2505, 2019

Use Handshake Data to create TLS Fingerprints

René Pfeiffer/ May 25, 2019/ Discussion, Security

While the whole world busily works on the next round of the Crypto Wars, the smart people work on actual information security. TLS has always been in the focus of inspection. Using on-the-fly generated certificates to look inside is a features of many gadgets and filter applications. Peeking at the data is moot if you control either the server or the client. If you have to break TLS on purpose (hopefully) inside your own network, you probably have to deal with software or system you cannot control. In this case TLS is the least of your security problems. Dealing with a lot of network traffic often uses a metadata approach in order not to process gigantic amounts of data. Enter TLS fingerprinting. The TLS handshake contains a lot of parameters such as version numbers,

Read More

2405, 2019

Getting ready for BSidesLondon – Support the Rookie Track!

René Pfeiffer/ May 24, 2019/ Security

Deadlines are great. They serve as a great syscall. Everything must be ready and be written to disk. The schedule of BSidesLondon was already stored and forwarded. Have a look! It’s worth it! The titles sound great. We recommend having some IPv6 as a starter (IPv4 is really getting scarce these days). The main dish should have some pieces of cloud platforms, RF hacking, SOCs, and power grid. Emotet, GPUs, and Windows Event Log forensics. Don’t forget to support the rookies by attending their presentations. They put a lot of effort into the preparation, and they have lots of interesting topics ready for you. The 15 minute slots are great to get an in-depth introduction into the topic. In addition the rookies rely on the feedback of everyone of you, especially the exploit-hardened veterans

Read More

0404, 2019

Eth(er)ical Hacking – Hacker Defined Radio and analysing Signals

René Pfeiffer/ April 4, 2019/ Call for Papers, High Entropy

There is a lot going on in the wireless world. 5G is all the fashion, because frequencies are being auctioned. This is only the tip of the iceberg. Wireless protocols have become ubiquitous. The IEEE 802.11 family is one widespread example. Bluetooth, mobile networks, ZigBee, Z-Wave, and other wireless transmissions are widely used. If you go looking for signals, your first stop are usually industrial, scientific and medical (ISM) radio bands. But there is much more. It’s well worth to passively scan what’s all around you. The equipment is often the main obstacle preventing hacker from doing something. When it comes to radio waves you need a suitable antenna (or a couple thereof) plus the hardware to drive it. Even if you limit yourself to passive operation you still need something to catch, amplify,

Read More

0304, 2019

BSidesLondon Rookie Track – Personalities, Stories, Presentations

René Pfeiffer/ April 3, 2019/ Communication, Conference

In past articles we have written about the BSidesLondon Rookie Track. We also spread to call for mentors a while ago. Let’s talk about the people who will present at the Rookie Track and who haven’t spoken at conferences yet. While there exist a lot of helpful advice out there on how to speak, how to prepare, how to structure your presentation, there is one thing that can’t be created from scratch – your personality. It defines a lot of what you will be doing on the stage. It will also be a key component of your talk, so you should spend some time to think about this important factor. Social media, blogs, and discussions sometimes mention the term infosec rock star. This label carries a lot of different meanings. More often than not

Read More

0204, 2019

Ongoing DeepSec Call for Workshops – Trainers welcome!

René Pfeiffer/ April 2, 2019/ Call for Papers, Training

The Call for Workshops for the DeepSec conference in November 2019 is still open. If you have something to teach, let us know as soon as possible! We intend to inform potential trainees in the beginning of May about their options. This allows for a better planning and preparation, because we receive early requests for workshop content every year. So if you have something to teach, please let us know! You don’t need to use the Call for Papers manager in case you have content ready in a different format or just want to send us teaser materials. Topics we are looking for include (applied) cryptography, secure software development & design, helpful in-depth hints for penetration testers, sensible guides for combining machine learning/artificial intelligence with information security, in-depth network knowledge, threat hunting, and strategic

Read More

0104, 2019

Network Security right from the Beginning – Introducing DHCP-over-TLS (DoT)

René Pfeiffer/ April 1, 2019/ High Entropy

Every security researcher knows: If you want to secure a system, do it as early as possible. This is why Trusted Computing, Secure Boot, Trusted Execution Technology, and many more technologies were invented – to get the operating system safely off the ground right at boot time. After the booting process additional components have to be initialised. Dependencies are common in this stage. The second most important resource next to the local machine is the network. Most modern programming languages highly rely on network connection to get any work done. Local storage and memory is merely a big cache for temporary data to them. So how do you create a trusted boot process beyond the initial network configuration? The answer is easy. You just combine two highly mature and reliable protocols – Dynamic Host

Read More

2603, 2019

Remembering Mike Kemp (@clappymonkey)

René Pfeiffer/ March 26, 2019/ High Entropy

This blog post has no tags, because we cannot come up with any. Mike Kemp, also known as @clappymonkey on Twitter, has died. He spoke at the DeepSec conference back in 2012. We regularly saw him at other events and kept in touch. We have lost a great colleague. It is impossible to express what he was to you, us, and his family and friends. Our sympathies are with all of you who lost him as partner, friend, companion, mentor, and relative. We will miss him dearly.

0803, 2019

The fine Art of Mentorship

René Pfeiffer/ March 8, 2019/ Discussion, Security

We will support the Rookie Track at BSidesLondon in 2019 again. This is a perfect way for rookies to get started on presenting at a conference. However it is much more – the stages before the presentation is held. Preparing for 15 minutes of talk will keep you busy for ten or twenty times the amount you spend presenting. It depends on the research you have to do, the illustrations you have to create, the code samples, the tests, and a lot more things that need to be sorted out. That’s not an easy task. But you do not have to do it alone. BSidesLondon is looking for rookies and mentors. If you have experience in IT security, being on stage for presentations, research, and preparing materials for workshops and talks, then you should

Read More

1802, 2019

Translated Press Release: IT Security is increasingly dominated by Geopolitics

Sanna/ February 18, 2019/ Call for Papers, Conference, DeepIntel, ROOTS

DeepSec and DeepINTEL conference open call for papers – submission for lectures and trainings are in demand.Anyone who reads the technology part of their favourite magazine can hardly escape the promises of future network technologies. Your own car becomes a smartphone. The talking fridge becomes a therapist. 5G mobile networks promise high-speed fibre optic streaming of data on the speed-limited electric scooter. The second reading reveals the meaning of the letter G in 5G – it stands for geopolitics. As part of the network expansion, there are discussions about hidden killswitches for emergency shutdowns, entire networks and backdoors to eavesdrop on customers. In November, the DeepSec In-Depth Security Conference addresses the technical challenges of the Internet of Things, emerging network technologies, and geopolitical constraints dictated by key events of the last 6 years. 5G

Read More

1802, 2019

DeepSec 2019 – Call for Papers – Security Research Results wanted!

René Pfeiffer/ February 18, 2019/ Call for Papers, Conference

The DeepSec 2019 In-Depth Security Conference is calling for presentations and trainings. We are interested in your information security research. Since 2007 DeepSec has aimed to provide in-depth analysis of design flaws, vulnerabilities, bugs, failures, and ways to improve our existing IT ecosystem. We need more high quality reviews of code and concepts we rely on every day. Digital processing power and network connections have become ubiquitous. So the focus of this year’s DeepSec will be on the Internet of Things (IoT), processing/moving data (small and big), infrastructure (critical and convenient), the statistics of data analysis (also called machine learning), real artificial intelligence (not statistics or clever use of Markov chains), and the current state and future of information security research. Due to past and current geopolitical events affecting information technology and the security

Read More

1402, 2019

Supporting BSidesLondon “My Machine is not Learning” 2019

René Pfeiffer/ February 14, 2019/ Conference

This year’s BSidesLondon is pondering the most important question of machine learning. What is my machine doing and learning? Well, it might be that “My Machine is not Learning” at all. Sounds a lot like the intelligence we all know from living beings. So, armed with this new motto, BSidesLondon is turning 9, and we will support the Rookie Track again. The winner gets a trip to Vienna and free entry to DeepSec 2019. Get going and get started with your presentation! It’s worth it, and we love to welcome you in Vienna! Ask @5w0rdFish about it. If you are looking for research topics, please drop us a line. We have some ideas about good questions and things to explore. See you in London!

0802, 2019

Save the Date for DeepINTEL and DeepSec 2019

René Pfeiffer/ February 8, 2019/ Administrivia, Conference, DeepIntel

We did some clean-up and dealt with the administrative issues of past and future events. Finally we can announce the dates for DeepINTEL 2019 and DeepSec 2019. Grab or calendars or log into them: DeepSec 2019 Trainings – 26/27 November 2019 DeepSec 2019 Conference – 28/29 November 2019 DeepINTEL 2019 – 27 November 2019 The conference hotel is the same as for every DeepSec. We haven’t changed our location. As for the date, yes, we announced at the closing ceremony that we won’t collide with thanksgiving. We tried hard to avoid this, but given the popularity of Vienna as a conference and event city we had no choice. For 2020 and consecutive years we will do early reservations in order to avoid the week of Thanksgiving. The call for papers opens soon, as does

Read More

0801, 2019

Translated Article: Campaign of the Spy Alliance “Five Eyes” against WhatsApp and Co

Sanna/ January 8, 2019/ Discussion, High Entropy, Security

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone. Every two years, around the same time, a campaign of the espionage alliance “Five Eyes” against encryption programs takes place. Unlike in 2016, the new campaign has reached its first goal in a flash. In early December, a bill was passed in the Australian Parliament obliging Internet companies to break up encrypted communications. The providers of Whatsapp, Snapchat, and Co are hereby required to build surveillance interfaces into their apps to give hidden access to the Australian law enforcement. In a parliamentary coup – without discussion or amendments – the “Assistance

Read More

0701, 2019

ROOTS 2018: Library and Function Identification by Optimized Pattern Matching on Compressed Databases – Maximilian von Tschirschnitz

Sanna/ January 7, 2019/ ROOTS

[Editor’s note: This article belongs to the Reversing and Offensive-oriented Trends Symposium 2018 (ROOTS). It was misplaced, so we publish it today. Maximilian’s talk was recorded and can be watched on Vimeo.] The goal of library and function identification is to find the original library and function to a given machine-code snippet. These snippets commonly arise from penetration tests attacking a remote executable, static malware analysis or from an IP infringement investigation. While there are several tools designed to achieve this task, all of these seem to rely on varied methods of signature-based identification. In this work, the author argues that this approach is not sufficient for many cases and propose a design and implementation for a multitool called KISS. KISS uses lossless compression and highly optimized pattern matching algorithms to create a very

Read More

0401, 2019

Analysing Data Leaks and avoiding early Attribution

René Pfeiffer/ January 4, 2019/ High Entropy

The new year starts with the same old issues we are dealing with for years. German politicians, journalists, and other prominent figures were (are) affected by a data leak. A Twitter account started tweeting bits from the leaked data on 1 December 2018 in the fashion of an Advent calendar. The account was closed today. You will find articles describing single parts of what may have happened along with tiny bits of information. Speculation is running high at the moment. So we would like to give you some ideas on how to deal with incomplete information about a security event floating around in the Internet and elsewhere. Attributing data leaks of this kind is very difficult. Without thoroughly understanding and investigating the situation, proper attribution is next to impossible. Given the method of disclosure

Read More