DeepSec Scholar Program – Call for Applications

Jim Swiatko/ October 8, 2019/ Call for Papers, Conference

DeepSec has a past of supporting research projects and the researchers themselves. For 2019 and the years to come we have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their research. Now we want to go one step further. Purpose: To encourage research by young professionals and academics on new and emerging cyber security issues, information security, new ways to use technology, defence, offence, and weaknesses in hardware/software/designs. Suggested Topics: Vulnerabilities in mobile devices, vulnerabilities in IoT, advances in polymorphic code, software attacks on hardware wallets, side channel attacks, hacking industrial control systems and smart cities, quantum and post quantum computing, penetration testing – defining what it means and

Read More

The fine Art of Mentorship

René Pfeiffer/ March 8, 2019/ Discussion, Security

We will support the Rookie Track at BSidesLondon in 2019 again. This is a perfect way for rookies to get started on presenting at a conference. However it is much more – the stages before the presentation is held. Preparing for 15 minutes of talk will keep you busy for ten or twenty times the amount you spend presenting. It depends on the research you have to do, the illustrations you have to create, the code samples, the tests, and a lot more things that need to be sorted out. That’s not an easy task. But you do not have to do it alone. BSidesLondon is looking for rookies and mentors. If you have experience in IT security, being on stage for presentations, research, and preparing materials for workshops and talks, then you should

Read More

(Almost) (Pretty) Final ROOTS 2018 Schedule (last beta version) published!

René Pfeiffer/ November 21, 2018/ Administrivia, ROOTS

We have rearranged the ROOTS 2018 schedule to its final form. You may have noticed that it is more condensed. We thought it would be easier to connect, to discuss, and to exchange ideas without the stretch over two days. Furthermore it is easier to have sessions with a specific focus when there is more unallocated time to use. ROOTS 2018 will get its own keynote presentation, too. We are currently sorting out the details. You may wonder why there are so many empty slots. The reason is simple. ROOTS is an academic workshop. All presentations must be submitted formally correct. Then they are reviewed by the programme committee. The submitted content is graded according to the scientific methods used, research topic, evaluation of the results, the conclusion, and so on. After that there

Read More

DeepSec 2018 Talk: RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues – Ulrike Hugl

Sanna/ November 14, 2018/ Conference

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for identification reasons to start their computers, cars, for smart home applications or to pay by credit card, by hospitals for the control of human biological functions of patients, but also by companies to tag their employees for security reasons and workplace surveillance. All in all, worldwide human implants are mainly used for security, healthcare, and private (individual) reasons. Beside some positive individual or organizational outcomes, implants may compromise privacy and raise manifold ethical questions. For example, research in the

Read More

DeepSec 2018 Talk: Without a Trace – Cybercrime, Who are the Offenders? – Edith Huber & Bettina Pospisil

Sanna/ September 14, 2018/ Conference, Security

Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation in Austria, no evidence-based scientific analysis exists that depicts the bright field of Cybercrime. Therefore an interdisciplinary research group investigated the phenomenon cybercrime regarding the questions – Edith Huber and Bettina Prospisil will present their findings at DeepSec 2018. We asked them a few questions about their talk: Please tell us the top 5 facts about your talk. We will talk about cybercrime, offender profiling, the typical modus operandi and successful methods to apprehend offenders. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation

Read More

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

René Pfeiffer/ July 17, 2018/ Administrivia, Discussion, High Entropy, Security

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special Tor tickets are a way to help the German non-profit registered association Zwiebelfreunde e.V. for rebooting their infrastructure. They run Tor nodes and provide the necessary infrastructure to do this. Members of Zwiebelfreunde have been speakers at DeepSec in the past because they are also active security researchers. The difference between the Tor ticket and the normal ticket price will be given to them to recover the damage to their infrastructure. Security tools such as Tor are widely used

Read More

Call for Papers: Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2018

René Pfeiffer/ June 16, 2018/ Call for Papers, Security

ROOTS 2018 The second Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2017 opens its call for papers. ROOTS is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or effective deployable defences. Submissions can also provide a comprehensive overview of the state-of-the-art, and pinpoint promising areas that have not received appropriate attention in the past. To facilitate interaction with industry, the ROOTS ticket will be valid for all DeepSec conference tracks on both days, including the industry tracks, and the DeepSec conference tickets for the industry track will be valid for ROOTS. The usual rules for academic discounts apply. Please contact the DeepSec staff or our sponsors for

Read More

Science First! – University of Applied Sciences Upper Austria (FHOOe) supports DeepSec

René Pfeiffer/ October 12, 2017/ Conference, Security

The motto of DeepSec 2017 is „Science first!“. This is expressed by the co-located ROOTS workshop, many speakers from academics, topics fresh from the front lines of research, and a mindset that favours facts over fake content or showmanship. This is why we want to thank the University of Applied Sciences Upper Austria for their continued support of DeepSec! Their motto is Teaching and learning with pleasure – researching with curiosity, which fits nicely into the mindset of most information security researchers. They have a wide range of very interesting research projects. If you are interested in courses or collaboration as a company, let them now. We are happy to support you with your enquiry. Lest you forget: DeepSec offers a steep discount for anyone in academic research – be it student or professor.

Read More

DeepSec 2017 Talk: Next-Gen Mirai Botnet – Balthasar Martin & Fabian Bräunlein

Sanna/ September 27, 2017/ Conference, Internet, Security

While you were living in a cave, devices took over the world and got connected to the network. This is the state of affairs we live in right now. As long as nothing happens we don’t notice anything about it. The Mirai (未来) botnet changed this all of a sudden. Consumer devices were drafted into an army of bots. Thanks to the proliferation of networked devices such as cameras, home routers, and others the botnet was very successful. The code was designed to run on embedded devices and is even online for inspection. Let’s take a look at how to improve Mirai. Badly secured embedded devices enabled the largest DDoS attack on critical networks seen to date: The Mirai attacks in 2016 were largely pegged on Internet-exposed telnet with default credentials. While such telnet

Read More

DeepSec 2017 Talk: Malware Analysis: A Machine Learning Approach – Chiheb Chebbi

Sanna/ August 26, 2017/ Conference, Security

Software has a character. It can be beneficial. It can also be malicious. A networked business world and the Internet of connected individuals make life for malicious software, also known as malware, easier. Just like international travel facilitates the spread of diseases and parasites, the networked globe is a big advantage for malware. Researcher can hardly keep up with the numbers of detected viruses, worms, and trojan horses. So why not let machines look for malware on their own? Certainly automation already benefits the hunt for malicious code. Chiheb Chebbi has some ideas that can help. Threats are a growing problem for people and organizations across the globe. With millions of malicious programs in the wild it has become hard to detect zero-day attacks and polymorphic viruses.This is why the need for machine learning-based

Read More

DeepSec 2017 Keynote: Social Science First! – Dr. Jessica Barker

Sanna/ August 24, 2017/ Conference, High Entropy, Security

While the schedule is still preliminary, we have already some confirmations from our speakers. We are happy to announce Dr Jessica Barker as the keynote speaker for DeepSec 2017. Information security has a lot to do with interactions. Despite AI (a.k.a. Assisted Intelligence), „smart“ assistants (a.k.a. paper clips on steroids), and a metric ton of gadgets we still have a lot of contact with human beings. Marketing departments and tech people lost in code often forget this. Jessica will give you something to think about which you can’t discuss with Siri, Alexa, the Google AI, or even HAL 9000. Bruce Schneier popularised the concept in 1999: cyber security is about people, process and technology. Yet almost two decades later, the industry still focuses so much more on technology than the other two dimensions of

Read More

Mythbusting: Anti-Virus Research considered dangerous

Sanna/ August 18, 2017/ High Entropy, Internet, Security Intelligence, Stories

Everyone doing research in information security or doing any work in this field takes some risks. Since most of the „cyber stuff“ is black magic to others not working in this context, there are a lot of problems and severe misunderstandings. The Crypto Wars still haven’t been decided in favour of mathematics. Real people prefer end-to-end encryption over insecure communication all of the time. Proposals of severely damaging information security for all of us by using sanctioned malicious software are still being debated in parliaments. Backdoors, covert or otherwise, are no line of any defence, as many military strategists will readily tell you. Marcus Hutchins was in the news recently, because of claims that he developed a strand of malware tied to attacks on financial institutions. While you can debate all you want about

Read More

DeepSec 2017 Schedule, ROOTS, and Closing of Call for Papers

René Pfeiffer/ August 3, 2017/ Administrivia, Conference

Thanks a lot for your submissions! We are currently in the final phase of the review. Expect the first draft of the schedule for the end of the week. Important: Don’t forget that the Call for Papers for the 1st Reversing and Offensive-oriented Trends Symposium 2017 (ROOTS) is still open and was extended to 15 August 2017! Please submit and help us to put more science into infosec! Given the headlines in the IT (security) news we need all the facts we can get.

ROOTS 2017, DeepSec, and DeepINTEL Call for Papers are still open

René Pfeiffer/ June 26, 2017/ Call for Papers, Internet, Security, Security Intelligence

Our wonderful world of technology is full of surprises, bugs, intentional weaknesses, adversaries, defenders, vendors, and users. Some software just got more lines of code instead of a decent audit or refactoring. Everything is turning smart, but no one knows what smart really means. Big Data is all the fashion, Big Knowledge still isn’t. So there is ample opportunity for security research. And we haven’t mentioned recent weaknesses such as Stack Clash or broken hyperthreading yet. Strategy hasn’t evolved much either. Most high profile attacks seem to contain a lot of cyber, originating from Russia, USA, Israel, North Korea, or China. The context matters, as do the agendas of all parties involved. A thorough and careful analysis can shape the digital defence of your future. This is why we like to discuss methods, incidents,

Read More

The Future of Entangled Security States – Quantum Computing Conference in Berlin

René Pfeiffer/ May 25, 2017/ Conference, Security

Quantum computing is a fashionable term these days. Some IT news articles are talking about post-quantum cryptography, qbits, and more quantum stuff. If you don’t know how the terms relate to each other, what entangled states in quantum physics are, and what everything has to do with computing, then you will have a hard time figuring out what it means for you and your infrastructure. The relationship to cryptography is yet another matter best explored after you know the basics. Using quantum effects in computing and cryptography is already done. The best example are some hardware random generators which use properties of, well, the hardware to harvest entropy. And then there is quantum key distribution (QKD). It is a method to ensure secure communication between two or more nodes. Vienna even had a working

Read More