DeepSec 2023 Talk: The Attackers Guide to Exploiting Secrets in the Universe – Mackenzie Jackson

Sanna/ October 12, 2023/ Conference/ 0 comments

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the

Read More

DeepSec 2013 – CfP: Covering Secrets, Failures & Visions!

René Pfeiffer/ February 21, 2013/ Conference, Security

DeepSec 2013 – Secrets, Failures & Visions – Call for Papers We are preparing the call for papers for DeepSec 2013, and we are trying to shift your mindset. We could easily come up with a list of trending technologies, gadgets and behaviours that will have an impact on information security. Instead we are looking for presentations and workshops dealing with secrets, failures and visions. This gives us another perspective and hopefully more to think about. Secrets Every person, every group, every enterprise and every government has them. Secrets are the very reason why information security uses encryption, access control, even doors and locks (physical and otherwise). You wouldn’t need all of this if it weren’t for safeguarding the secrets. Failures Sometimes things go wrong. Often not only by malicious action, but also by

Read More

DeepSec 2012 Showcase: Cuteforce Analyzer

René Pfeiffer/ November 13, 2012/ Discussion, Security

The University of Applied Sciences Upper Austria will be showing the Cuteforce Analyzer at DeepSec 2012. This beast is a massively parallel computing cluster for cryptographic applications. The goals of this project was to develop a cluster framework and to evaluate suitable hardware. The cluster itself utilises two different types of co-processors, namely the well-known graphics processing units (GPUs) also used in super-computing, and field-programmable gate arrays (FPGAs). Both types of processors have their strength and weaknesses, both depending on the algorithm being executed on the hardware. The cluster framework connects both hardware platforms, and assigns computing tasks according to the advantages of the co-processor. Thus you get to use all the advantages; in addition the framework software makes sure that you can use the different hardware processors as a whole. The research team

Read More