Our traditional Winter break has been a bit longer than anticipated. We are working on the call for papers for DeepSec and DeepINTEL 2023 (14 to 17 November 2023). The location has not changed, so we can focus on the content of the conferences. This is a good time to check if you are on our call for papers mailing list. If you like our regular reminders and updates, please subscribe or tell us what email address we should add. Speaking of communication, the sabotage of Twitter continues. Today the APIs for posting content are limited to paid subscribers. This deliberately stops cross-posting content to Twitter from other sources. It affects updates from our blogs and updates via mobile phones, because we never used the official Twitter app (and will not in the future).
The last week was very exciting, Organising DeepSec and DeepINTEL 2021 right in the middle of changing regulation and travel restrictions was not easy. Both events were in in hybrid form with health protection measures. The pandemic has raised a lot of questions on how scientific research impacts government, politics, and society. One of our main concerns is to put scientific methods back into information security. While nobody dies or contracts a disease when information security fails, there are parallels between warnings of experts and the lack of adequate means to protect the population. We have some dates for your calendar. Please make a note and set your alarm for our events next year: DeepSec IT & Law Convention – 26 April 2022 DeepSec 2022 Trainings – 15/16 November 2022 DeepSec 2022 Conference –
The Internet was invented for sharing information. Publishing articles and raw data is still the main use case for networks. We use our blog for publishing articles covering topics of information security. It is the primary source of information. Article publications will be announced on our Twitter feed once the text is online. A while ago we started to publish our blog articles on Medium in parallel. The publication pipeline broken when Medium stopped supporting the plugin for our blog application. Re-publishing has since been done manually (hence the backlog on Medium). We occasionally update our Medium channel. Now this channel has a new link. If you prefer to read our articles on Medium, please use https://deepsec.medium.com/. Keep in mind that our blog articles published here will never hide behind a paywall or a
Summer is always a bad time for getting things done. Usually people are on holiday, sweat, relax, or travel for recreation. Things are different due to the Covid-19 precautions. Unfortunately our Call for Papers ends on 31 July 2020. This means we have to remind you about the deadline. We plan to publish the schedule in mid-August, so we don’t have much choice to ask you again for research results, insights, incidents, weaknesses, helpful hints for defence, and more.. Tell us about your research. Keep our reviewers busy! We have some additional information. We added a mailing list system to our infrastructure. The server is run by our event partners, the Crowes. So you can get news by raven, not only figuratively. The mailing lists we created are a tool to keep you informed.
Clear guidelines for events and conferences slowly emerge here in Austria. We have some news on how DeepSec, DeepINTEL, and ROOTS will look like in November. We will compile the set of regulations in a separate document and publish it on our web site. The constraints set by the authorities contain no show-stoppers for the event and the trainings. We will carefully work out a concept which we will use in November for everything that is going on on site in Vienna. 😷 We have the full support of our conference hotel, and we are confident that we can increase health protection and decrease risks for everyone attending. In addition we found some bug in the ticket shop system. The tickets for DeepINTEL, DeepSec conference / training, and ROOTS can be bought via the
We haven’t been idle in the past weeks. The Austrian government is reducing the lock-down rules to see how normal business and private life can go on. We take this as an opportunity to announce the first three confirmed trainings for DeepSec 2020. The preliminary descriptions can be found on our schedule web site. Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – Dawid Czagan (Silesia Security Lab) Open Hardware Hacking – Paula de la Hoz Garrido (Telefónica Security Engineering) Defending Industrial Control Systems – Tobias Zillner & Thomas Brandstetter (Limes Security) Early Bird tickets are available. Given the unusual start into 2020 we ask you to consider buying Early Bird tickets (especially for the trainings). We are exploring special attendee tickets for remote attendance of the trainings. A
We wrote in an earlier blog article about the current Sars-Cov-2 / Covid-19 emergency. Mathematics and biology didn’t stop, so you (hopefully) live in an area with restrictions regarding crowds and place where people can’t keep a safe distance. We, the organisation team of DeepSec, are in close contact with peers, members of the community, and reliable sources of information regarding countermeasures by the Austrian government. Given the current state of affairs the November dates of our events are still in the far future. This means that nothing has changed for our plans. Our calls for papers are still open. The only change will be no marketing messages and advertising for DeepSec and DeepINTEL. We don’t think that a crisis should be used for one’s own advantage. Please stick to facts and verified sources
DeepSec 2020 wants to support your project. We have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their research. Now we want to go one step further. Purpose: To encourage research by young professionals and academics on new and emerging cyber security issues, information security, new ways to use technology, defence, offence, and weaknesses in hardware/software/designs. Suggested Topics: Vulnerabilities in mobile devices, vulnerabilities in the Internet of Things (IoT), advances in polymorphic code, software attacks on hardware wallets, side channel attacks, hacking industrial control systems and smart cities, quantum and post quantum computing, penetration testing – defining what it means and standardization, and related topics. Let your creativity run
We took some time off to deal with the administrative side of running the DeepSec conference. Additionally some of us were engaged in project work. 2020 started early this time. There is a lot to do behind the scenes, especially in times where reading the news doesn’t help you to navigate the rest of the year. We also finished the travel plans for the year, so we will have some information where and when to connect to DeepSec. The most important information for you: There will be a DeepSec & DeepINTEL conference in 2020. There will also be a Reversing and Offensive-oriented Trends Symposium (ROOTS) again in 2020. The call for papers are in preparation and will open in two weeks. The dates are as follows: DeepSec Trainings 17/18 November 2020 DeepINTEL Conference 18
We fixed the dates for DeepINTEL and DeepSec 2020. As promised there will be no collision with Thanksgiving. DeepINTEL 2020 will be on 18 November 2020. The DeepSec trainings will be on 17/18 November 2020. The DeepSec conference will be on 19/20 November 2020. The Calls for Papers will open in February 2020. Have a rest and enjoy the holidays! We are looking forward to see you in Vienna (again)!
Training Teaser: Black Belt Pentesting a.k.a. Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation
Modern web applications consist of far more components than HTML content and a few scripts. In turn properly attacking web applications requires a diverse set of skills. You need to know how the back-end and the front-end works. This includes all of the scripting languages, data storage technologies, user interface peculiarities, frameworks, hosting technologies, and many more layers. DeepSec 2019 will feature a full-stack web exploitation dojo enabling you to understand the security of web applications, how to break them, and how to protect them. The training will be hosted by Dawid Czagan, expert in the field. He will guide you through every technology and attack method relevant to information security of web applications such as: REST API hacking AngularJS-based application hacking DOM-based exploitation Bypassing Content Security Policy (CSP) Server-side request forgery Browser-dependent exploitation
We did some clean-up and dealt with the administrative issues of past and future events. Finally we can announce the dates for DeepINTEL 2019 and DeepSec 2019. Grab or calendars or log into them: DeepSec 2019 Trainings – 26/27 November 2019 DeepSec 2019 Conference – 28/29 November 2019 DeepINTEL 2019 – 27 November 2019 The conference hotel is the same as for every DeepSec. We haven’t changed our location. As for the date, yes, we announced at the closing ceremony that we won’t collide with thanksgiving. We tried hard to avoid this, but given the popularity of Vienna as a conference and event city we had no choice. For 2020 and consecutive years we will do early reservations in order to avoid the week of Thanksgiving. The call for papers opens soon, as does
We have rearranged the ROOTS 2018 schedule to its final form. You may have noticed that it is more condensed. We thought it would be easier to connect, to discuss, and to exchange ideas without the stretch over two days. Furthermore it is easier to have sessions with a specific focus when there is more unallocated time to use. ROOTS 2018 will get its own keynote presentation, too. We are currently sorting out the details. You may wonder why there are so many empty slots. The reason is simple. ROOTS is an academic workshop. All presentations must be submitted formally correct. Then they are reviewed by the programme committee. The submitted content is graded according to the scientific methods used, research topic, evaluation of the results, the conclusion, and so on. After that there
The review process for ROOTS has been completed a few days ago. Proper reviews are hard, this is why it took a bit longer. The accepted papers will be in the schedule at the beginning of next week for we need the redacted abstracts of all presentations. The research topics are worth it, so make sure to check the schedule next week. For all of you looking for in-depth knowledge and hands-on training – please book tickets for our trainings as soon as possible! This is not meant to rush you. We just want to make sure that you get the training you want. Booking last minute is a sure way of making it hard to plan ahead. Furthermore the first courses are filling up. You might not get a seat if you wait
DeepSec Conference offers trainings for security researchers Vienna (pts010 / 04.09.2018 / 08:30) – This year, in addition to lectures about the failing of security measures, the DeepSec In-Depth Security Conference will offer a workshop for finding vulnerabilities. Unfortunately the testing of software in the context of quality assurance is no longer sufficient in the modern, networked world. The prefix “Smart” does not change anything about existing weaknesses. The training is therefore aimed at professionals, already working in development, and at security experts, to specifically strengthen the development of safer products in industry and companies. Complex Technologies and their Susceptibility to Errors Not only since the birth of the Internet of Things modern products can’t manage without software. If you add networking and the high level of complexity of individual parts, this is a