DeepSec 2024 Talk: From Dungeon Crawling to Cyber Defense Drill: Using RPG Principles and LLM for Operational Team Dev – Aurélien Denis & Charles Garang

Sanna/ September 23, 2024/ Conference/ 0 comments

Continuous improvement/training is in the DNA of cybersecurity professionals, specifically for incident responders, which are always searching for new ways to learn and practice their technical and analytical crafts. This is even more the case in mature environments where Incident response teams may find themselves in a situation with few high stakes incidents, preventing them from applying their technical and thinking skills, thus lowering their readiness when a crisis occur. LLMs based conversational agents are becoming mainstream, and applications are countless. In the meantime, Tabletop Role-Playing Games (TTRPG) are found to be a great breeding ground for creativity and fun. To achieve the benefits of this game, preparation is needed and a game master must be present to keep the players engaged. So we leveraged the power of AI, mixed automation and past experiences

Read More

Learn Incident Response by playing a Role-Playing Game

René Pfeiffer/ November 6, 2023/ Security

Simulations can be boring. What about combining a thought experiment with a game that brings fun? Enter role-playing games for incident response! Klaus Agnoletti will show you how this works. He will host an incident response role-playing session on the first conference day (16 November 2023) at 1900. The session will take place in the Third Person track. The game is heavily inspired by the (Advanced) Dungeons & Dragons games. You do not need to bring anything except your interest and some curiosity. The session simulates an incident in a fictitious company and players have roles like CMO, CISO, CFO, System architect, etc. The aspects of the incident gameplay are explored broadly and aren’t just limited to the technical parts of an incident. The session lasts about two to three hours, depending on your

Read More

DeepSec 2023 Talk: Automating Incident Response: Exploring the Latest Conversational AI Tools – Hagai Shapira

Sanna/ September 6, 2023/ Conference

As security incidents become increasingly complex, it’s crucial for SOC and incident response teams to focus on actual malicious investigations. However, their ability to do so is often limited by time-consuming human interactions with stakeholders. In this talk, we’ll explore different levels of automation approaches for incident response, culminating in the latest additions of conversational AI tools. These tools enable full investigations with human stakeholders to be performed automatically, with an analyst only as a silent observer/supervisor. We’ll discuss the benefits and limitations of using conversational AI tools in incident response, as well as real-world examples of how these tools have been used effectively. By the end of the talk, attendees will have a better understanding of how to leverage this technology to streamline their incident response processes and improve their overall security posture.

Read More

DeepSec Press Release: Analysis IT Security – DeepSec conference offers rich education for digital defence

Sanna/ November 2, 2022/ Conference, Press

Defending one’s digital infrastructure has never been more important. The fundamental problem of many defensive structures is the lack of an overview. Penetration tests help little if you don’t know exactly how your systems are connected to the rest of the world. This year’s DeepSec security conference offers rich support and content to sustainably increase one’s own security. On board is our supporter, the company NVISO, focusing specially on companies and organisations in critical areas. Security landscape requires collaboration Modern information technology is based on complex and extensive architectures. How do you determine the state of your own security? Many companies are not familiar with the different approaches of testing methods. The term “penetration test” has already entered the minds of many, but what findings and facts are obtained during such tests is often

Read More

Press Release: Ransomware Attacks Are No Force Majeure

Sanna/ July 7, 2022/ Press

DeepSec security conference reminds you of basic IT protection and secure system architecture. Malware attacks that encrypt data of victims seem to have increased recently. In fact, these ransomware attacks are only part of an evolution among the attackers. Attack software moves with the times. An important reason for the accumulation is the standstill in defense. This year’s DeepSec security conference offers exchange with experts and high-quality further training for protecting your own IT. Basic Misunderstandings Comparing the reports of incidents involving ransomware attacks, one might conclude that these are inevitable natural events. Of course, that’s not the case. If one sticks to the biological analogy of the virus, a favorable combination of prerequisites for the infestation of ransomware results. In the beginning, there is always a deception in the form of a fake

Read More

Murder Board Blog Series: Prequel

Sanna/ April 16, 2021/ Security, Stories

[This is the first part of a five-part article series describing analogies between the world of IT security and research in other fields. Analogies are often used to deflect and conceal missing arguments. Didactics uses analogies as a powerful tool to explore your own understanding and to help you use your knowledge from other fields. Please use the articles of the Murderboard series (our name for the five-part article) for educating IT-affine people about information security. It’s never bad to have allies who understand what to look for in time of trouble.] It was a warm summer day when I got a call from an acquaintance who wanted to hire me for data protection coaching with one of his clients. Besides crime writing, I also work in data protection, helping self-employed people and small

Read More

DeepSec 2017 Talk: OpenDXL In Active Response Scenarios – Tarmo Randel

Sanna/ November 15, 2017/ Conference

Automating response to cyber security incidents is the trend which is – considering increasing amount of incidents organizations handle and ever-increasing attack surface – already becoming mainstream. In this talk Tarmo explores the options of using OpenDXL in real life situation of mixed environments, legacy solutions and multiple vendors for connecting existing (and future) cyber security system components for coordinated information exchange and orchestrating incident response action. Tarmo is a researcher at NATO Cooperative Cyber Defence Center of Excellence, various research projects and developing for large scale cyber exercises. He’s also a developer at the Estonian eHealth Foundations, “Kickstarting” in-house development team. Tarmo’s creating supporting infrastructure, preparations and execution of plans for taking over selected external vendor development projects. He’s Head of Department at CERT-EE, Running Computer Emergency Response Team, Information security expert at CERT-EE,

Read More

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

Sanna/ October 21, 2016/ Conference, Development, Security

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a process to better detect and understand when you’ve been breached?” More and more security data is being produced and usually aggregated into a central location or body to hopefully take quick and informed decisions on attacks or compromises amongst a mountain of data. When you start to include data gathered from your endpoints the amount of data starts to explode exponentially. This level of data provides us with a large amount of visibility. But is having visibility enough? What

Read More