Tag Archive

Last Call for your Web Application Security Training – Break all teh Web and enjoy it!

Published on November 9, 2018 By lynx

The Internet is full of web applications. Sysadmins used to joke that HTTP is short for Hypertext Tunnelling Protocol, because anything but web content is transported via HTTP these days. It’s the best way to break out of restricted environment, too. So the chances are good that you will need the skills for dealing with […]

DeepSec 2018 Talk: Suricata and XDP, Performance with an S like Security – Eric Leblond

Published on November 2, 2018 By sanna

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in […]

DeepSec2018 Talk: Manipulating Human Memory for Fun and Profit – Stefan Schumacher

Published on October 31, 2018 By sanna

Manipulating the Human Memory for Fun and Profit, or: Why you’ve never met Bugs Bunny in DisneyLand Hacking is not limited to technical things — like using a coffee machine to cook a soup — but also makes use of social engineering. Social engineering is the (mis)use of human behaviour like fixed action patterns, reciprocity […]

DeepSec 2018 Talk: Drones, the New Threat from the Sky – Dom (D#FU5E) Brack

Published on October 29, 2018 By sanna

I will talk about drones (not military ones). Drone risks and countermeasures. Drones have become an inherent risk not just for critical infrastructure, but also public events (sports, concerts) and privacy. I will speak about the exclusive risk catalogue I have developed for a small highly specialised start-up called DroneGuard. The catalogue contains over 140 […]

DeepSec 2018 Talk: Security Response Survival Skills – Benjamin Ridgway

Published on October 17, 2018 By sanna

Jarred awake by your ringing phone, bloodshot eyes groggily focus on a clock reading 3:00 AM. A weak “Hello?” barely escapes your lips before a colleague frantically relays the happenings of the evening. As the story unfolds, you start to piece together details leading you to one undeniable fact: Something has gone horribly wrong… Despite […]

Translated Press Release: Systemic Errors as Vulnerabilities – Backdoors and Trojan Horses

Published on October 9, 2018 By lynx

DeepSec and Privacy Week highlight consequences of backdoors in IT Vienna (pts009/09.10.2018/09:15) – Ever since the first messages were sent, people try to intercept them. Today, our modern communication society writes more small, digital notes than one can read along. Everything is protected with methods of mathematics – encryption is omnipresent on the Internet. The […]

DeepSec 2018 Talk: A Tour of Office 365, Azure & SharePoint, through the Eyes of a Bug Hunter – Dr.-Ing Ashar Javed

Published on October 5, 2018 By sanna

Cross-Site Scripting (XSS) outbreak has started almost twenty years ago and since then it has been infecting web applications at a concerning pace. It is feared that the influx of programs and bug hunters arriving at bug bounty platforms will worsen the situation given more disclosed cases of bug(s) or public citing and viewing. According […]

DeepSec 2018 Talk: Leveraging Endpoints to Boost Incident Response Capabilities – Francisco Galian, Mauro Silva

Published on October 5, 2018 By sanna

The information technology world is full of terms and acronyms. You got servers, nodes, clients, workstations, mobile devices, lots of stuff talking via the network to even more stuff. And then you got security breaches. How do you detect the latter? Well, you look for things out of the ordinary. Error messages, anomalies in behaviour, […]

DeepSec 2018 Talk: Dissecting The Boot Sector: The Hunt for Ransomware in the Boot Process – Raul Alvarez

Published on October 4, 2018 By sanna

Ransomware is as cyber as it gets these days. It’s all over the news, and it is a lucrative business case. Modern malicious software has been put to work for its masters. It is the platform of deployment for a whole variety of additional code. So why is ransomware not the same as any other […]

DeepSec 2018 Training: Malware Analysis Intro – Christian Wojner

Published on September 28, 2018 By sanna

With malware (malicious software) featuring crypto-trojans (ransomware), banking-trojans, information- and credential-stealers, bot-nets of various specifications, and, last but not least, industry- or even state-driven cyber espionage, the analysis of this kind of software ıs becoming more and more important these days. With a naturally strong focus on Microsoft Windows based systems this entertaining first-contact workshop […]

DeepSec 2018 Talk: IoD – Internet of Dildos, a Long Way to a Vibrant Future – Werner Schober

Published on September 26, 2018 By lynx

The Internet of Things has grown. Interconnected devices have now their own search engine. Besides power plants, air conditioning systems, smart (or not so smart) TV sets, refrigerators, and other devices there are a lot smaller and more personal things connected to the Internet. Your smartphone includes a lot of personal conversations, most probably pictures, […]

DeepSec 2018 Training: Advanced Penetration Testing in the Real World – Davy Douhine & Guillaume Lopes

Published on September 24, 2018 By sanna

Guillaume and Davy, senior pentesters, will share many techniques, tips and tricks with pentesters, red teamers, bug bounty researchers or even defenders during a 2-day 100% “hands-on” workshop. This is the very training you’d like to have instead of wasting your precious time trying and failing while pentesting. The main topics of the training are: […]

DeepSec 2018 Talk: Information, Threat Intelligence, and Human Factors – John Bryk

Published on September 21, 2018 By sanna

“Across the ICS spectrum, organizations are gathering threat data (information) to protect themselves from incoming cyber intrusions and to maintain a secure operational posture.”, says John. “Organizations are also sharing information; along with the data collected internally, organizations need external information to have a comprehensive view of the threat landscape. Cyber threat information comes from […]

DeepSec 2018 Talk: Injecting Security Controls into Software Applications – Katy Anton

Published on September 20, 2018 By sanna

“SQL Injection was first mentioned in a 1998 article in Phrack Magazine. Twenty years later, injection is still a common occurrence in software applications (No.1 in latest OWASP Top 10 2017). For the last 20 years, we have been focusing on vulnerabilities from an attacker’s point of view and SQL injection is still King. Something […]

DeepSec 2018 Talk: New Attack Vectors for the Mobile Core Networks – Dr. Silke Holtmanns / Isha Singh

Published on September 19, 2018 By sanna

DeepSec has a long tradition of tackling the security of mobile networks and devices alike. The first DeepSec conference featured a presentation about the A5/1 crack. Later one we offered trainings covering mobile network security and weaknesses. So we are proud to announce Isha Singh’s and Silke Holtmanns’ talk about new attack vectors. Here is […]