DeepSec 2023 Training: Security Intelligence: Practical Social Engineering & Open-source Intelligence for Security Teams – Christina Lekati

Sanna/ August 25, 2023/ Conference, Interview, Training

Social engineering attacks remain at the top of the threat landscape and data breach reports. Reports tend to oversimplify breaches as just phishing attacks, but current research shows it’s more complex. Social engineering attacks have been evolving. Successful phishing emails are usually a result of a larger attack based on research and intelligence that identifies organizational vulnerabilities. But it doesn’t stop there. Weaponized psychology is still a powerful component of social engineering attacks. Security professionals and testers need to know how social engineering works and how to stop attacks. This class aims to provide participants with the necessary knowledge on open-source intelligence and social engineering, to help security teams build better protective measures (proactive & reactive) and to inform their security strategy. It also aims to help penetration testers improve their recommendations and provide

Read More

DeepSec 2023 Talk: Deepfake vs AI: How To Detect Deepfakes With Artificial Intelligence – Dr. Nicolas Müller

Sanna/ June 6, 2023/ Conference

Artificial intelligence is developing at a breathtaking pace, already surpassing humans in some areas. But with opportunity comes potential for abuse: generative models are getting better at creating deceptively real deepfakes – audio or video recordings of people that are not real, but entirely digitally created. While the technology can be used legitimately for film and television, it has great potential for abuse. This lecture illustrates this problem using audio deepfakes, i.e. fake voice recordings. The technical background of synthesis will be highlighted, and current research on countermeasures will be presented: Can we use AI to expose deepfakes? Can we learn to recognise deepfakes, and if so, how? We asked Dr. Nicolas Müller a few questions about his talk. Please tell us the top 5 facts about your talk. We will listen to Angela

Read More

DeepSec 2023 Training: Mobile Security Testing Guide Hands-On – Sven Schleier

Sanna/ June 5, 2023/ Training

Software cannot be tested by machines alone. In order to identify security weaknesses, you will need the right toolchain and expertise on how to use the tools. Therefore, we asked Sven Schleier to give you a two-day deep dive into mobile security testing. Embark on an exciting journey to master the art of hacking mobile apps! Join this course led by Sven Schleier, where you’ll learn how to analyze mobile apps for security vulnerabilities. With dynamic testing, static analysis, and reverse engineering techniques, you’ll uncover the secrets of app attacks. Dive into Android and iOS testing, using virtualized devices provided by Corellium. Each student will get a rooted Android and jail broken iOS instance for the duration of the training and the only pre-requisite is having a laptop with macOS, Windows, or Linux. Explore

Read More

DeepSec 2023 Workshop: Black Belt Pentesting / Bug Hunting Millionaire (100% Hands-On, Live Online Training, 24-25 October) – Dawid Czagan

Sanna/ June 1, 2023/ Conference, Training

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training! I will discuss security bugs found by several bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session. Watch 3 exclusive videos

Read More

DeepSec 2023 Workshop: Web Hacking Expert: Full-Stack Exploitation Mastery [Video Training, Lifetime Access] – Dawid Czagan

Sanna/ May 30, 2023/ Conference, Training

Watch the trailer for your training! Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique video training, and take your professional pentesting career to the next level. Dawid Czagan has found security bugs in many companies, including Google, Yahoo, Mozilla, Twitter, and in this video training he will share his experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively. Almost 5 hours of high-quality video courses with lots of recorded demos You will get lifetime access to these 5 video courses: Bypassing Content Security Policy in Modern Web Applications –

Read More

DeepSec Workshop 2023: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access – Dawid Czagan

Sanna/ May 26, 2023/ Conference, Training

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory. For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. Also, when the training is over, you can take the complete lab environment home to hack again at your own pace. I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers. Key Learning Objectives After completing this training, you will

Read More

#DeepSec Press Release: IT Security Has A Deficit In Defence

Sanna/ April 24, 2023/ Press, Security

[DeepSec traditionally leans more on the defence side of things. So we published this article.] Many people are now aware of the importance of information security, but how to operate secure systems is often not obvious. The reason lies in the deficit of real defence measures. This may sound paradoxical, but many products on the market deal with the activities after a successful attack. The prevention of attacks is mostly ignored. This year’s DeepSec conference therefore wants to provide some tuition in digital defence measures. Fire extinguishers instead of fire protection A simple scenario will serve as an illustration. Imagine that a company accumulates flammable material in its offices for historical reasons. Grown procedures lead to the fact that more and more hazardous materials are distributed throughout the premises. There is plenty of space.

Read More

Press Release: A 40-year Step Backwards for Secure Communication

Sanna/ March 2, 2023/ Press

The UK government’s Online Safety Bill wants to set back the state-of-the art for secure communication 40 years backwards. The proposal includes compulsory backdoors for communication platforms and will lead modern encryption technologies into complete futility. If implemented, the secure messenger Signal will withdraw from the British market. The law is a serious threat to businesses and represents an unprotected gateway for espionage. “Crypto Wars” – the fight against security Secure communication has been under constant legal attack since it became widespread. The secure exchange of messages is perceived as a threat because, technically, no monitoring of correspondence can be implemented. The encryption software Pretty Good Privacy (PGP) was created in 1991 by Phil Zimmermann. After the code was published on the internet and spread internationally in the following years, Zimmermann became the target

Read More