DeepSec Training: Black Belt Pentesting / Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

René Pfeiffer/ August 19, 2019/ Conference, Training

Web applications are gateways for users and attackers alike. Web technology is used to grant access to information, public and sensitive alike. The latest example is the Biostar 2 software, a web-based biometric security smart lock platform application. During a security test the auditors were able to access over 1 million fingerprint records, as well as facial recognition information. How can you defend against leaks like this? Well, you have to understand all layers of the application stack. Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say no to classic web application hacking. Join the training session at DeepSec 2019 and take advantage of Dawid Czagan’s unique hands-on exercises and become

Read More

DeepSec 2018 Talk: Pure In-Memory (Shell)Code Injection in Linux Userland – reenz0h

Sanna/ September 18, 2018/ Conference, Security

A lot of research has been conducted in recent years on performing code injection in the Windows operating system without touching the disk. The same cannot be said about *NIX (and Linux specifically). Imagine yourself sitting in front of a blinking cursor, using a shell on a freshly compromised Linux server, and you want to move forward without leaving any trace behind. You need to run additional tools, but you don’t want to upload anything to the machine. Or, you simply cannot run anything because the noexec option is set on mounted partitions. What options remain? This talk will show how to bypass execution restrictions and run code on the machine, using only tools available on the system. It’s a bit challenging in an everything-is-a-file OS, but doable if you think outside the box

Read More

Call for Papers: Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2018

René Pfeiffer/ June 16, 2018/ Call for Papers, Security

ROOTS 2018 The second Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2017 opens its call for papers. ROOTS is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or effective deployable defences. Submissions can also provide a comprehensive overview of the state-of-the-art, and pinpoint promising areas that have not received appropriate attention in the past. To facilitate interaction with industry, the ROOTS ticket will be valid for all DeepSec conference tracks on both days, including the industry tracks, and the DeepSec conference tickets for the industry track will be valid for ROOTS. The usual rules for academic discounts apply. Please contact the DeepSec staff or our sponsors for

Read More

Call for Papers: 1st Reversing and Offensive-Oriented Trends Symposium (ROOTs) 2017

René Pfeiffer/ May 1, 2017/ Call for Papers, Conference

ROOTs 2017 The first Reversing and Offensive-Oriented Trends Symposium (ROOTs) 2017 opens its call for papers. ROOTs is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or effective deployable defenses. Submissions can also provide a comprehensive overview of the state-of-the-art, and pinpoint promising areas that have not received appropriate attention in the past. To facilitate interaction with industry, the ROOTs ticket will be valid for all DeepSec conference tracks on both days, including the industry tracks, and the DeepSec conference tickets for the industry track will be valid for ROOTs. The usual rules for academic discounts apply. Please contact the DeepSec staff or our sponsors for

Read More