Tag Archive

DeepSec 2018 Talk: Injecting Security Controls into Software Applications – Katy Anton

Published on September 20, 2018 By sanna

“SQL Injection was first mentioned in a 1998 article in Phrack Magazine. Twenty years later, injection is still a common occurrence in software applications (No.1 in latest OWASP Top 10 2017). For the last 20 years, we have been focusing on vulnerabilities from an attacker’s point of view and SQL injection is still King. Something […]

DeepSec 2018 Talk: New Attack Vectors for the Mobile Core Networks – Dr. Silke Holtmanns / Isha Singh

Published on September 19, 2018 By sanna

DeepSec has a long tradition of tackling the security of mobile networks and devices alike. The first DeepSec conference featured a presentation about the A5/1 crack. Later one we offered trainings covering mobile network security and weaknesses. So we are proud to announce Isha Singh’s and Silke Holtmanns’ talk about new attack vectors. Here is […]

DeepSec 2018 Talk: Pure In-Memory (Shell)Code Injection in Linux Userland – reenz0h

Published on September 18, 2018 By sanna

A lot of research has been conducted in recent years on performing code injection in the Windows operating system without touching the disk. The same cannot be said about *NIX (and Linux specifically). Imagine yourself sitting in front of a blinking cursor, using a shell on a freshly compromised Linux server, and you want to […]

DeepSec 2018 Talk: Orchestrating Security Tools with AWS Step Functions – Jules Denardou & Justin Massey

Published on September 17, 2018 By sanna

Increasingly frequent deployments make it impossible for security teams to manually review all of the code before it is released. Jules Denardou and Justin Massey wrote a Terraform-deployed application to solve this problem by tightly integrating into the developer workflow. The plugin-based application has three core components, each represented by at least one Lambda function: […]

DeepSec 2018 Talk: Without a Trace – Cybercrime, Who are the Offenders? – Edith Huber & Bettina Pospisil

Published on September 14, 2018 By sanna

Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation in Austria, no evidence-based scientific analysis exists that depicts the bright field of Cybercrime. Therefore an interdisciplinary research group investigated the phenomenon cybercrime regarding the questions – Edith Huber and Bettina Prospisil will present their findings at […]

DeepSec 2018 Talk: Left of Boom – Brian Contos

Published on September 13, 2018 By sanna

By Brian Contos, CISO of Verodin: “The idea for my presentation “Left of Boom” was based on conversations I was having with some of my co-workers at Verodin. Many people on our team are former military and some served in Iraq and Afghanistan where they engaged in anti-IED (Improvised Explosive Device) missions. During these conversations […]

DeepSec 2018 Talk: Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering – Kevin Sheldrake

Published on September 6, 2018 By sanna

HiTag2 is an Radio-Frequency Identification (RFID) technology operating at 125KHz.  It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all.  As a result […]

DeepSec 2018 Talk: Defense Informs Offense Improves Defense – How to Compromise an ICS Network and How to Defend It – Joe Slowik

Published on September 5, 2018 By sanna

Industrial control system (ICS) attacks have an aura of sophistication, high barriers to entry, and significant investment in time and resources. Yet when looking at the situation – especially recent attacks – from a defender’s perspective, nothing could be further from the truth. Initial attack, lateral movement, and entrenchment within an ICS network requires – […]

DeepSec 2018 Talk: Can not See the Wood for the Trees – Too Many Security Standards for Automation Industry – Frank Ackermann

Published on September 4, 2018 By sanna

“Plant operators and manufacturers are currently faced with many challenges in the field of automation.”, says Frank Ackermann. “Issues such as digitization, Industry 4.0, legal requirements or complex business processes that connect IT and OT are paramount. Related security problems and risks need to be addressed promptly and lastingly. Existing and newly created industry security […]

DeepSec 2018 Talk: Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests – Tomasz Tuzel

Published on September 3, 2018 By sanna

Over the last decade we have seen a rapid rise in virtualization-based tools in which a hypervisor is used to gain insight into the runtime execution of a system. With these advances in introspection techniques, it is no longer a question of whether a hypervisor can be used to peek inside or even manipulate the […]

DeepSec 2018 Talk: Open Source Network Monitoring – Paula de la Hoz Garrido

Published on August 31, 2018 By sanna

“I’d like to offer an introduction into Network System Monitoring using different open tools available in Linux.”, says Paula. “The talk is a technical approach to identify the best sniffing points in a network and how to orchestrate a full analysis of the content to secure the network, as well as showing ideas of collaborative […]

DeepSec 2018 Talk: Building your Own WAF as a Service and Forgetting about False Positives – Juan Berner

Published on August 30, 2018 By sanna

When a Web Application Firewall (WAF) is presented as a defensive solution to web application attacks, there is usually a decision to be made: Will this be placed inline (and risk affecting users due to outages or latency) or will it be placed out of band (not affecting users but not protecting them either). In […]

DeepSec 2018 Talk: DNS Exfiltration and Out-of-Band Attacks – Nitesh Shilpkar

Published on August 27, 2018 By sanna

“The Domain Name System or DNS is one of the most fundamental parts of the Internet”, says Nitesh Shipkar. “It is crucial for a billion of users daily to help us build presence on the internet using names humans can understand rather than IP addresses. However, DNS comes with security issues organizations should be aware […]

DeepSec 2018 Conference “Smart is the new Cyber” – Preliminary Schedule published

Published on August 17, 2018 By lynx

The preliminary schedule for DeepSec 2018 has been published. It took us some time to select and review all submissions. We cracked the 100 submissions mark, thus we are pleased that you made it very difficult for us this year. The number of slots for presentations and workshops has been constant. The number of content […]

BSidesLondon 2018 Rookie Track Follow-Up

Published on June 8, 2018 By lynx

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is […]