0311, 2016

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

Sanna/ November 3, 2016/ Conference, Security, Security Intelligence

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. We are still lacking useful definitions for modern IT security threats and we still have to think about the assessment of capabilities in the IT field.Besides institutional actors like states and their military and intelligence community we also have to assess the capabilities of non-institutional actors like terrorist groups or organised crime. Unlike the assessment of classic military strength (eg. fighting power or Kriegsstärkenachweise), assessing the capabilities and powers of actors in the IT field is much more complicated

2110, 2016

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

Sanna/ October 21, 2016/ Conference, Development, Security

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a process to better detect and understand when you’ve been breached?” More and more security data is being produced and usually aggregated into a central location or body to hopefully take quick and informed decisions on attacks or compromises amongst a mountain of data. When you start to include data gathered from your endpoints the amount of data starts to explode exponentially. This level of data provides us with a large amount of visibility. But is having visibility enough? What

0410, 2016

DeepSec2016 Talk: Behavioral Analysis from DNS and Network Traffic – Josh Pyorre

Sanna/ October 4, 2016/ Conference, Internet, Security

What’s in a name? A rose? The preparation for an attack? Or simply your next web page you will be looking at? The Domain Name System (DNS) has gone a long way from replacing text lists of hosts to a full directory service transporting all kinds of queries. DNS even features a security protocol for cryptographically signed zone data. In order to balance the load, name resolution has caches that temporarily store DNS information. Usually organisations run their own DNS resolvers as caches for their infrastructure. Even if it’s just a flat network with local clients all DNS requests are channelled to hit your resolvers. Before applications open a data connection, they will query the local resolver to get address data or other hints on how to contact the other endpoint of the communication.

1503, 2016

Reminder: DeepINTEL 2016 – Call for Papers – Beat Big Data and Full Take with Brains

René Pfeiffer/ March 15, 2016/ Call for Papers, Conference, Security Intelligence

We already published a Call for Papers for the upcoming DeepINTEL 2016. Here are some thoughts to get your creativity going. Standard solutions and off-the-shelf products to solve your security needs are remains from the 1990s. Everything else has gone smart, and that’s how you have to address security problems in the future. NSA director Admiral Michael Rogers told the audience of the RSA Conference 2016 that the NSA cannot counter the digital attacks it faces on its own. GCHQ, the NSA’s British counterpart, has publicly stated that the £860m budget to counter digital adversaries is not sufficient to defend Britain’s digital assets. Modern digital defence needs a sound foundation of data to base decisions on. You can neither combat a forest fire or an infectious disease by blindly throwing money at it. You

1103, 2016

“A Good American” opens next Week in Austrian Theatres

René Pfeiffer/ March 11, 2016/ Administrivia, Discussion, High Entropy, Security, Security Intelligence

For everyone attending DeepSec 2015 we organised a private screening of the film “A Good American”. Everyone else now gets the chance to see this film in theatres beginning on 18 March 2016. Next week there will be the premiere in Vienna, Linz, and Innsbruck here in Austria. Bill Binney will be present himself, and he will answer questions from the audience. We highly recommend “A Good American” to everyone dealing with information security, regardless of the level. Full take and Big Data is not always the answer to your security challenges. Every gadget around is turning smart, and so should you. We hope to see you at the premiere here in Vienna next week!

1502, 2016

Go dark with us! Submit a presentation to DeepINTEL 2016!

René Pfeiffer/ February 15, 2016/ Call for Papers, Conference, Security Intelligence

Information security without intelligence is less than half the fun. That’s why we organise the DeepINTEL 2016 conference. The focus is entirely on the intelligence side of security. Given the events in the recent months it’s about time that you get your focus right and turn your radar on. Flying blind will get you into trouble. The DeepINTEL is a single track / two day event that addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event.

3009, 2015

DeepSec 2015 Talk: Cryptography Tools, Identity Vectors for „Djihadists“ – Julie Gommes

René Pfeiffer/ September 30, 2015/ Conference, Security, Security Intelligence

Some speak of Crypto Wars 2.0. For others the Crypto Wars have never ended. FBI Directory James Comey does not get tired of demanding back doors to IT infrastructure and devices (there is no difference between back door and front door, mind you). Let’s take a step back and look at the threats. We did this in 2011 with a talk by Duncan Campbell titled How Terrorists Encrypt. The audience at DeepSec 2011 was informed that encryption does not play a major role in major terror plots. What about today? Have terrorists adopted new means of communication? Since the authorities demanding access to protected information do not have statistics readily available, we turned to researchers who might answer this question. Julie Gommes will present the results of studies analysing the communication culture of criminal

2609, 2013

DeepSec 2013 Workshop: Developing and Using Cybersecurity Threat Intelligence

René Pfeiffer/ September 26, 2013/ Conference, Security Intelligence, Training

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just stay away from the fancy stuff), and all kinds of Big Data applications that can turn shoddy metrics into beautiful forecasts of Things to Come™ (possibly with a Magic Quadrant on top, think cherry). What could possibly go wrong? Well, it seems attackers still compromise systems, copy protected data, and get away with it. Security often doesn’t „add up“, i.e. you cannot improve your „security performance“ by buying fancy appliances/applications and piling them on top of each other. What

1209, 2013

DeepINTEL 2013 – Thank you!

René Pfeiffer/ September 12, 2013/ Conference, Security Intelligence

The second DeepINTEL conference ended two days ago. We had great talks and met wonderful people sharing insights and exchanging thoughts about how to cope with information security. Our thanks go to everyone attending DeepINTEL 2013! In case you missed this year’s opportunity, there will be a DeepINTEL 2014 conference. Its date will be announced at DeepSec 2013. If you have content for DeepINTEL 2014, please get in touch with us as soon as possible!

3008, 2013

DeepINTEL Schedule Update: New Talk – “Advanced Security through Network Intelligence”

René Pfeiffer/ August 30, 2013/ Administrivia, Conference, Security Intelligence

Due to personal reasons one of our DeepINTEL speakers had to unfortunately cancel his appearance. Therefore we present a new talk held by Caroline Krohn. The title is “Advanced Security through Network Intelligence”. „Network Intelligence“ is the sum of findings extracted from people’s activities in the internet. Information related to people can be either, restricted and protected by any kind of encryption, or public and available to everybody. Nowadays, it is almost sufficient to collect data from open sources to put together a precise profile on a person of interest. Transparency does not only occur through own postings on so-called social networks, such as Facebook, Xing, LinkedIn, Twitter. Third party mentions and pictures other people post and tag, etc. also help following people’s activities outside the internet. Even the decision not to appear on

1108, 2013

DeepINTEL 2013 – New Talk: “Hackers NG” – Dealing with the Security Skills Shortage

René Pfeiffer/ August 11, 2013/ Conference, Security Intelligence

Cooling temperatures in Vienna bring new talks to DeepINTEL. We are proud to announce a talk by Colin McLean, lecturer in Computing at the University of Abertay Dundee in Scotland. He discussed the problem of finding hackers with security skills (and who probably do not possess the attributes Mr Hayden sees in his own IT staff). The abstract reads as follows: There is a cyber security skills shortage and it’s becoming a world-wide concern with many stakeholders warning of impending doom. Browsing the Internet shows that this concern is not only expressed from the USA, and the UK, but all over the world. Mark Weatherford of the US Department of Homeland Security has stated “The lack of people with cyber security skills requires urgent attention. The DoHS can’t find enough people to hire.”. The

0508, 2013

DeepINTEL 2013 – New Talk „Mutually Assured Pwnage“

René Pfeiffer/ August 5, 2013/ Conference, Security Intelligence

We have added a new talk to the DeepINTEL 2013 schedule. Karin Kosina will talk about „Mutually Assured Pwnage“ and critically explore what Cold War analogies can and cannot teach us about war in the 5th domain. “Cyberwar” has become a thing (never mind that no-one seems to really know what that thing really is). Along with the militarisation of cyberspace – or “the fifth domain of warfare” – there has been a flurry of attempts to draw analogies to other models of conflict. While this is understandable to a certain extent – What worked in the past may work again in the future, right? And let’s not be so cynical here to speak about hammers and things that look like nails… –, it has in many cases only added to the confusion around an already confused

1607, 2013

DeepINTEL 2013 – Preliminary Schedule

René Pfeiffer/ July 16, 2013/ Conference, Schedule, Security Intelligence

The preliminary schedule of the DeepINTEL conference is ready! We have selected the presentations carefully and tried to address in-depth threats to (y)our infrastructure and (y)our data. Here are the abstracts of the talks (in alphabetical order, according to the speakers name), that we are allowed to publish publicly: Compliance and Transparency of Cloud Features against Security Standards (Yury Chemerkin) Nowadays cloud vendors provide a solid integration, virtualization and optimization in many fields (for example medical, business, and education) for online services. Such services operate with sensitive data which attracts attackers. There are quite different security controls and metrics for every Cloud service provider. It is generally known that several industrial organizations are focused on keeping an appropriate security level by offering solutions to improve the transparency of Cloud security controls among different vendors.

0203, 2013

Post-Crypto in a Pre-APT World

René Pfeiffer/ March 2, 2013/ High Entropy, Security Intelligence

There was a Cryptographers’ Panel session at the RSA Conference with Adi Shamir of the Weizmann Institute of Science, Ron Rivest of MIT, Dan Boneh of Stanford University, Whitfield Diffie of ICANN and Ari Juels of RSA Labs. You have probably read Adi Shamir’s statement about implementing (IT) security in a „post-crypto“ world. He claimed that cryptography would become less important for defending computer systems and that security experts have to rethink how to protect valuable information in the light of sophisticated Advanced Persistent Threats (APTs). „Highly secured“ Infrastructure has been compromised despite „state of the art” defence mechanisms. So what does rethinking really mean? Do we have to start from scratch? Should we abandon everything we use today and come up with a magic bullet (or a vest more appropriately)? Our first implication

1312, 2012

DeepINTEL 2013 Call for Papers is open!

René Pfeiffer/ December 13, 2012/ Administrivia, Security Intelligence

During the opening of DeepSec 2012 we announced that there will be a second DeepINTEL seminar taking place in Summer 2013. We have successfully explored topics of security intelligence and strategic security at the past seminar. We wish to continue and ask you to send us submissions for presentations by e-mail. DeepINTEL is a single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event. In addition there will be no recordings published

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: