DeepSec 2018 Training: Attacking Internet of Things with Software Defined Radio – Johannes Pohl

Sanna/ September 10, 2018/ Conference, Security, Training

In Johannes Pohls training participants will learn how to reverse engineer the wireless communication between Internet of Things (IoT) devices with Software Defined Radios (SDR) using the Universal Radio Hacker (URH). The workshop covers required HF (high frequency) basics such as digital modulations and encodings and shows how to reveal the protocol logic step by step and, finally, how to develop attacks against devices. For demonstration they will investigate and attack a wireless socket and a smart home door lock. During the course of the workshop the communication of the two devices will be analyzed and reverse engineered. In conclusion, attacks on both devices will be developed. By the end of the workshop participants will be able to switch the socket and open the door lock with SDRs. This of course requires knowledge in the

Read More

DeepSec 2018 Talk: Defense Informs Offense Improves Defense – How to Compromise an ICS Network and How to Defend It – Joe Slowik

Sanna/ September 5, 2018/ Conference, Security

Industrial control system (ICS) attacks have an aura of sophistication, high barriers to entry, and significant investment in time and resources. Yet when looking at the situation – especially recent attacks – from a defender’s perspective, nothing could be further from the truth. Initial attack, lateral movement, and entrenchment within an ICS network requires – and probably operates best – via variations of ‘pen tester 101’ actions combined with some knowledge of the environment and living off the land. Only after initial access is achieved and final targets are identified do adversaries need to enhance their knowledge of ICS-specific environments to deliver disruptive (or destructive) impacts resulting in a potentially large pool of adversaries capable of conducting operations. Examining concrete ICS attack examples allows us to explore just what is needed to breach and

Read More

DeepSec 2018 Talk: Can not See the Wood for the Trees – Too Many Security Standards for Automation Industry – Frank Ackermann

Sanna/ September 4, 2018/ Conference, Discussion, Security

“Plant operators and manufacturers are currently faced with many challenges in the field of automation.”, says Frank Ackermann. “Issues such as digitization, Industry 4.0, legal requirements or complex business processes that connect IT and OT are paramount. Related security problems and risks need to be addressed promptly and lastingly. Existing and newly created industry security standards (such as 62443, 61508 and 61511, 27001, …) are designed to help to improve security. But do the different approaches of these standards fit together? Are managers of the companies and manufacturers supported or rather confused by them? The presentation provides an overview of the key security industry standards, discusses the dependency and coverage of the standards, and aims to encourage discussion about if the standards optimize general security in industrial control systems.” We asked Frank a few

Read More

DeepSec 2018 Talk: Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests – Tomasz Tuzel

Sanna/ September 3, 2018/ Conference, Development, Security

Over the last decade we have seen a rapid rise in virtualization-based tools in which a hypervisor is used to gain insight into the runtime execution of a system. With these advances in introspection techniques, it is no longer a question of whether a hypervisor can be used to peek inside or even manipulate the VMs it executes. Thus, how can we trust that a hypervisor deployed by a cloud provider will respect the privacy of their customers? While there are hardware-based protection mechanisms with the goal of guaranteeing data privacy even in the presence of such an “introspecting” hypervisor, there are currently no tools that can check whether the hypervisor is introspecting when it shouldn’t. We have developed a software package that analyzes instructions and memory accesses on an unprivileged guest system which

Read More

DeepSec 2018 Talk: Open Source Network Monitoring – Paula de la Hoz Garrido

Sanna/ August 31, 2018/ Conference, Security

“I’d like to offer an introduction into Network System Monitoring using different open tools available in Linux.”, says Paula. “The talk is a technical approach to identify the best sniffing points in a network and how to orchestrate a full analysis of the content to secure the network, as well as showing ideas of collaborative and distributed hacking. Also, for a better performance, the talk includes a brief guide into configuring a Raspberry Pi for creating a simple Network Capture Probe. The main point of the talk is to show how open source tools are a nice option for this kind of security assessment.” We asked Paula a few more questions about her topic of expertise: Please tell us the top 5 facts about your talk. First of all, this talk is not solely

Read More

DeepSec 2018 Talk: Building your Own WAF as a Service and Forgetting about False Positives – Juan Berner

Sanna/ August 30, 2018/ Conference, Internet, Security

When a Web Application Firewall (WAF) is presented as a defensive solution to web application attacks, there is usually a decision to be made: Will this be placed inline (and risk affecting users due to outages or latency) or will it be placed out of band (not affecting users but not protecting them either). In his talk Juan Berner will cover a different approach you can take when deciding how to use any WAF at your disposal, which is to try and get the best of both worlds, making the WAF work in passive mode out of band detecting attacks and in active mode by selectively routing traffic through your WAF to decide if it should block the request or allow it. To achieve this you will have to abstract the WAF around a

Read More

DeepSec 2018 Training: Hunting with OSSEC – Xavier Mertens

Sanna/ August 28, 2018/ Conference, Training

“OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points”, says Xavier Mertens, who’s giving a training called “Hunting with OSSEC” at this years DeepSec. “During this training, you will learn the basic of OSSEC and its components, how to deploy it and quickly get results. Then I will demonstrate how to deploy specific rules to catch suspicious activities. From an input point of view, we will see how easy it is to learn new log formats to increase the detection scope and, from an output point of view, how we can generate alerts by interconnecting OSSEC with other tools like MISP, TheHive or an ELK Stack

Read More

DeepSec 2018 Talk: DNS Exfiltration and Out-of-Band Attacks – Nitesh Shilpkar

Sanna/ August 27, 2018/ Conference, Security

“The Domain Name System or DNS is one of the most fundamental parts of the Internet”, says Nitesh Shipkar. “It is crucial for a billion of users daily to help us build presence on the internet using names humans can understand rather than IP addresses. However, DNS comes with security issues organizations should be aware of and take into consideration. Attackers are abusing the DNS to redirect traffic to malicious sites, communicate with command and control (C&C) servers, steal data from organizations and conduct massive attacks that cause harm to organizations. Many organizations are not prepared to mitigate, or even detect, the problems DNS might bring. Due to the criticality of DNS to maintain an Internet presence, access applications, connect to a network or simply send an email, everyone has the potential to be

Read More