DeepSec 2024 Talk: The Tyrant’s Toolbox – Julian & Pavle B.

Sanna/ October 30, 2024/ Conference/ 0 comments

Social media, and our communications systems, have devoured any semblance of privacy, putting the eyes and ears of authoritarian and wannabe fascist types into the pockets of each of us; radically erasing whatever distance once existed between those who exercise authority and the human objects of their control, both at home and abroad. As Professor Ronald J. Deibert, founder of Citizen Lab, eloquently highlights in his book “Reset: Reclaiming the Internet for Civil Society”: “…recent years have brought about a disturbing descent into authoritarianism, fueled by and in turn driving income inequality in grotesque proportions the rise of a kind of transnational gangster economy.” As we continue our descent into a global madness fueled by AI, spyware, algorithms, and misinformation, tyrants around the world continue to expand their toolbox. Through our talk, we examine

Read More

DeepSec 2024 Talk: AI’s New Era: Impacts on Health Data Security and Beyond – Sina Yazdanmehr & Lucian Ciobotaru

Sanna/ October 21, 2024/ Conference/ 0 comments

It has become easier to create AI systems because of the availability of many options and datasets. These AIs can quickly gain expert knowledge in different domains, enabling attackers to exploit scientific knowledge and target system and data security, which was not workable before. Although recent studies have highlighted these impacts, a tangible example has been missing. For instance, attackers can use AI’s expert knowledge in the healthcare sector to perform complex attacks with no need of domain expertise. Earlier this year, Google launched Health Connect, an Android app designed to share data seamlessly between medical and fitness apps, intended to replace Google Fit. While Health Connect is robust against conventional cyberattacks, it is susceptible to these emerging threats. In this talk, we will show an example of these threats by explaining a malicious

Read More

DeepSec 2024 Talk: Detecting Phishing using Visual Similarity – Josh Pyorre

Sanna/ October 10, 2024/ Conference/ 0 comments

Current phishing detection methods include analyzing URL reputation and patterns, hosting infrastructure, and file signatures. However, these approaches may not always detect phishing pages that mimic the look and feel of previously observed attacks. This talk explores an approach to detecting similar phishing pages by creating a corpus of visual fingerprints from known malicious sites. By taking screenshots, calculating hash values, and storing metadata, a reference library can compare against newly crawled suspicious URLs. By combining fuzzy searches and OCR techniques with other methods, we can identify similar matches. We asked Josh a few more questions about his talk. Please tell us the top 5 facts about your talk. In security, URL block lists are widely used, but I rarely see people utilizing a database of visual information to hunt for phishing attacks that

Read More

DeepSec 2024 Press Release: Manipulation on Social Media is dangerous for Democracies

Sanna/ September 24, 2024/ Conference, Press/ 0 comments

DeepSec conference publishes schedule and focuses on disinformation algorithms The original purpose of introducing Social Media was to provide individuals with a platform for expressing their own views. However, its increasing popularity has led to a creeping appropriation. Texts generated by algorithms, robot farms and dubious decisions by platform operators have turned social media into a hotbed of disinformation. The casual click on share, like buttons or the insertion of arbitrary comments, creates efficiency in mass manipulation. Political commentator Randahl Fink will analyse these practices at the opening of the DeepSec conference. Information and disinformation Most people think of technical implementations when they hear the terms information technology (IT) or information security. Of course, the foundation comprises networks, server systems, storage media and connections to the Internet. In addition, there are many end devices

Read More

DeepSec 2024 Talk: A Practical Approach to Generative AI Security – Florian Grunow & Hannes Mohr

Sanna/ September 12, 2024/ Conference/ 0 comments

The rise of applications based on AI (mostly generative AI) forces us to think about the security and privacy implications of these systems. We will try to make sense about the attack surface of generative AI applications, what practitioners in the field need to consider in development and operations, and how they can derive security measures for these systems. We will first dive into the range of generative AI applications using examples of the OpenAI ecosystem. This will give the audience an understanding about the fundamental problem of AI from a security perspective. We then offer an insight into the attack surface that those applications have. This will help understand what needs to be secured and what can be secured. Many times, good old security best practices will be a good start, although AI

Read More

DeepSec 2023 Talk: Post-quantum digital signatures using Verkle tree and AI in post-quantum cryptography – Maksim Iavich

Sanna/ October 3, 2023/ Conference

Recent advancements in quantum computing research have made significant progress. If we achieve a functional quantum computer, it has the potential to undermine the security of current public key cryptosystems, which are widely integrated into commercial products. Although there have been proposed solutions to counter quantum attacks, these solutions currently grapple with security and efficiency concerns in everyday use. This talk focuses on exploring hash-based digital signature techniques, particularly those rooted in Merkle tree structures. The research deeply investigates the viability of Verkle trees and vector commitments, introducing pioneering concepts within this field. At DeepSec I will present a novel post-quantum digital signature, using modern technologies, such as Verkle tree. I will talk about the working methology of making the signature post-quantum secure. I will describe the attack on post-quantum digital signatures using machine

Read More

DeepSec 2023 Talk: Skynet wants your Passwords! The Role of AI in Automating Social Engineering – Alexander Hurbean & Wolfgang Ettlinger

Sanna/ September 18, 2023/ Conference

We techies love solving problems with cool technology, to where we attempt to implement the economy in code. Although important in general, we know that, for example, blockchain, cryptography, and Secure Software Development Life Cycle (SSDLC) are irrelevant when the user enters their credentials on a phishing site. From an attacker’s point of view, though, we see that modern technologies such as artificial intelligence are immensely beneficial to attack one of the weakest links in security – humans. We will explore how modern technologies, for instance DeepFakes, Deep Neural Networks (DNNs), and Transformers, can be misused by bad actors. We will explore some interesting ideas for attacks, discuss their practical feasibility and show implementations of some of these attacks. We will also look at approaches to detect and defend against AI-powered attacks. We asked

Read More

DeepSec 2023 Press Release: Language Models do no cognitive Work –

Sanna/ August 30, 2023/ Conference, Press

The term Artificial intelligence (AI) is in the media, but it consists only of language simulations. If one follows the logic of the products currently offered under the AI label, we could easily remedy the shortage of skilled workers in the information technology sector. Take random people and let them consume tutorials, code examples, training videos and other documents related to the field of application for a few months. After this learning phase, skilled workers would automatically be available. TThe DeepSec conference is asking why there is still a lack of qualified personnel in IT. Algorithmically, the problem already seems to have been solved. Large Language Models (LLMs) and AI The so-called generative AI, which is now on everyone’s lips, is mathematically assigned to the research field of artificial intelligence. GPT, LLaMa, LaMDA or

Read More

DeepSec 2023 Press Release: DeepSec 2023 publishes Programme – This year’s conference focuses on language models and infrastructure

Sanna/ August 30, 2023/ Conference, Press

  Everyone is discussing Artificial Intelligence language models that have vast amounts of learning data. Language models are supposed to revolutionise information technology overnight, but their first applications are actually digital attacks. TThe current state of deep fake detection, social engineering attacks, and security incident response benefits will be highlighted at the DeepSec security conference this year. Of course, there are many more presentations that are indispensable for digital defence. Language models do not think, they forge Attacks through phishing emails and social engineering bypass technical measures through communication. By imitating victims’ language, attackers try to get them to support the attack with their own actions. Artificial persuasion is the speciality of AI language models, as they are designed to simulate conversation. Alexander Hurbean discusses which tools are available for these attacks and how

Read More

DeepSec Scuttlebutt: Fun with Fuzzing, LLMs, and Backdoors

René Pfeiffer/ July 31, 2023/ Call for Papers, Scuttlebutt

[This is the blog version of our monthly DeepSec Scuttlebutt musings. You can subscribe to the DeepSec Scuttlebug mailing list, if you want to read the content directly in your email client.] Dear readers, the Summer temperatures are rising. The year 2023 features the highest measured temperatures in measurement history. This is no surprise. The models predicting what we see and feel now have been created in the 1970s by Exxon. So far, the model has been quite accurate. What has this to do with information security? Well, infosec also uses models for attack and defence, too. The principles of information security has stayed the same, despite the various trends. These are the building blocks of our security models. They can be adapted, but the overall principles have little changed from two-hosts-networks to the

Read More

DeepSec 2023 Talk: Deepfake vs AI: How To Detect Deepfakes With Artificial Intelligence – Dr. Nicolas Müller

Sanna/ June 6, 2023/ Conference

Artificial intelligence is developing at a breathtaking pace, already surpassing humans in some areas. But with opportunity comes potential for abuse: generative models are getting better at creating deceptively real deepfakes – audio or video recordings of people that are not real, but entirely digitally created. While the technology can be used legitimately for film and television, it has great potential for abuse. This lecture illustrates this problem using audio deepfakes, i.e. fake voice recordings. The technical background of synthesis will be highlighted, and current research on countermeasures will be presented: Can we use AI to expose deepfakes? Can we learn to recognise deepfakes, and if so, how? We asked Dr. Nicolas Müller a few questions about his talk. Please tell us the top 5 facts about your talk. We will listen to Angela

Read More

Press Release: IT World in AI Mania

Sanna/ February 16, 2023/ Development, Legal, Press, Security

Artificial intelligence (AI) is on everyone’s lips, but its results fall short of all expectations. Wouldn’t it be nice if computers could effortlessly give meaningful results to all kinds of questions from all kinds of unstructured data collections? Periodically, algorithms that do incredible things are celebrated in information technology. At the moment, it is the turn of artificial intelligence algorithms. Search engines are retrofitting AI. But the supposed product is far from real cognitive performance. Many open questions remain. History of Algorithms The first experts to work with algorithms to emulate human thought processes came from the fields of mathematics and philosophy. They wanted to formalise analytical thinking from the subfield of logic and describe it in models. In the 1950s, the algorithms were implemented on the computers that were emerging at the time.

Read More

DeepSec 2021 Talk: How to Choose your Best API Protection Tool? Comparison of AI Based API Protection Solutions – Vitaly Davidoff

Sanna/ August 26, 2021/ Conference

As the world becomes more and more connected, Application Security becomes an important concern. Especially regarding the Internet of Things (IoT), Application Programming Interface (API), and Microservices spaces. In addition, the proper access management needs to be seriously addressed to ensure company assets are securely distributed and deployed. There are many tools on the market providing AI based API protection and anomaly detection but what really works? How to choose the best solution? During my talk, I will share results from the research of reviewing different architecture approaches and AI solutions introduced by different favorite tools on the market, from WAF to workload protection systems. We asked Vitaly a few more questions about his talk. 1) Please tell us the top facts about your talk. This talk is a first try to dive deep

Read More

Translated Article: EU-US Summit Against Secure Encryption

Sanna/ March 31, 2021/ Legal, Stories

Gipfel EU-USA gegen sichere Verschlüsselung by Erich Moechel for fm4.ORF.at The agenda of the virtual meeting at a high-ranking official level in two weeks features pretty much all data protection-related topics that are currently controversial in Europe. Joe Biden’s appearance before the EU Council of Ministers will be followed by a two-day video conference on April 14th at the top level of officials in the field of justice and homeland security between the EU and the USA. Practically all currently controversial issues around data protection are on the agenda, from cross-border data access for law enforcement officers to joint action against secure encryption. This is also the case with the “fight against child abuse”, which is once again being instrumentalized for these general surveillance projects. Ylyva Johansson, EU Commissioner for Home Affairs and Justice, commissioned a

Read More