Press Release: Low-tech Attacks. Critical Infrastructure poorly secured – Attacks against Colonial Pipeline used Standard Access Tools

Sanna/ May 20, 2021/ Press, Training/ 0 comments

In May, the operator of the US Colonial Pipeline was the victim of a ransomware attack. After such reports, calls for better security and additional measures are always loud. In fact, analyzes of these attacks often reveal deficiencies in basic security. Often it is not even necessary to use complicated and sophisticated tools to attack critical infrastructure. Attackers like to use standard tools that are available everywhere so as not to attract attention. The lack of basic security makes it possible. Custom camouflage When defending your own systems and networks, it is necessary to know exactly what the infrastructure is like. Organized groups that attack companies research exactly what is being used at the target before the attack. According to this planning phase, only tools are used that are plausible to the victim and

Read More

First DeepSec 2021 Trainings published

René Pfeiffer/ May 12, 2021/ Conference, Training/ 0 comments

We dug through the submissions and selected trainings for the preliminary schedule. It’s just the trainings, and the intention is to give you some information for planning the rest of the year. We intend the trainings to be on site at the conference hotel. We will also explore ways to offer a virtual training or to attend the course virtually. The topics range from attacking modern desktop applications, in-depth network security (mobile networks and traffic analysis), penetration testing industrial control systems over to how to break and secure single-sign on systems. The entire collection of content aims to educate your IT department and your development team regarding the current state of affairs in companies with employees connected in home office. All technologies and tools are vital parts of the workplace. We included attacking industrial

Read More

DeepSec 2021: A lack of software security paralyzes the economy in times of crisis – visit DeepSec 2021 to train your developers

Sanna/ April 20, 2021/ Development, Press, Training/ 0 comments

In every crisis, one’s own infrastructure and logistics are put to serious tests. The COVID-19 pandemic illustrates this particularly drastically through the many structural failures in the past 12 months. They try to solve biological problems with smartphones, favor dead-end technologies such as blockchain, discover the lack of network expansion in recent decades and then panic and publish software applications that are only subjected to serious tests after they have been published. All these quick fixes are snapshots of a lack of sustainability. But the economy is dependent on stable solutions based on many years of experience, especially now. In November 2021, the DeepSec conference would like to give support to everyone who works with software through trainings and the transfer of experience from security researchers. Code rules the World The word digitization is

Read More

DeepSec, ROOTS and DeepINTEL Update – Call for Papers open

René Pfeiffer/ April 19, 2021/ Administrivia, Call for Papers, Conference, DeepIntel/ 0 comments

Planning events is still challenging. The COVID-19 pandemic celebrated its first birthday. Despite efforts not to have the second birthday of the pandemic, the ever changing regulations and statues updates regarding the infections make preparations for conferences very hard. We know you want to plan as well, therefore we have an update for you. DeepSec, ROOTS, and DeepINTEL will happen on-site here in Vienna. We closely coordinate with our conference hotel. Their staff is eager to reopen. Everything depends on the rate of vaccination and the regulations issued by the European and Austrian authorities. There is not much we can influence. Given our health protection measure we worked out last year, we are well prepared to handle everything short of a total lockdown. We don’t do any forecasts at the moment. The next months

Read More

DeepSec 2021 – Call for Papers is open

René Pfeiffer/ March 1, 2021/ Call for Papers, Conference/ 0 comments

DeepSec 2021 is looking for your ideas, solutions, incident reports, insights, and expertise. The call for papers is open. You can submit your contribution via our call for papers manager online. If you have questions or want to submit additional material, please use the online form and send an email to us. DeepSec has always presented a mix of attack and defence presentations. The motto for 2021 connects both approaches. Studying how adversaries work, what tools they employ, how they plan their attack, and what they do once they get access is vital to your defence. IT infrastructure has grown over the years. Defence has a lot to take care of. If you have any ideas how to help the defenders, please let us know. Topics covering attacks should always contain some advice on

Read More

DeepSec / DeepINTEL 2021 Preparations – Save the Dates! Document your Projects!

René Pfeiffer/ February 2, 2021/ Administrivia/ 0 comments

Usually we are radio silent during December and the beginning of January. This is due to some well-deserved rest, infrastructure updates (we run a lot ourselves), content creation (in our own projects), and the general Christmas holidays. The COVID-19 lock-down made it different to tell if there are holidays or not. Every day looks mostly like yesterday. We would like to change this. So please keep the following dates in your mind and in your calendar: DeepSec 2021 Trainings – 16 / 17 November 2021 DeepSec 2021 Conference – 18 / 19 November 2021 (including ROOTS & ACOD) DeepINTEL 2021 Conference – 18 November 2021 The Call for Papers will open soon and will be published here in our blog (along with push messages to Twitter and Xing). If you are interested in getting

Read More

DeepSec 2020 Mission Control – Behind the Scenes

René Pfeiffer/ November 20, 2020/ Administrivia, Conference

The fully virtual DeepSec conference was very different from the usual configuration and setting. While we learned a lot over the years, there is one constant: What’s the difference between hardware and software? Well, hardware can be kicked. There is always one converter, one computer, one network devices, one USB device, or something else that doesn’t quite fit into the ensemble. Then there are the many desktop oddities and multimedia formats. So we had to do some damage control during the first day of streaming (having damage control teams and replacement parts ready is not just for ships). Networking did its own magic by introducing delays between the speaker’s feed and the live stream. Fortunately the stream connections held, and we had no losses in terms of connectivity. Mission control at the office used

Read More

Administrivia: DeepSec Mailing Lists and last Call for our CfPs

René Pfeiffer/ July 25, 2020/ Administrivia, Conference

Summer is always a bad time for getting things done. Usually people are on holiday, sweat, relax, or travel for recreation. Things are different due to the Covid-19 precautions. Unfortunately our Call for Papers ends on 31 July 2020. This means we have to remind you about the deadline. We plan to publish the schedule in mid-August, so we don’t have much choice to ask you again for research results, insights, incidents, weaknesses, helpful hints for defence, and more.. Tell us about your research. Keep our reviewers busy! We have some additional information. We added a mailing list system to our infrastructure. The server is run by our event partners, the Crowes. So you can get news by raven, not only figuratively. The mailing lists we created are a tool to keep you informed.

Read More

Administrivia: DeepSec/DeepINTEL/ROOTS Speaker Benefits extended to 2021

René Pfeiffer/ July 8, 2020/ Call for Papers, Conference

The Call for Papers of DeepSec, DeepINTEL, and ROOTS have a deadline. DeepSec and DeepINTEL have set he first deadline to 31 July 2020. We will accept submissions after this date, but everyone who submitted before the deadline will be reviewed first. Since all speakers are entitled to benefits which depend on their presence at the conference we decided to extend these offers. If you submit your presentation for the 2020 events and cannot attend, then all benefits such as entry to the conference, travel cost reimbursement, our famous speaker’s dinner, your stay at the hotel, and everything else will stay valid until DeepSec 2021. The only condition is that your content must be presented (either virtually or by proxy). The offer is valid for DeepSec and ROOTS. DeepINTEL is a special case, because

Read More

Lectures on Information Security

René Pfeiffer/ July 1, 2020/ Discussion, High Entropy

It’s time for an editorial to end our premature Covid-19 induced Summer break. We (as in the staff behind DeepSec/DeepINTEL) were busy with projects, preparations, following the news about the pandemic, and collecting information for our event(s) in November. Personally I have been involved in teaching for decades. The past months have shifted the focus heavily on virtual presences in the form of teleconferences. Keeping hundreds of students busy while explaining how operating systems work and how secure code looks tends to take up some of your time. Good network connections and decent hardware helped a lot, but there are a couple of problems with conveying content, concepts, and ideas. Let me show you what I mean. Getting good tutorials is hard. The new agile way of computer science is to ditch good documentation

Read More

Administrivia Update: Regulations, Ticket Shop, and DeepSec

René Pfeiffer/ May 29, 2020/ Administrivia, Conference

Clear guidelines for events and conferences slowly emerge here in Austria. We have some news on how DeepSec, DeepINTEL, and ROOTS will look like in November. We will compile the set of regulations in a separate document and publish it on our web site. The constraints set by the authorities contain no show-stoppers for the event and the trainings. We will carefully work out a concept which we will use in November for everything that is going on on site in Vienna. 😷 We have the full support of our conference hotel, and we are confident that we can increase health protection and decrease risks for everyone attending. In addition we found some bug in the ticket shop system. The tickets for DeepINTEL, DeepSec conference / training, and ROOTS can be bought via the

Read More

Update on DeepSec / DeepINTEL / ROOTS 2020 with regards to Covid-19

René Pfeiffer/ May 2, 2020/ Administrivia, Discussion, High Entropy

Lacking time travel we have no way to know what will happen in November 2020. That’s not news to us. We closely follow the development of the current Covid-19 crisis, and we constantly evaluate our plans for DeepSec, DeepINTEL, and ROOTS 2020. Given the current state of affairs and the experiments in various countries (including Austria) with lowering the restrictions for business and public life, we believe that our conferences can take place in November. There may be restrictions still present in November with regard to travel and protection measures at our venue. We have developed a schedule for keeping you informed. Additionally we have plans for changing the schedule in order to guarantee the minimum level of content required by our call for papers process. Updates regarding the state of our events in

Read More

First DeepSec 2020 Trainings confirmed

René Pfeiffer/ May 2, 2020/ Conference

We haven’t been idle in the past weeks. The Austrian government is reducing the lock-down rules to see how normal business and private life can go on. We take this as an opportunity to announce the first three confirmed trainings for DeepSec 2020. The preliminary descriptions can be found on our schedule web site. Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – Dawid Czagan (Silesia Security Lab) Open Hardware Hacking – Paula de la Hoz Garrido (Telefónica Security Engineering) Defending Industrial Control Systems – Tobias Zillner & Thomas Brandstetter (Limes Security) Early Bird tickets are available. Given the unusual start into 2020 we ask you to consider buying Early Bird tickets (especially for the trainings). We are exploring special attendee tickets for remote attendance of the trainings. A

Read More

Contact Tracing and the Security of Things

René Pfeiffer/ April 17, 2020/ Call for Papers, Discussion

The spread of Sars-Cov-2 keeps everyone on their toes. Given the emotional state after weeks and months of physical distancing (which we recommend; social distancing has been the norm for decades). We have closed our office in March and heavily rely on telecommunication. Fortunately we did not need to reinvent the Internet. Many of you have probably done the same. We hope that you manage to stay healthy until things can get back to “normal”. Speaking of communication and normality, there are some aspects of the current situation we like to point out. Every security conference features presentations shedding light on important tools, libraries, applications, or protocols people rely on. Humans like to communicate. The degree varies, but essentially few can do without talking, writing, hearing, or seeing stuff (i.e. messages). This is even

Read More

Continuous Integration Ticket Shop for Conference Tickets is now open – book often, book early!

René Pfeiffer/ February 26, 2020/ Administrivia, Conference, DeepIntel

Running an event is a highly dynamic operation. This is especially true for (information security) conferences, even more so for trainings. We have seen our share of sad faces when the training of your choice didn’t happen, because people booked the ticket too late. In order to avoid great disappointments, the ticket shops for DeepSec and DeepINTEL are now open. Spread the word! And put some SDL into your tickets – book early, book often!