0511, 2018

DeepSec 2018 Training: Advanced Infrastructure Hacking – Anant Shrivastava

Sanna/ November 5, 2018/ Conference, Training

Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. We asked Anant a few more questions about his training. Please tell us the top 5 facts about your training. Constantly evolving course: Every year each iteration has something new added to it. (Minimum 25%, maximum 50% of the course gets an upgrade every year). Developed by Practitioners: The course is developed by regular pentesters deriving challenges from real life pen-testing scenarios. All of our trainers are full time pentesters and part time trainers. Covers a whole breadth of infrastructure: From IPv4/v6 to databases, to OSINT, Windows, Linux,

Read More

0211, 2018

DeepSec 2018 Talk: Suricata and XDP, Performance with an S like Security – Eric Leblond

Sanna/ November 2, 2018/ Conference, Security

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in the domain of security. A special focus lies on Suricata that uses this technology to enhance its performance and by consequence on the accuracy of its network analysis and detection. We asked Eric a few more questions about his talk. Please tell us the top 5 facts about your talk. Packet loss really matters. A threat detection engine like Suricata is losing 10% of IDS alerts if it misses 3% of traffic. And there are 10% of incomplete file

Read More

3010, 2018

DeepSec 2018 Talk: Mapping and Tracking WiFi Networks / Devices without Being Connected – Caleb Madrigal

Sanna/ October 30, 2018/ Conference

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, Kismet, et al. But what if you just want to view a list of all networks in your area along with all the devices connected to them? Or maybe you want to know who’s hogging all the bandwidth? Or what if you want to know when a certain someone’s cell phone is nearby? Or perhaps you’d like to know if your Airbnb host’s IP Camera is uploading video to the cloud? For all these use-cases, I’ve developed a new tool called “trackerjacker”. In this talk we’ll use this tool to explore some of the surprisingly informative data floating around in radio space, and you’ll come away with a new skill or two adding to your radio hacking skill

Read More

1710, 2018

DeepSec 2018 Talk: Security Response Survival Skills – Benjamin Ridgway

Sanna/ October 17, 2018/ Conference, Security

Jarred awake by your ringing phone, bloodshot eyes groggily focus on a clock reading 3:00 AM. A weak “Hello?” barely escapes your lips before a colleague frantically relays the happenings of the evening. As the story unfolds, you start to piece together details leading you to one undeniable fact: Something has gone horribly wrong… Despite the many talks addressing the technical mechanisms of security incident response (from the deep forensic know-how to developing world-class tools) the one aspect of IR that has been consistently overlooked is the human element. Not every incident requires forensic tooling or state of the art intrusion detection systems, yet every incident involves coordinated activity of people with differing personalities, outlooks, and emotional backgrounds. Often these people are scared, angry, or otherwise emotionally impaired. Drawing from years of real-word experience,

Read More

0410, 2018

DeepSec 2018 Talk: Dissecting The Boot Sector: The Hunt for Ransomware in the Boot Process – Raul Alvarez

Sanna/ October 4, 2018/ Conference, Security

Ransomware is as cyber as it gets these days. It’s all over the news, and it is a lucrative business case. Modern malicious software has been put to work for its masters. It is the platform of deployment for a whole variety of additional code. So why is ransomware not the same as any other malicious software? Raul Alvarez will explain this to you at DeepSec 2018: Ransomware slightly differs in their attack vectors, encryption algorithms, and selection of files to encrypt. A common ransomware technique is to encrypt files and hold it for ransom. Petya ransomware does the infection a bit different from the others. Instead of encrypting files, it encrypts the MFT, Master File Table, which contains the metadata and headers for each file in the system. Another trait of this malware

Read More