. Please tell us the top 5 facts about your talk. People often underestimate the amount of practice and level of skill needed to execute a good number of physical testing techniques. Your perimeter is probably bigger than you think or would

Read More

DeepSec 2023 Talk: KENOUGH: More Than Just a Pretty Interface – Daniel Kroiss & Stefan Prinz

Sanna/ October 9, 2023/ Conference

The vast majority of organizations on our planet are SMEs who do not have the capability to leverage professional Threat Intelligence Tools or even have Threat Intelligence Teams. They continuously struggle to prioritize their efforts fixing security problems but are typically not focusing on the right stuff. Not all threat actors are equally likely to penetrate your organization. Therefore, not all TTPs are equally likely to be leveraged against you. MITRE ATT&CK is the de facto standard in researching current TTPs and figuring out how to detect and prevent them from happening. We created a small but powerful tool based on MITRE ATT&CK to easily figuring out connections between Threat Actors, malware, TTPs and their relevance to your industry to help you figure out what to focus on. The tool is specifically built for

Read More

DeepSec 2023 Talk: Adding Intelligence into a Security Program – Catalin Curelaru

Sanna/ October 6, 2023/ Conference

Cyber threat intelligence has become a critical security area for organisations trying to defend against threat actors. It is slowly making the shift from a buzzword to an actionable true program. But how confident are you as a security professional that you are moving in the right direction? Should a CTI program heavily focus on the APTs and ransomware groups, or could the focus be elsewhere? The following presentation will walk you through an APT case, present some key prioritizations on what is relevant at a specific time for a CTI program and evolve as time goes on. A reference case can be found online. We asked Catalin a few more questions about his talk. Please tell us the top 5 facts about your talk. APTs, Pandas, Bears, Visma Security Program, Cyber Threat Intelligence

Read More

DeepSec 2023 Talk: Post-quantum digital signatures using Verkle tree and AI in post-quantum cryptography – Maksim Iavich

Sanna/ October 3, 2023/ Conference

Recent advancements in quantum computing research have made significant progress. If we achieve a functional quantum computer, it has the potential to undermine the security of current public key cryptosystems, which are widely integrated into commercial products. Although there have been proposed solutions to counter quantum attacks, these solutions currently grapple with security and efficiency concerns in everyday use. This talk focuses on exploring hash-based digital signature techniques, particularly those rooted in Merkle tree structures. The research deeply investigates the viability of Verkle trees and vector commitments, introducing pioneering concepts within this field. At DeepSec I will present a novel post-quantum digital signature, using modern technologies, such as Verkle tree. I will talk about the working methology of making the signature post-quantum secure. I will describe the attack on post-quantum digital signatures using machine

Read More

DeepSec 2023 Training: Terraform: Infrastructure as Remote Code Execution – Michael McCabe

Sanna/ October 2, 2023/ Conference

This workshop will focus on ways to abuse the use of Terraform to elevate privileges, expose data, and gain further footholds in environments from a developer’s perspective. We’ll cover the common uses of Terraform and how a malicious actor could abuse Terraform. This talk will include multiple demos. We asked Michael a few more questions about his training. Please tell us the top 5 facts about your training. It will be very hands-on and great for folks that aren’t familiar with Terraform or have some experience. People will start with basic Terraform implementations in the cloud (AWS) and move up to more complex scenarios. We’ll cover multiple ways to hack via Terraform pipelines. You’ll learn how to use tools to prevent these abuses. You’ll have access to the lab code and can continue working

Read More

DeepSec Training: Improve your Pen-Testing Skills for Mobile Devices

René Pfeiffer/ September 29, 2023/ Conference, Training

Mobile devices are a common tool for businesses and private users. We have become accustomed to carry Internet-enabled devices with us. How do you test if your device is secure? What is the best way to find security weaknesses? Mobile security testing requires different tools and different knowledge of the platform and the applications involved. DeepSec 2023 offers a training to get you started with pen-testing all things mobile. The focus is on Android and iOS apps. Sven Schleier will help you to analyse apps, intercept network traffic, and to identify weaknesses that can be turned into exploits. The course is a deep-dive into mobile technology. It also helps you when you need to bypass SSL pinning, Touch ID, Face ID, or similar barriers. Circumventing anti-jailbreaking technologies are covered, too. The skills are absolutely

Read More

DeepSec 2023 Talk: The Evolution of Linux Binary Exploitation: From Outdated Techniques to Sophisticated Modern Attacks – Ofri Ouzan & Yotam Perkal

Sanna/ September 28, 2023/ Conference

In the ever-evolving realm of cybersecurity, the cat-and-mouse game between attackers and defenders continues to intensify. To safeguard critical systems against malicious exploitation, the hardening of binary files has emerged as a fundamental security measure. However, no security measure remains impervious to threats, and binary hardening techniques face ongoing challenges. This talk aims to shed light on the significance of binary hardening as a countermeasure against growing vulnerabilities. Through a comprehensive examination, we explore both traditional and contemporary binary exploitation techniques, providing real-world insights into modern exploiting methodologies that bypass protective mechanisms implemented through binary hardening. Our research addresses the lack of accurate and complete sources of information on binary hardening, emphasizing the importance of understanding ELF file structure and attacker avoidance strategies. By encouraging vigilance among developers and defenders, we aim to raise

Read More

DeepSec 2023 Talk: Using RPA to Simulate Insider Threats – Andrei Cotaie & Cristian Miron

Sanna/ September 27, 2023/ Conference

In a world where trust is a currency, and information is power, meet Jim, the innocent accountant, with access to many financial secrets. When his dream promotion slips through his fingers, Jim crosses the line from hero to rogue, unleashing a hidden fury fueled by betrayal. Lacking any technical skills but armed with insider knowledge, he becomes the ultimate insider threat. He can steal data without a trace, eluding the watchful eyes of the very firm that underestimated him. As colleagues celebrate their achievements, Jim orchestrates a daring heist of classified information, and security tools can’t detect him. He is the insider threat. Can he be caught as he employs ChatGPT knowledge and just google searches to grab and exfiltrate data from his company? In a thrilling tale of vengeance and deception, witness how

Read More

DeepSec 2023 Talk: RansomAWARE in 2023 – Steph Shample

Sanna/ September 26, 2023/ Conference

Ransomware’s explosion has been sustained for years. As tech changes, so too do the actor TTPs. It’s imperative to explore the 2023 mindset of ransomware actors: they are going after “target rich, cyber poor” industries that will make them money by selling data, exploiting the victims they hit as well as the partners and third party services linked to the victims. While double-, triple-, and quadruple- extortion practices are still around, actors are also adapting/changing their encryption processes to better emulate protective services such as anti-virus and file scanning software to blend in and provide no red flags to technical and cyber practitioners. This allows for a long-term, stealth presence in networks, which facilitates lateral movement to collect as much information as possible. We asked Steph a few more questions about her talk. Please

Read More

DeepSec 2023 Talk: I Just Wanted to Learn the Water Temperature… – Imre Rad

Sanna/ September 25, 2023/ Conference

The story started as a hobby project: I was about to retrieve the current temperature of a non-smart water heater in my apartment. To not void the warranty, I was looking for a non-intrusive solution that purely relies on off-the-shelf smart home gadgets only. Understanding the undocumented APIs of these IoT devices required reverse engineering the corresponding official mobile applications and eavesdropping on the network communication between them and the cloud management services. Researching this uncovered design flaws in the pairing protocol and vulnerabilities in the implementation that allowed attackers to steal victim sessions and to impersonate these devices for a life-time. We asked Imre a few more questions about his talk. Please tell us the top 5 facts about your talk. Recognizing digits on a still picture is far from easy (regardless the

Read More

DeepSec 2023 Talk: I’m Ok, You’re Ok, We’re Ok: Living with AD(H)D in Infosec – Klaus Agnoletti

Sanna/ September 22, 2023/ Conference

[This is a different topic than information security. Klaus’ presentation was included in the DeepSec 2023 schedule, because it deals with the way some of us are dealing with the individual thought processes. The work environment doesn’t fit for everyone.] I was diagnosed with AD(H)D almost three years ago, aged 44. Getting the diagnosis and being able to get proper medicine meant the world to me; suddenly I understood all those symptoms and I could function remarkably better. Better understanding also meant that I got more insight to why it was becoming increasingly harder for me to get and keep a job. So something had to happen. I’ve been an InfoSec professional for almost 20 years but after my diagnosis I moved to community marketing which basically meant doing the spare-time thing I love

Read More

DeepSec 2023 Press Release: Digitalisation Requires More Than Just Technology – DeepSec Conference Combines Digitalisation With IT Security Trainings

Sanna/ September 20, 2023/ Conference, Press

Digitalisation is a great opportunity and has arrived in all areas of society. However, there is more to it than using digital data and computer systems. Processes and ways of working need to be adapted. In addition, information security must be considered throughout, from design to implementation. The DeepSec conference again has extensive training on this topic in its programme. Digitalisation generates opportunities and markets The basic idea of digitalised processes in companies and administration is simplification through the use of IT infrastructure. Data is more easily available. Documents can be searched and found more easily. This also means that more information is available in digital form. The opportunities and markets generated by this are not all legal. In 2022, data from one billion Chinese nationals was copied. In 2018, the Indian government reported

Read More