Tag Archive

DeepSec 2018 Talk: A Tour of Office 365, Azure & SharePoint, through the Eyes of a Bug Hunter – Dr.-Ing Ashar Javed

Published on October 5, 2018 By sanna

Cross-Site Scripting (XSS) outbreak has started almost twenty years ago and since then it has been infecting web applications at a concerning pace. It is feared that the influx of programs and bug hunters arriving at bug bounty platforms will worsen the situation given more disclosed cases of bug(s) or public citing and viewing. According […]

DeepSec 2018 Talk: Orchestrating Security Tools with AWS Step Functions – Jules Denardou & Justin Massey

Published on September 17, 2018 By sanna

Increasingly frequent deployments make it impossible for security teams to manually review all of the code before it is released. Jules Denardou and Justin Massey wrote a Terraform-deployed application to solve this problem by tightly integrating into the developer workflow. The plugin-based application has three core components, each represented by at least one Lambda function: […]

Meltdown & Spectre – Processors are Critical Infrastructure too

Published on January 6, 2018 By lynx

Information security researchers like to talk about and to analyse critical infrastructure. The power grid belongs to this kind of infrastructure, so does the Internet (or networks in general). Basically everything we use has components. Software developers rely on libraries. Usually you don’t want to solve a problem multiple times. Computer systems are built with […]

Google supports DeepSec 2017

Published on October 12, 2017 By lynx

You have probably heard of Google. Well, you will be hearing more from them if you come to DeepSec 2017. They have agreed to support our conference. They will be on site, and you will be able to talk to them. Every year we aim to give you opportunities for a short-cut, for exchanging ideas, […]

DeepSec 2016 Talk: Malicious Hypervisor Threat – Phase Two: How to Catch the Hypervisor – Mikhail A. Utin

Published on September 22, 2016 By sanna

The blue/red pill analogy has been used a lot when it comes to hypervisor security and virtualisation. While there are reliable ways to determine if your code runs in a hypervisor or not, the underlying problem still persists. How do you know if the platform your code runs on watches every single move, i.e. instruction […]

Of Clouds & Cyber: A little Story about Wording in InfoSec

Published on September 5, 2016 By lynx

In case you ever received a message about our calls for papers, you may have noticed that we do not like the word cyber. Of course we know that it is used widely. Information security experts are divided if it should be used. Some do it, some reject it, some don’t know what to do […]

Digital Naval Warfare – European Safe Harbor Decree has been invalidated

Published on October 8, 2015 By lynx

The global cargo traffic on the Internet needs to revise its routes. The Court of Justice of the European Union has declared the so-called „Safe Harbor“ agreement between the European Commission (EC) and US-American companies as invalid. The agreement was a workaround to export the EU Directive 95/46/EC on the protection of personal data to […]

New MJS Article: Trusting Your Cloud Provider – Protecting Private Virtual Machines

Published on June 17, 2015 By lynx

Once you live in the Cloud, you shouldn’t spent your time daydreaming about information security. Don’t cloud the future of your data. The Magdeburger Journal zur Sicherheitsforschung published a new article by Armin Simma (who talked about this topic at DeepSec 2014). The Paper titled »Trusting Your Cloud Provider: Protecting Private Virtual Machines« discusses an […]

DeepSec 2014 Talk: Cloud-based Data Validation Patterns… We need a new Approach!

Published on October 28, 2014 By sanna

Data validation threats (e.g. sensitive data, injection attacks) account for the vast majority of security issues in any system, including cloud-based systems. Current methodology in nearly every organisation is to create data validation gates. But when an organisation implements a cloud-based strategy, these security-quality gates may inadvertently become bypassed or suppressed. Everyone relying on these […]

DeepSec 2014 Talk: Trusting Your Cloud Provider – Protecting Private Virtual Machines

Published on September 12, 2014 By lynx

The „Cloud“ technology has been in the news recently. No matter if you use „The Cloud™“ or any other technology for outsourcing data, processes and computing, you probably don’t want to forget about trust issues. Scattering all your documents across the Internet doesn’t require a „Cloud“ provider (you only need to click on that email […]

DeepSec 2013 Video: Pivoting In Amazon Clouds

Published on February 23, 2014 By lynx

The „Cloud“ is a great place. Technically it’s not a part of a organisation’s infrastructure, because it is outsourced. The systems are virtualised, their physical location can change, and all it takes to access them is a management interface. What happens if an attacker gains control? How big is the impact on other systems? At […]

DeepSec 2013 Video: From Misconceptions To Failure – Security And Privacy In The US Cloud Computing FedRAMP Program

Published on February 18, 2014 By lynx

The „Cloud“ is the Fiddler’s Green of information technology. It’s a perpetual paradise built high above the ground where mortal servers and software dwell. Everyone strives to move there eventually, because once you are in digital paradise, then all your sorrows end. So much for the theory. The reality check tell a different story. This […]

DeepSec 2013 Video: Cracking And Analyzing Apple iCloud Protocols

Published on January 17, 2014 By lynx

The „Cloud“ has been advertised as the magic bullet of data management. Basically you put all your precious eggs into one giant basket, give it to someone else, and access your data from everywhere – provided you have a decent Internet connection. Since someone else is now watching over your data, you do not always […]

DeepSec 2013 Talk: Cracking And Analyzing Apple iCloud Protocols: iCloud Backups, Find My iPhone, Document Storage

Published on November 3, 2013 By lynx

The „Cloud“ technology is a wonderful construct to hide anything, because the „Cloud“ itself is no technology. Instead it is constructed out of a variety of different protocols, storage systems, applications, virtualisation and more. So „Clouds“ provide a good cover. Ask any fighter pilot. They will also confirm that the „Cloud“ is a great hunting […]

DeepSec 2013 Talk: Pivoting In Amazon Clouds

Published on October 17, 2013 By lynx

The „cloud“ infrastructure is a crucial part of information technology. Many companies take advantage of outsourced computing and storage resources. Due to many vendors offering a multitude of services, the term „cloud“ is often ill-defined and misunderstood. This is a problem if your IT security staff needs to inspect and configure your „cloud“ deployment with […]