Tag Archive

Communiqué de presse traduit: Les applis COVID-19 dévoilent leur logiciel pendant la crise

Published on May 13, 2020 By sanna

En novembre, la conférence sur la sécurité DeepSec mettra en lumière la mascarade des logiciels. On dit souvent, « il y a forcément une appli pour ça ! ». Cette formule toute faite est souvent prise à la légère, même en dehors du secteur informatique. La crise actuelle du COVID-19 a de nouveau désigné le […]

Translated Article: Ten EU Countries already rely on decentralized Corona Virus Apps

Published on May 12, 2020 By sanna

Schon zehn EU-Staaten setzen auf dezentrale Coronavirus-Apps by Erich Moechel for fm4.orf.at Apple and Google also support the privacy-friendly, decentralized protocol DP-3T. Without technical support in the operating systems of these two groups, no app with Bluetooth tracing can deliver useful results. The decision by Austria and Switzerland to use a corona virus app with […]

Translated Press Release: Covid-19 Apps show Software Development in Crisis

Published on May 8, 2020 By sanna

In November, the DeepSec security conference will highlight the software masquerade. In everyday language there is the saying “There’s an app for that!”. The phrase is often used as a joke, even outside the IT industry. The current Covid-19 crisis has once again addressed computer code as a universal solution to problems that are not […]

Secure Design – Combining Information Security with Software Development

Published on February 5, 2020 By René Pfeiffer

Information security researchers usually see software fail. Sometimes they try to make software fail on purpose. The result is a bug description, also called vulnerability report in case the bug has a security impact. The the best case scenario this information reaches the software developers who in turn fix the problem. Then the cycle continues. […]

Translated Article: Campaign of the Spy Alliance “Five Eyes” against WhatsApp and Co

Published on January 8, 2019 By sanna

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone. Every two years, around the same time, a campaign of the espionage […]

ROOTS 2018: Library and Function Identification by Optimized Pattern Matching on Compressed Databases – Maximilian von Tschirschnitz

Published on January 7, 2019 By sanna

[Editor’s note: This article belongs to the Reversing and Offensive-oriented Trends Symposium 2018 (ROOTS). It was misplaced, so we publish it today. Maximilian’s talk was recorded and can be watched on Vimeo.] The goal of library and function identification is to find the original library and function to a given machine-code snippet. These snippets commonly […]

ROOTS 2018 Talk: The Swift Language from a Reverse Engineering Perspective – Malte Kraus & Vincent Haupert

Published on November 13, 2018 By sanna

Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising adoption of this new […]

Last Call for your Web Application Security Training – Break all teh Web and enjoy it!

Published on November 9, 2018 By René Pfeiffer

The Internet is full of web applications. Sysadmins used to joke that HTTP is short for Hypertext Tunnelling Protocol, because anything but web content is transported via HTTP these days. It’s the best way to break out of restricted environment, too. So the chances are good that you will need the skills for dealing with […]

DeepSec 2018 Talk: Injecting Security Controls into Software Applications – Katy Anton

Published on September 20, 2018 By sanna

“SQL Injection was first mentioned in a 1998 article in Phrack Magazine. Twenty years later, injection is still a common occurrence in software applications (No.1 in latest OWASP Top 10 2017). For the last 20 years, we have been focusing on vulnerabilities from an attacker’s point of view and SQL injection is still King. Something […]

Disclosures, Jenkins, Conferences, and the Joys of 0Days

Published on November 17, 2016 By René Pfeiffer

DeepSec 2016 was great. We have slightly recovered and deal with the aftermath in terms of administrivia. As announced on Twitter, we would like to publish a few thoughts on the remote code execution issue found by Matthias Kaiser. He mentioned the possibility in this presentation titled Java Deserialization Vulnerabilities – The Forgotten Bug Class. […]

DeepSec 2016 Workshop: Do-It-Yourself Patching: Writing Your Own Micropatch – Mitja Kolsek

Published on October 13, 2016 By sanna

The current state of updating software – be it operating systems, applications or appliances – is arguably much better than it was a decade ago, but apparently not nearly good enough to keep even the most critical systems patched in a timely manner – or at all, says Mitja Kolsek. Official vendor updates are cumbersome, […]

Thoughts on Lawful Malicious Software and its Impact on IT Infrastructure

Published on April 14, 2016 By sanna

During the premiere of „A Good American“ we had a chat with journalists. Markus Sulzbacher of Der Standard wanted to know what the implication of the so-called Bundestrojaner (litterally federal trojan, the colloquial German term for the concept of inserting government malware in order to extract information from a suspect’s computer and telephone devices). The […]

Return of the Penguin Challenge – ELF (?) Binary (?)

Published on April 5, 2016 By René Pfeiffer

Our friends from BSidesLondon have set up a challenge for you. It’s a little ELF binary with some odd properties. That’s all we will tell you. Have a look for yourself. In case you are forensically inclined, we might have a little Call for Papers email for you. There is a lot of strange code […]

DeepSec Video: HackingTeam – How They Infected Your Android Device By 0days

Published on February 20, 2016 By René Pfeiffer

Backdoors are very popular these days. Not only cybercrime likes extra access, governments like it too. There’s even a lucrative market for insecurity. You can buy everything your IT team defends against legally. Hacking Team is/was one of the companies supplying 0days along with intrusive software to take over client systems. Attila Marosi explained at […]

DeepSec Video: Not so Smart – On Smart TV Apps

Published on February 18, 2016 By René Pfeiffer

„Smart“ follows the footsteps of „cyber“. Everything is smart nowadays. The problem is that using smart in this context just means a combination of „Turing complete“ and „connected to the Internet“. That’s it. This is a pretty low barrier for calling something „smart“. t DeepSec 2015 Markus Niemietz held a presentation about the state of […]