0807, 2020

ROOTS Speaker Benefits extended to 2021

René Pfeiffer/ July 8, 2020/ Call for Papers, Conference

The Call for Papers of DeepSec, DeepINTEL, and ROOTS have a deadline. DeepSec and DeepINTEL have set he first deadline to 31 July 2020. We will accept submissions after this date, but everyone who submitted before the deadline will be reviewed first. Since all speakers are entitled to benefits which depend on their presence at the conference we decided to extend these offers. If you submit your presentation for the 2020 events and cannot attend, then all benefits such as entry to the conference, travel cost reimbursement, our famous speaker’s dinner, your stay at the hotel, and everything else will stay valid until DeepSec 2021. The only condition is that your content must be presented (either virtually or by proxy). The offer is valid for DeepSec and ROOTS. DeepINTEL is a special case, because

0107, 2020

Lectures on Information Security

René Pfeiffer/ July 1, 2020/ Discussion, High Entropy

It’s time for an editorial to end our premature Covid-19 induced Summer break. We (as in the staff behind DeepSec/DeepINTEL) were busy with projects, preparations, following the news about the pandemic, and collecting information for our event(s) in November. Personally I have been involved in teaching for decades. The past months have shifted the focus heavily on virtual presences in the form of teleconferences. Keeping hundreds of students busy while explaining how operating systems work and how secure code looks tends to take up some of your time. Good network connections and decent hardware helped a lot, but there are a couple of problems with conveying content, concepts, and ideas. Let me show you what I mean. Getting good tutorials is hard. The new agile way of computer science is to ditch good documentation

2905, 2020

Administrivia Update: Regulations, Ticket Shop, and DeepSec

René Pfeiffer/ May 29, 2020/ Administrivia, Conference

Clear guidelines for events and conferences slowly emerge here in Austria. We have some news on how DeepSec, DeepINTEL, and ROOTS will look like in November. We will compile the set of regulations in a separate document and publish it on our web site. The constraints set by the authorities contain no show-stoppers for the event and the trainings. We will carefully work out a concept which we will use in November for everything that is going on on site in Vienna. 😷 We have the full support of our conference hotel, and we are confident that we can increase health protection and decrease risks for everyone attending. In addition we found some bug in the ticket shop system. The tickets for DeepINTEL, DeepSec conference / training, and ROOTS can be bought via the

0205, 2020

Update on DeepSec / DeepINTEL / ROOTS 2020 with regards to Covid-19

René Pfeiffer/ May 2, 2020/ Administrivia, Discussion, High Entropy

Lacking time travel we have no way to know what will happen in November 2020. That’s not news to us. We closely follow the development of the current Covid-19 crisis, and we constantly evaluate our plans for DeepSec, DeepINTEL, and ROOTS 2020. Given the current state of affairs and the experiments in various countries (including Austria) with lowering the restrictions for business and public life, we believe that our conferences can take place in November. There may be restrictions still present in November with regard to travel and protection measures at our venue. We have developed a schedule for keeping you informed. Additionally we have plans for changing the schedule in order to guarantee the minimum level of content required by our call for papers process. Updates regarding the state of our events in

0205, 2020

First DeepSec 2020 Trainings confirmed

René Pfeiffer/ May 2, 2020/ Conference

We haven’t been idle in the past weeks. The Austrian government is reducing the lock-down rules to see how normal business and private life can go on. We take this as an opportunity to announce the first three confirmed trainings for DeepSec 2020. The preliminary descriptions can be found on our schedule web site. Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – Dawid Czagan (Silesia Security Lab) Open Hardware Hacking – Paula de la Hoz Garrido (Telefónica Security Engineering) Defending Industrial Control Systems – Tobias Zillner & Thomas Brandstetter (Limes Security) Early Bird tickets are available. Given the unusual start into 2020 we ask you to consider buying Early Bird tickets (especially for the trainings). We are exploring special attendee tickets for remote attendance of the trainings. A

1704, 2020

Contact Tracing and the Security of Things

René Pfeiffer/ April 17, 2020/ Call for Papers, Discussion

The spread of Sars-Cov-2 keeps everyone on their toes. Given the emotional state after weeks and months of physical distancing (which we recommend; social distancing has been the norm for decades). We have closed our office in March and heavily rely on telecommunication. Fortunately we did not need to reinvent the Internet. Many of you have probably done the same. We hope that you manage to stay healthy until things can get back to “normal”. Speaking of communication and normality, there are some aspects of the current situation we like to point out. Every security conference features presentations shedding light on important tools, libraries, applications, or protocols people rely on. Humans like to communicate. The degree varies, but essentially few can do without talking, writing, hearing, or seeing stuff (i.e. messages). This is even

2602, 2020

Continuous Integration Ticket Shop for Conference Tickets is now open – book often, book early!

René Pfeiffer/ February 26, 2020/ Administrivia, Conference, DeepIntel

Running an event is a highly dynamic operation. This is especially true for (information security) conferences, even more so for trainings. We have seen our share of sad faces when the training of your choice didn’t happen, because people booked the ticket too late. In order to avoid great disappointments, the ticket shops for DeepSec and DeepINTEL are now open. Spread the word! And put some SDL into your tickets – book early, book often!

2602, 2020

DeepSec 2020 Call for Papers is open!

René Pfeiffer/ February 26, 2020/ Call for Papers, Conference

We are looking for presentations and trainings for the next DeepSec In-Depth Security Conference. DeepSec 2020 will explore the focus masquerade. Attribution is hard. To make matters worse for everyone connected to information security – masquerade is ubiquitously present in hardware and software. You might also call some of it disinformation, which was the world of the year 2019. Security-wise many things hide behind a façade. Disinformation is the tool of the trade these days. So DeepSec 2020 has chosen the motto “Masquerade” for this year. Tell us where the veils are, what camouflages are used, and expose the real threats! You can submit your content via our call for papers page on our web site. We have also a special email address for content submissions. You can either use cfp [at] deepsec [dot]

1102, 2020

DeepSec 2020 Scholar Program – Call for Applications

René Pfeiffer/ February 11, 2020/ Administrivia, Call for Papers, Conference

DeepSec 2020 wants to support your project. We have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their research. Now we want to go one step further. Purpose: To encourage research by young professionals and academics on new and emerging cyber security issues, information security, new ways to use technology, defence, offence, and weaknesses in hardware/software/designs. Suggested Topics: Vulnerabilities in mobile devices, vulnerabilities in the Internet of Things (IoT), advances in polymorphic code, software attacks on hardware wallets, side channel attacks, hacking industrial control systems and smart cities, quantum and post quantum computing, penetration testing – defining what it means and standardization, and related topics. Let your creativity run

0502, 2020

Secure Design – Combining Information Security with Software Development

René Pfeiffer/ February 5, 2020/ Discussion, High Entropy

Information security researchers usually see software fail. Sometimes they try to make software fail on purpose. The result is a bug description, also called vulnerability report in case the bug has a security impact. The the best case scenario this information reaches the software developers who in turn fix the problem. Then the cycle continues. This process is fun for the first iterations. After a while it gets boring. Even a while after that you ask yourself why integer overflow, injection attacks, and basic cross-anything is still an issue. Some bug classes are well over 40 years old. Polio is far older, and yet we got rid of it (mostly). What’s different in the field of software creation? The answers are simple, endless, and change depending on the current trend. Just as computing changed

0102, 2020

DeepSec, DeepINTEL, and ROOTS in 2020

René Pfeiffer/ February 1, 2020/ Administrivia, Call for Papers, Conference, DeepIntel

We took some time off to deal with the administrative side of running the DeepSec conference. Additionally some of us were engaged in project work. 2020 started early this time. There is a lot to do behind the scenes, especially in times where reading the news doesn’t help you to navigate the rest of the year. We also finished the travel plans for the year, so we will have some information where and when to connect to DeepSec. The most important information for you: There will be a DeepSec & DeepINTEL conference in 2020. There will also be a Reversing and Offensive-oriented Trends Symposium (ROOTS) again in 2020. The call for papers are in preparation and will open in two weeks. The dates are as follows: DeepSec Trainings 17/18 November 2020 DeepINTEL Conference 18

2112, 2019

Save the date: DeepINTEL / DeepSec 2020 – 17 to 20 November

René Pfeiffer/ December 21, 2019/ Administrivia, Conference

We fixed the dates for DeepINTEL and DeepSec 2020. As promised there will be no collision with Thanksgiving. DeepINTEL 2020 will be on 18 November 2020. The DeepSec trainings will be on 17/18 November 2020. The DeepSec conference will be on 19/20 November 2020. The Calls for Papers will open in February 2020. Have a rest and enjoy the holidays! We are looking forward to see you in Vienna (again)!

2711, 2019

DeepSec 2019 Keynote: Computer Security is simple, the World is not – Raphaël Vinot and Quinn Norton

Sanna/ November 27, 2019/ Conference

Information security is too often seen as a highly technical field in computer science, and one where the more technical someone is, the more right they are likely to be. But security is part of systems of life, that not only include computers and phones, but systems of living, cultures, history, politics, and interpersonal relationships. Technical knowledge is important in those systems, but on its own, it accomplishes very little — as the sorry state of the computer security in the world demonstrates. Knowing how computers work doesn’t gives us an empirical knowledge of what people do with their devices, what their job is, what context they live in, what their adversaries want from them, what their capabilities or resources are. In this talk we will explain why listening is the most important part

2611, 2019

DeepSec 2019 Talk: How To Create a Botnet of GSM Devices – Aleksandr Kolchanov

Sanna/ November 26, 2019/ Conference

There are different types of GSM-devices: from GSM-alarms for homes and cars to industrial controllers, remote-controlled electric sockets and smartwatches for kids. Also, often they are vulnerable, so GSM-devices are interesting targets for hackers and pranksters. But it is easier to hack a device than to find these devices (usually, you should make a call, send SMS with a command to the phone number of this device, so it is necessary for an attacker to know or find this number). During this talk, I will give a short overview of types of devices and common vulnerabilities, then I will tell about different methods, which can be used to find the phone number of the device. Also, I will show some funny ideas, which allows hackers to create small (or huge, who knows?) botnet of

2211, 2019

DeepSec 2019 Talk: Abusing Google Play Billing for Fun and Unlimited Credits! – Guillaume Lopes

Sanna/ November 22, 2019/ Conference, Security

In 2017, the estimated global in-app purchase revenue was projected to exceed $37 billion. Just in the Google Play Store, for 2018, more than 200 000 apps are offering in-app purchases. However, the Google Play Billing API is vulnerable by design and allows an attacker to bypass the payment process. I analyzed several android games and found that it’s possible to bypass the payment process. This presentation will show real vulnerable applications (Fruit Ninja, Doodle Jump, etc.). We asked Guillaume a few more questions about his talk. Please tell us the top 5 facts about your talk. The vulnerability presented is really easy to exploit Client side issues are not dead in 2019! It seems nobody cares about losing money in the game industry… Very few vendors fixed their implementation Real vulnerable applications will

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: