2310, 2025

DeepSec 2025 Talk: Ransomware vs. Info Stealers: A Comparative Analysis – Steph Shample

Sanna/ October 23, 2025/ Conference/ 0 comments

This talk provides a clear and practical comparison between two dominant forms of malware: ransomware and information stealers. While both are used by threat actors to profit from compromised systems, their methods, visibility, and impact differ dramatically. We’ll start by defining each threat type and examining their primary objectives — ransomware aims for immediate financial gain through extortion, while info stealers quietly extract credentials, financial data, and other sensitive information for resale or future attacks. Worth noting is that Info stealers can and are often used as a precursor for a ransomware attack, connecting these two forms of malware in malicious operations. We’ll start by defining each threat type and examining their primary objectives — ransomware aims for immediate financial gain through extortion, while info stealers quietly extract credentials, financial data, and other sensitive

2210, 2025

DeepSec 2025 Talk: Hacking Furbo: A Pet Project – Julian B., Calvin S.

Sanna/ October 22, 2025/ Conference/ 0 comments

Embarking on our first hardware hacking project, we came across the `Furbo` treat dispensing smart-camera for pets. This device had previous security research completed; however, years had passed without further analysis. With a few devices in tow, we pulled them apart and got to hacking. Over the course of 3 months of research, we identified vulnerabilities in the mobile application, in the Bluetooth communications, and on the device. This talk will showcase our journey to destroy pet-surveillance devices, our struggles with defeating the firmware encryption, more than a few vulnerabilities found along the way, and we will show you how we got it to play Darude Sandstorm! We asked Julian and Calvin a few more questions about their talk. Please tell us the top 5 facts about your talk. This was our first ever

2110, 2025

DeepSec 2025 Talk: Quantum Safe Cryptography: The Future of Cyber(un)security – Lukas Mairhofer

Sanna/ October 21, 2025/ Conference/ 0 comments

There is a cybersecurity threat looming that will change everything. Conveniently enough, it can be ignored until it is way too late to act: once available, Cryptographically Relevant Quantum Computers (CRQC) will effortlessly break asymmetric cryptographic algorithms such as RSA and ECC on which we build our current security infrastructure. In my talk, I will first discuss what makes Quantum Computers uniquely powerful, translating complex physical concepts into practical implications for cybersecurity. We will explore how Shor’s algorithm undermines current cryptographic assumptions and why digital signatures and public key infrastructures are particularly vulnerable. Attendees will gain an overview of the timeline for the development of CRQC, the principal actors in the field and why CRQC endangers our privacy already today. The session will then turn to mitigation strategies, exploring two promising paths: Quantum Key

2010, 2025

DeepSec 2025 Talk: The Anatomy of DragonRank: Understanding and Defending Against SEO-Driven IIS Compromises – Joey Chen

Sanna/ October 20, 2025/ Conference/ 0 comments

DragonRank, a sophisticated threat actor, primarily targets countries in Asia and a select few in Europe, utilizing deploy BadIIS malware across compromised IIS servers for SEO rank manipulation. In 2023, we already uncovered DragonRank’s commercial website, business model, and instant message accounts. So, what tactics did DragonRank use in these attacks, and most importantly, how can we defend against them? To answer these questions, we will first discuss how DragonRank compromised Windows IIS servers hosting corporate websites all around the world. Following that, we will discuss the advanced persistence methods employed by DragonRank including lateral movement, privilege escalation and deployment of BadIIS/PlugX in the system. Furthermore, we will explore the details of two unique real-life case studies used by the DragonRank actor from initial access to configuration IIS server to their profitable part. We

1610, 2025

DeepSec 2025 Talk: Fake News, Fake Pics: Securing Image Provenance in a Post-Quantum World – Maksim Iavich

Sanna/ October 16, 2025/ Conference/ 0 comments

With quantum computers on the horizon, today’s cryptographic defenses are running out of time. Fake news, deepfakes, and manipulated media already threaten digital trust, and quantum attacks will soon break the few remaining verification systems. Post-Quantum VerITAS is designed to secure digital content in both classical and post-quantum worlds, ensuring that image provenance remains verifiable even against adversaries with quantum capabilities. Our system combines lattice-based hash functions, post-quantum zk-SNARKs, and quantum-resistant digital signatures such as CRYSTALS-Dilithium. Unlike C2PA, which fails when images are modified or quantum attacks render its cryptography obsolete, Post-Quantum VerITAS provides a trustless, scalable, and quantum-secure solution. It enables real-time verification of images even after edits like cropping, resizing, or blurring, without requiring reliance on centralized authorities. In this talk, we will break down the cryptographic foundations of Post-Quantum VerITAS, demonstrate

1010, 2025

DeepSec 2025 Talk: Securing the Death Star: Threat Modeling in a Galaxy Far, Far Away…. – Coen Goedegebure

Sanna/ October 10, 2025/ Conference/ 0 comments

The Galactic Empire is on the verge of releasing its biggest, most valuable and most important asset: the Death Star. You, the newly appointed Chief Imperial Security Officer, are responsible for improving its security posture. The previous CISO was “let go” and now it’s your job to clean up their mess. Your boss, Darth Vader, is breathing heavily down your neck. He is not amused with the project already over budget in both resources and time, and security will only add to that. His unconventional yet persuasive leadership style convinces you to make this your top-most priority. How will you approach the massive task of securing the Death Star? This presentation will tell an untold story in the Star Wars universe in which the Death Star’s threats and mitigations were identified and prioritised before

0910, 2025

DeepSec 2025 Talk: Catching WordPress 0-Days on the Fly – Ananda Dhakal

Sanna/ October 9, 2025/ Conference/ 0 comments

WordPress powers over 40% of the web, making its plugin ecosystem a prime target for attackers. While security researchers manually audit plugins for vulnerabilities, the ever-growing number of third-party extensions makes this approach inefficient. What if we could find all the vulnerabilities right after developers publish them? In this talk, we introduce a research-driven methodology for identifying 0-day vulnerabilities in WordPress plugins using static code analysis. We will showcase how we built a tool that continuously monitors the WordPress Plugin Repository via its SVN system, detects newly pushed code or change sets in real-time using multi-threading, and flags potentially dangerous patterns. By leveraging static analysis, the tool identifies sensitive functions and automatically alerts researchers when risky code is introduced. We will dive into the inner workings of this automation, discuss the challenges of scaling

0810, 2025

DeepSec 2025 Talk: From Firewalls to Fragmentation: Identifying Adversarial Traffic in a Politically Divided Internet – Vladimer Svanadze

Sanna/ October 8, 2025/ Conference/ 0 comments

This talk presents a multidimensional analysis of Internet fragmentation, examining how political, technical, economic and cybersecurity factors are converging to break apart the global Internet. While often viewed through a policy lens, fragmentation has real-world implications at the packet level. We introduce a lightweight, rule-based detection model capable of identifying fragmented, mis-configured and adversarial IP/UDP traffic. Built upon RFC 791 semantics, the model analyzes packet offset alignment, TTL discrepancies and payload irregularities to classify traffic without reliance on machine learning. Through controlled experiments using synthetic fragmented traffic, we show how fragmentation behaviors map directly to geopolitical and cybersecurity-driven disruptions. This session will bridge the gap between global governance debates and low-level protocol behaviors, offering tools and insights for analysts, researchers and defenders navigating an increasingly segmented digital landscape. We asked Vladimer a few more

0710, 2025

DeepSec 2025 Talk: Predicting IOCs with Historical Analysis – Josh Pyorre

Sanna/ October 7, 2025/ Conference/ 0 comments

What does looking at the history of malware, threat actors, and related network infrastructure tell us about the future? Are there unexpected connections to be found to help us not only find attribution, but potentially discover what to block, what to watch out for, and even predict where the next threat will be? Through the analysis of historical data of various malware variants, focusing primarily on ransomware, I will show the relationships of infrastructure and other indicators of compromise in an attempt to develop a mechanism for predicting how and where future threats might operate. This presentation will discuss the methods of collecting data and finding connections, and will help the attendees apply these results to their threat modeling and mitigation practices. We asked Josh a few more questions about his talk. Please tell

0410, 2025

DeepSec 2025 Talk: Man-In-The-Service: Truly OpSec Safe Relay Techniques – Tobia Righi

Sanna/ October 4, 2025/ Conference/ 0 comments

Recently, due to EDRs, it has become harder and harder to abuse credential access by dumping LSASS after compromising a Windows server and gaining local administrator on it. So, many red-teamers, pentesters and APTs have moved towards a stealthier way of abusing credentials access by relaying such credentials in real-time to other mis-configured servers in the network. Gaining administrative access to a server can be quite helpful in this; however, all current techniques are not very effective and/or require complete or partial disruption of existing Windows services, making them not very opsec safe. Introducing RelayBox, a new technique to perform a Man-In-The-Service attack. Using RelayBox, an attacker is able to place themselves in between a legitimate Windows service, relay valid authentication attempts, without any disruption to the service’s usability. This creates a transparent proxy

0210, 2025

DeepSec 2025 Talk: Machine Learning Poisoning: How Attackers Can Manipulate AI Models for Malicious Purposes – Shahmeer Amir

Sanna/ October 2, 2025/ Conference/ 0 comments

The use of machine learning and artificial intelligence has been on the rise in various industries, including the field of cybersecurity. These technologies have shown great potential in detecting and mitigating cyber threats, but they also come with their own set of risks. One of the most significant risks is the threat of machine learning poisoning attacks. Machine learning poisoning attacks involve an attacker manipulating the data or the learning algorithm used by an AI model to compromise its accuracy or functionality. This type of attack is particularly dangerous because it can go undetected for a long time, and it can be challenging to trace its origins. A successful poisoning attack can result in the AI model making incorrect decisions, which can lead to a security breach or data loss. The session will cover

0110, 2025

DeepSec 2025 Talk: Breaking Into OT Environments: Exploiting Vulnerabilities to Compromise Critical Infrastructure – Avanish Pathak

Sanna/ October 1, 2025/ Conference/ 0 comments

In this session, we’ll delve into how attackers systematically exploit weaknesses in Operational Technology (OT) systems to compromise critical infrastructure. OT systems—including building management systems (BMS), access control systems (ACS), and surveillance networks (CCTV)—are the backbone of many critical sectors, managing everything from facility operations to security and environmental controls. Despite their importance, these systems are often neglected in cybersecurity frameworks, making them prime targets for exploitation. We’ll explore real-world attack vectors and strategies used by adversaries to infiltrate OT environments, focusing on how they gain control over critical systems. Through a real-world example, I’ll demonstrate how I successfully gained unauthorized access by chaining faulty configurations to compromise a building management system (BMS). We’ll break down how attackers exploit common entry points, escalate privileges, and disrupt operations. Additionally, we’ll examine how adversaries move laterally

1611, 2024

DeepSec 2024 Talk: Executive Breach Simulation Toolkits – Pavle Bozalo, Aron Feuer & Matias Ulloa

Sanna/ November 16, 2024/ Conference

As cyberattacks multiply and become more sophisticated, executive breach simulation toolkits have become essential. Enabling organizations to simulate, predict, and assess the impact of potential security breaches from an executive perspective is necessary to know how to keep organizations safe. Unfortunately, simulations are broken. Simply put, they don’t properly prepare leaders and security practitioners for security breaches. This talk will look at the evolving landscape of breach simulation toolkits designed for security practitioners, focusing on their role in enhancing cybersecurity strategies, incident preparedness, and organizational resilience. We will see how simulations can be engaging, while remaining instructive and preparing people for actual cyber events. We’ll discuss how these toolkits work, why they’re essential for making smarter business decisions around cybersecurity, and how they help align leadership with technical teams. Real-world examples will show how

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: