DeepSec 2025 Talk: Predicting IOCs with Historical Analysis – Josh Pyorre

Sanna/ October 7, 2025/ Conference/ 0 comments

What does looking at the history of malware, threat actors, and related network infrastructure tell us about the future? Are there unexpected connections to be found to help us not only find attribution, but potentially discover what to block, what to watch out for, and even predict where the next threat will be? Through the analysis of historical data of various malware variants, focusing primarily on ransomware, I will show the relationships of infrastructure and other indicators of compromise in an attempt to develop a mechanism for predicting how and where future threats might operate. This presentation will discuss the methods of collecting data and finding connections, and will help the attendees apply these results to their threat modeling and mitigation practices. We asked Josh a few more questions about his talk. Please tell

Read More

DeepSec 2025 Talk: Man-In-The-Service: Truly OpSec Safe Relay Techniques – Tobia Righi

Sanna/ October 4, 2025/ Conference/ 0 comments

Recently, due to EDRs, it has become harder and harder to abuse credential access by dumping LSASS after compromising a Windows server and gaining local administrator on it. So, many red-teamers, pentesters and APTs have moved towards a stealthier way of abusing credentials access by relaying such credentials in real-time to other mis-configured servers in the network. Gaining administrative access to a server can be quite helpful in this; however, all current techniques are not very effective and/or require complete or partial disruption of existing Windows services, making them not very opsec safe. Introducing RelayBox, a new technique to perform a Man-In-The-Service attack. Using RelayBox, an attacker is able to place themselves in between a legitimate Windows service, relay valid authentication attempts, without any disruption to the service’s usability. This creates a transparent proxy

Read More

DeepSec 2025 Talk: ∞ Day at Scale: Hijacking Registrars, Defeating 2FA and Spoofing 17,000+ Domains Even with DMARC – Alessandro Bertoldi

Sanna/ October 3, 2025/ Conference/ 0 comments

What happens when a registrar is the weakest link in your security chain? This talk reveals how systemic failures in credential recovery, 2FA bypass, and email spoofing allow persistent exploitation—even when domains have SPF, DKIM, and DMARC p=reject properly configured. Based on real-world research conducted between 2018 and 2025, we present ∞-day (forever-day) vulnerabilities affecting over 17,000 domains—including cross-tenant spoofing in N-Able Mail Assure and flaws in Register.it’s identity recovery procedures. We’ll show full control over customer panels with zero credentials, using only PDF forms and social engineering. We’ll also propose a concrete solution: a Reliability Scoring System for registrars and a “Green Check” trust mark for end users, integrated with RDAP and aligned with the NIS2 directive. This talk challenges assumptions about authentication, identity, and trust in Internet infrastructure—and offers both attack and

Read More

DeepSec 2025 Talk: Machine Learning Poisoning: How Attackers Can Manipulate AI Models for Malicious Purposes – Shahmeer Amir

Sanna/ October 2, 2025/ Conference/ 0 comments

The use of machine learning and artificial intelligence has been on the rise in various industries, including the field of cybersecurity. These technologies have shown great potential in detecting and mitigating cyber threats, but they also come with their own set of risks. One of the most significant risks is the threat of machine learning poisoning attacks. Machine learning poisoning attacks involve an attacker manipulating the data or the learning algorithm used by an AI model to compromise its accuracy or functionality. This type of attack is particularly dangerous because it can go undetected for a long time, and it can be challenging to trace its origins. A successful poisoning attack can result in the AI model making incorrect decisions, which can lead to a security breach or data loss. The session will cover

Read More

DeepSec 2025 Talk: Breaking Into OT Environments: Exploiting Vulnerabilities to Compromise Critical Infrastructure – Avanish Pathak

Sanna/ October 1, 2025/ Conference/ 0 comments

In this session, we’ll delve into how attackers systematically exploit weaknesses in Operational Technology (OT) systems to compromise critical infrastructure. OT systems—including building management systems (BMS), access control systems (ACS), and surveillance networks (CCTV)—are the backbone of many critical sectors, managing everything from facility operations to security and environmental controls. Despite their importance, these systems are often neglected in cybersecurity frameworks, making them prime targets for exploitation. We’ll explore real-world attack vectors and strategies used by adversaries to infiltrate OT environments, focusing on how they gain control over critical systems. Through a real-world example, I’ll demonstrate how I successfully gained unauthorized access by chaining faulty configurations to compromise a building management system (BMS). We’ll break down how attackers exploit common entry points, escalate privileges, and disrupt operations. Additionally, we’ll examine how adversaries move laterally

Read More

DeepSec 2025 Training: The Mobile Playbook – A Guide to iOS and Android App Security (hybrid – in person or online) – Sven Schleier

Sanna/ August 6, 2025/ Training/ 0 comments

This intensive two-day course equips you with practical skills for identifying and exploiting vulnerabilities in mobile apps across both Android and iOS. You’ll analyze a mix of real-world apps and custom training apps using tools like Frida, Burp Suite, jadx and other open-source tools. By the end of the training, you’ll know how to: intercept and analyze any type of network traffic in mobile apps, even when SSL pinning is used, bypass protection mechanisms such as root/jailbreak detection, decompile APKs and perform manual source code reviews, reverse engineer Swift-based iOS applications and apply a thorough methodology based on the OWASP Mobile Application Security Testing Guide (MASTG). The labs cover static and dynamic analysis, reverse engineering, and Software Composition Analysis (SCA), all through hands-on exercises. No need to bring your own devices — each participant

Read More

DeepSec 2025 Training: eCrime Intelligence – Aaron Aubrey Ng & Scott Jarkoff

Sanna/ August 5, 2025/ Training/ 0 comments

Understanding eCrime is no longer optional. It is a mission-critical capability for any organization serious about anticipating, preventing, and neutralizing today’s most pervasive cyber threats. This intensive training provides a comprehensive exploration of the eCrime ecosystem, unpacking the full spectrum of adversarial tactics, techniques, and procedures used by financially motivated threat actors to exploit organizations of all sizes and sectors. Blending traditional intelligence tradecraft with cutting-edge cyber security methodology, this course empowers cyber threat intelligence professionals, SOC analysts, CISOs, and forward-thinking defenders to operationalize threat intelligence, proactively reduce risk, and harden their defensive posture. Whether you are new to the world of eCrime or looking to refine your existing expertise, this course will give you the insight, confidence, and real-world skill-set to outpace adversaries. Through hands-on exercises, real case studies, and live tooling, participants

Read More

DeepSec 2025 Training: Becoming the Godfather of Threat Modeling – Mike van der Bijl

Sanna/ August 4, 2025/ Conference/ 0 comments

In the world of cybersecurity, there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move, you can take control and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy. Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately, you won’t only

Read More

DeepSec 2025 Press Release: High threat level for IT security research. IT security is under attack from politics and hostility towards science.

Sanna/ May 27, 2025/ Conference/ 0 comments

Information technology is an integral part of computer science and therefore also of mathematics. Since 2007, the DeepSec conference in Vienna has brought together international researchers to discuss current threats, publish acute vulnerabilities and exchange knowledge on the defence of critical infrastructure. The increasing hostility towards science and the dismantling of US authorities that contribute to IT security are jeopardising the work and, therefore, also the results of the research groups. One consequence is a higher threat level for European companies. The DeepSec conference aims to counter this as a platform. Networks and data in the crosshairs Data may not be crude oil, but it is the driving force behind modern information technology. Digitalisation has made data via networks and services indispensable in many companies. Very few people today can go about their working

Read More

DeepSec and DeepINTEL 2025 – Call for Papers!

René Pfeiffer/ March 19, 2025/ Administrivia, Call for Papers, Conference, DeepIntel

We have silent running since December. The reasons were behind-the-scenes updates, post-processing the past DeepSec conference, recharging our batteries, and adapting to the new situation in IT security influenced by geopolitics. Following the news since 20 January took a lot of head-shaking and wondering what the rest of 2025 will look like. This is where you come in. We want to see and hear you on stage at DeepSec and possibly DeepINTEL 2025. The Call for Papers is now open. The motto for DeepSec this year is “forbidden lore”. It is a reference to forbidden knowledge, the debate about full disclosure, and hard facts that are now declared illegal by authoritarian governments. DeepSec has always followed a scientific approach for discussing and questioning IT security. One of our past conferences even had the motto

Read More