DeepSec Training: Bug Bounty Hunting – How Hackers Find SQL Injections in Minutes with Sqlmap

René Pfeiffer/ September 7, 2018/ Security, Training

In a previous article we talked about the Bug Bounty Hunting training by Dawid Czagan at DeepSec 2018. In case you do now know what to expect, there is a little teaser consisting of a full blown tutorial for you. Dawid has published as video tutorial that shows you how to use Sqlmap in order to find SQL injections. It serves as a perfect example of what to expect from his two-day training and what you absolutely need to play with for preparation. DeepSec trainings are in-depth, not superficial. Dawid’s training will go into much deeper detail. Software developers are well advised to use attack tools against their own creations. It helps to understand what error conditions your code might be in and what you have to do when sanitising data. SQL injection attacks

Read More

DeepSec 2018 Talk: Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering – Kevin Sheldrake

Sanna/ September 6, 2018/ Conference, Security

HiTag2 is an Radio-Frequency Identification (RFID) technology operating at 125KHz.  It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all.  As a result it has been widely used to provide secure building access and has also been used as the technology that implements car immobilisers. In 2012, academic researchers Roel Verdult, Flavio D. Garcia and Josep Balasch published the seminal paper, ‘Gone in 360 Seconds: Hijacking with Hitag2’ that presented three attacks on the encryption system used in HiTag2; in 2016 Garcia et al presented a further attack in ‘Lock It and Still Lose It’.  They implemented their attacks on the Proxmark 3 device

Read More

DeepSec 2018 Talk: Defense Informs Offense Improves Defense – How to Compromise an ICS Network and How to Defend It – Joe Slowik

Sanna/ September 5, 2018/ Conference, Security

Industrial control system (ICS) attacks have an aura of sophistication, high barriers to entry, and significant investment in time and resources. Yet when looking at the situation – especially recent attacks – from a defender’s perspective, nothing could be further from the truth. Initial attack, lateral movement, and entrenchment within an ICS network requires – and probably operates best – via variations of ‘pen tester 101’ actions combined with some knowledge of the environment and living off the land. Only after initial access is achieved and final targets are identified do adversaries need to enhance their knowledge of ICS-specific environments to deliver disruptive (or destructive) impacts resulting in a potentially large pool of adversaries capable of conducting operations. Examining concrete ICS attack examples allows us to explore just what is needed to breach and

Read More

DeepSec 2018 Special Training: Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

René Pfeiffer/ August 29, 2018/ Conference, Security, Training

How do bugs in software get fixed? Well, first of all you have to find them. All code has bugs. Most probably, that is. Usually developers and users of applications find bugs. The history of information security has taught us that now attackers also look for bugs in software. Therefore flaws in code leading to security vulnerabilities have a higher priority for both developers and adversaries. The problem is that software testing finds all kinds of bugs and not always the important ones. Where is the incentive to go and debug software? Well, there is quality assurance, there is full disclosure, and now there are bug bounties. Bug bounties are rewards for bugs in software that have an impact on security. Companies offer these bounties as a means of software quality testing. Bug bounties

Read More

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

René Pfeiffer/ July 17, 2018/ Administrivia, Discussion, High Entropy, Security

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special Tor tickets are a way to help the German non-profit registered association Zwiebelfreunde e.V. for rebooting their infrastructure. They run Tor nodes and provide the necessary infrastructure to do this. Members of Zwiebelfreunde have been speakers at DeepSec in the past because they are also active security researchers. The difference between the Tor ticket and the normal ticket price will be given to them to recover the damage to their infrastructure. Security tools such as Tor are widely used

Read More

DeepSec 2017 Workshop: Smart Lockpicking – Hands-on Exploiting Contemporary Locks and Access Control Systems – Slawomir Jasek

Sanna/ October 31, 2017/ Conference, Training

You can, quite reasonably, expect smart locks and access control systems to be free from alarming security vulnerabilities – such a common issue for an average IoT device. Well, this training will prove you wrong. After performing multiple hands-on exercises with a dozen of real devices and various technologies, you will never look at the devices the same way. Smart lockpicking is something to scare you, not just on Halloween.     We asked Slawomir a few questions about his training: Please tell us the top 5 facts about your workshop. Focused on hands-on, practical exercises with real devices Lots of various topics and technologies covered Regardless if you are a beginner or a skilled pentester, you will learn something new and have a good time Many exercises designed as “homework”, possible to repeat

Read More

DeepSec 2017 Talk: BITSInject – Control Your BITS, Get SYSTEM – Dor Azouri

Sanna/ October 8, 2017/ Conference, Internet, Security

Microsoft has introduced the Background Intelligent Transfer Service (BITS) into Windows 2000 and later versions of the operating system. Windows 7 and Windows Server 2008 R2 feature the version 4.0 of the protocol. BITS is designed to use idle bandwidth in order to transfer data to and from servers. BITS is an obedient servant, and it may be abused into doing transfers on behalf of others. Dor Azouri will present his findings regarding BITS at DeepSec 2007. Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? Current Windows software comes packaged with a mix of old and new features and components. New, shiny features and

Read More

DeepSec 2017 Talk: XFLTReaT: A New Dimension In Tunnelling – Balazs Bucsay

Sanna/ October 7, 2017/ Conference, Security

“Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter”, says Balazs. “It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic, and it is also worth mentioning that the framework was designed to be easy to configure, use and develop.” We asked Balazs Bucsay a couple more questions about his talk: Please tell us the top 5 facts about your talk. Tunnelling is not new at all, but

Read More

DeepSec 2017 Talk: Bypassing Web Application Firewalls – Khalil Bijjou

Sanna/ October 5, 2017/ Conference, Security

Everyone has firewalls or filters. They are now called application-level gateway (ALG) and have lots of features included. Algorithms, signatures, heuristics, protocol checks, verification; you name it. It’s all in there. But does it work? Obfuscation and evading technology has been around since the first filter was created. Anticipating what data might look like is hard, and some protocols were designed to be as ambivalent as possible, one might think. At DeepSec 2017 Khalil Bijjou will show you what can be done being evasive in the web. Security experts perform security assessments of web applications in order to identify vulnerabilities that could be exploited by malicious users. Web Application Firewalls add a second layer of protection to web applications in order to mitigate these vulnerabilities. The attempt to bypass Web Application Firewalls is an

Read More

44CON revisited: Secure Design in Software is still a new Concept

René Pfeiffer/ September 20, 2017/ High Entropy, Interview, Security

We have been to 44CON, and we returned with lots of ideas and scary news about the state of security in devices and applications. Given the ever spreading Internet of Things (IoT) you can see why connecting random devices via a network with no second thoughts about design, updates, or quality control is a bad idea. Don Bailey illustrated this perfectly in the keynote titled The Internet of Us. His presentation touched all of information security, but IoT featured a prominent role. We are really surrounded by the Internet of SIM cards (sadly which we cannot call IoS). This opens up a new perspective and demystifies the IoT hype. You should watch Matt Wixey’s talk Hacking invisibly and silently with light and sound as soon as the videos are published. Matt discussed hardware hacking

Read More

DeepSec 2017 Training: The ARM IoT Exploit Laboratory

René Pfeiffer/ August 29, 2017/ Conference, Security, Training

If the Internet of Things (IoT) will ever leave puberty, it has to deal with the real world. This means dealing with lies, fraud, abuse, exploits, overload, bad tempered clients (and servers), and much more. Analysing applications is best done by looking at what’s behind the scenes. IoT devices, their infrastructure, billions of mobile devices, and servers are powered by processors using the Advanced RISC Machine (ARM) architecture. This design is different from the (still?) widespread Intel® x86 or the AMD™ AMD64 architecture. For security researchers dealing with exploits the change of design means that the assembly language and the behaviour of the processor is different. Developing ways to inject and modify code requires knowledge. Now for everyone who has dealt with opcodes, registers and oddities of CPUs, this is nothing new. Grab the

Read More

Putting the Science into Security – Infosec with Style

René Pfeiffer/ January 27, 2017/ Discussion, Security

The world of information security is full of publications. It’s like being in a maze of twisted little documents, all of them alike. Sometimes these works of art lack structure, deep analysis, or simply reproducibility. Others are perfectly researched, contain (a defence of) arguments, proofs of concept, and solid code or documentation to make a point. Information security is a mixture of different disciplines such as mathematics, physics, computer science, psychology, sociology, linguistics, or history. It’s not about computers and networks alone. There is interaction between components. Protocols are involved. Even the simple act of logging in and staying in an active session requires in some parts to talk to each other. And then there are rituals. Scepticism is widespread in information security. Questioning your environment is the way to go, but you need to

Read More

DeepSec 2016 – expect 48 Hours of Failures and Fixes in Information Security

René Pfeiffer/ November 10, 2016/ Conference, Discussion

The conference part of DeepSec 2016 has officially started. During the workshops we already discussed a lot of challenges (to phrase it lightly) for infrastructure and all kinds of software alike. The Internet of Things (IoT) has only delivered major flaws and gigantic Distributed Denial of Service attacks so far. There is even a worm for LEDs these days. And we haven started the conference preparations yet. So we have plenty of reasons to talk about what went wrong, what will go wrong, and what we can do about it. The world of information security is not always about good news. Something has to break, before it can be repaired – usually. Systems administrators know this, for some it’s their daily routine. Nevertheless we hope everyone at DeepSec gets some new insights, fresh ideas,

Read More

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

Sanna/ November 3, 2016/ Conference, Internet, Security

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have to be around to attack something or someone. Plus the victims often don’t know what it happening. At DeepSec 2016 Gerhard Klostermeier will present the results of research on the matter of wireless mouse/keyboard attacks. Furthermore you he will demonstrate ways in which modern wireless desktop sets of several manufacturers can be attacked by practically exploiting different security vulnerabilities. We recommend this talk to anyone still using old-fashioned input devices for creating content. Gerhard is interested in all things

Read More

DeepSec2016 Workshop: Offensive PowerShell for Red and Blue Teams – Nikhil Mittal

Sanna/ October 14, 2016/ Conference, Security, Training

Penetration Tests and Red Team operations for secured environments need altered approaches, says Nikhil Mittal. You cannot afford to touch disks, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice. PowerShell has changed the way Windows networks are attacked – it is Microsoft’s shell and scripting language available by default in all modern Windows computers and can interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teams to learn PowerShell. Nikhil Mittals training is aimed towards attacking Windows networks using PowerShell. It is based on real world penetration tests and Red Team engagements for highly secured environments. We asked Nikhil

Read More