DeepSec 2023 Talk and Breakout Session: Let’s Prepare for the Unexpected – Erlend Andreas Gjære

Sanna/ November 15, 2023/ Conference/ 0 comments

What happens when a large group of more or less connected individuals need to deal with a cyber incident, together? In this interactive hands-on session, we will try to experience – first-hand – just how challenging it can be to keep information flowing, make the right decisions and protect our assets while dealing with a simulated crisis. We asked Erlend a few more questions about his talk and breakout session. Please tell us the top 5 facts about your talk and workshop. This will be an interactive session, and everyone can join! We are going to prepare for a cyber incident, together People share anonymous inputs via their phones Participants also receive individual updates on their phones There will be a breakout session afterwards for a deep-dive tabletop How did you come up with

Read More

DeepSec 2023 Talk: Oil – But at What Cost: Azerbaijan and the EU’s Murky Partnership – Pavle Bozalo

Sanna/ November 3, 2023/ Conference/ 0 comments

Since Russia’s invasion of Ukraine, the European Union has rightfully sought to reduce its dependence on Russian oil with the ultimate aim of completely eliminating it. In this quest for trustworthy oil suppliers, Brussels has turned to countries such as Azerbaijan who, although wealthy in oil, have dubious human rights records and who, in many ways, are at the forefront of cyber surveillance and cyberwarfare. This quest has come at a cost, with the EU keeping mum on Azerbaijan’s armed invasion of the Nagorno-Karabakh territories southwards of Armenia – a scenario otherwise eerily similar to Russia’s armed invasion. As it cracks down on spyware within the EU, the European Commission buys Azeri President Aliyev’s oil, apparently unaware of hackers from Baku rolling out spyware and remote access trojans. Not only do Armenian officials find

Read More

DeepSec 2023 Tech Track Workshop: Tabletop Exercise/War Games – Julian Botham & Aron Feuer

Sanna/ October 21, 2023/ Conference/ 0 comments

The objective of an tabletop exercise is to assess and enhance an organization’s preparedness and executive decision-making protocols in the event of a ransomware attack. The exercise will simulate a ransomware attack on critical systems, culminating in encrypted files and a ransom demand. Participants will role-play as C-suite executives, IT security managers, legal advisors, and the public relations team. The exercise will cover key activities, such as initial incident identification, activation of the incident response team, internal and external communication protocols, decision-making concerning ransom payment, coordination with law enforcement, system recovery and restoration, and post-incident analysis. We asked Julian and Aron a few more questions about their tabletop exercise. Please tell us the top 5 facts about your talk. The average ransom in 2023 is $1.54 million, almost double the 2022 figure of $812,380

Read More

DeepSec 2023 Talk: Improving Cyber Resilience Through Micro Attack Simulations – Christian Schneider & Kevin Ott

Sanna/ October 20, 2023/ Conference/ 0 comments

With the increasing adoption of Red Teaming and Purple Teaming in the cybersecurity industry, organizations that have achieved high levels of security maturity can greatly benefit from these activities. However, organizations at the onset of building a security program are often left out. This talk introduces Micro Attack Simulations, an innovative approach that allows organizations to validate specific security controls without waiting for full-blown Red Teaming exercises. Micro Attack Simulations focus on assessing single or multiple security controls that are already implemented, providing a valuable approach for organizations aiming to bolster their cyber resilience. These simulations not only focus on technical aspects but also consider non-technical security controls such as escalation procedures and reporting paths during security incidents. As a result, organizations can derive specific Red Team unit tests and perform a gap analysis

Read More

DeepSec 2023 Talk: The Attackers Guide to Exploiting Secrets in the Universe – Mackenzie Jackson

Sanna/ October 12, 2023/ Conference

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the

Read More

DeepSec 2023 Talk: Up Close & Personnel – Chris Carlis

Sanna/ October 11, 2023/ Conference

You work hard to defend against internet-based threats, but how prepared are you when the attacker is on your literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can cause a difficult to detect network compromise. Attendees will gain a stronger understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited. We asked Chris a few more questions about his talk. Please tell us the top 5 facts about your talk. People often underestimate the amount of practice and level of skill needed to execute a good number of physical testing techniques. Your perimeter is probably bigger than you think or would

Read More

DeepSec 2023 Talk: KENOUGH: More Than Just a Pretty Interface – Daniel Kroiss & Stefan Prinz

Sanna/ October 9, 2023/ Conference

The vast majority of organizations on our planet are SMEs who do not have the capability to leverage professional Threat Intelligence Tools or even have Threat Intelligence Teams. They continuously struggle to prioritize their efforts fixing security problems but are typically not focusing on the right stuff. Not all threat actors are equally likely to penetrate your organization. Therefore, not all TTPs are equally likely to be leveraged against you. MITRE ATT&CK is the de facto standard in researching current TTPs and figuring out how to detect and prevent them from happening. We created a small but powerful tool based on MITRE ATT&CK to easily figuring out connections between Threat Actors, malware, TTPs and their relevance to your industry to help you figure out what to focus on. The tool is specifically built for

Read More

DeepSec 2023 Talk: Adding Intelligence into a Security Program – Catalin Curelaru

Sanna/ October 6, 2023/ Conference

Cyber threat intelligence has become a critical security area for organisations trying to defend against threat actors. It is slowly making the shift from a buzzword to an actionable true program. But how confident are you as a security professional that you are moving in the right direction? Should a CTI program heavily focus on the APTs and ransomware groups, or could the focus be elsewhere? The following presentation will walk you through an APT case, present some key prioritizations on what is relevant at a specific time for a CTI program and evolve as time goes on. A reference case can be found online. We asked Catalin a few more questions about his talk. Please tell us the top 5 facts about your talk. APTs, Pandas, Bears, Visma Security Program, Cyber Threat Intelligence

Read More

DeepSec 2023 Talk: Post-quantum digital signatures using Verkle tree and AI in post-quantum cryptography – Maksim Iavich

Sanna/ October 3, 2023/ Conference

Recent advancements in quantum computing research have made significant progress. If we achieve a functional quantum computer, it has the potential to undermine the security of current public key cryptosystems, which are widely integrated into commercial products. Although there have been proposed solutions to counter quantum attacks, these solutions currently grapple with security and efficiency concerns in everyday use. This talk focuses on exploring hash-based digital signature techniques, particularly those rooted in Merkle tree structures. The research deeply investigates the viability of Verkle trees and vector commitments, introducing pioneering concepts within this field. At DeepSec I will present a novel post-quantum digital signature, using modern technologies, such as Verkle tree. I will talk about the working methology of making the signature post-quantum secure. I will describe the attack on post-quantum digital signatures using machine

Read More

DeepSec 2023 Talk: The Evolution of Linux Binary Exploitation: From Outdated Techniques to Sophisticated Modern Attacks – Ofri Ouzan & Yotam Perkal

Sanna/ September 28, 2023/ Conference

In the ever-evolving realm of cybersecurity, the cat-and-mouse game between attackers and defenders continues to intensify. To safeguard critical systems against malicious exploitation, the hardening of binary files has emerged as a fundamental security measure. However, no security measure remains impervious to threats, and binary hardening techniques face ongoing challenges. This talk aims to shed light on the significance of binary hardening as a countermeasure against growing vulnerabilities. Through a comprehensive examination, we explore both traditional and contemporary binary exploitation techniques, providing real-world insights into modern exploiting methodologies that bypass protective mechanisms implemented through binary hardening. Our research addresses the lack of accurate and complete sources of information on binary hardening, emphasizing the importance of understanding ELF file structure and attacker avoidance strategies. By encouraging vigilance among developers and defenders, we aim to raise

Read More

DeepSec 2023 Talk: Using RPA to Simulate Insider Threats – Andrei Cotaie & Cristian Miron

Sanna/ September 27, 2023/ Conference

In a world where trust is a currency, and information is power, meet Jim, the innocent accountant, with access to many financial secrets. When his dream promotion slips through his fingers, Jim crosses the line from hero to rogue, unleashing a hidden fury fueled by betrayal. Lacking any technical skills but armed with insider knowledge, he becomes the ultimate insider threat. He can steal data without a trace, eluding the watchful eyes of the very firm that underestimated him. As colleagues celebrate their achievements, Jim orchestrates a daring heist of classified information, and security tools can’t detect him. He is the insider threat. Can he be caught as he employs ChatGPT knowledge and just google searches to grab and exfiltrate data from his company? In a thrilling tale of vengeance and deception, witness how

Read More

DeepSec 2023 Talk: RansomAWARE in 2023 – Steph Shample

Sanna/ September 26, 2023/ Conference

Ransomware’s explosion has been sustained for years. As tech changes, so too do the actor TTPs. It’s imperative to explore the 2023 mindset of ransomware actors: they are going after “target rich, cyber poor” industries that will make them money by selling data, exploiting the victims they hit as well as the partners and third party services linked to the victims. While double-, triple-, and quadruple- extortion practices are still around, actors are also adapting/changing their encryption processes to better emulate protective services such as anti-virus and file scanning software to blend in and provide no red flags to technical and cyber practitioners. This allows for a long-term, stealth presence in networks, which facilitates lateral movement to collect as much information as possible. We asked Steph a few more questions about her talk. Please

Read More

DeepSec 2023 Talk: I Just Wanted to Learn the Water Temperature… – Imre Rad

Sanna/ September 25, 2023/ Conference

The story started as a hobby project: I was about to retrieve the current temperature of a non-smart water heater in my apartment. To not void the warranty, I was looking for a non-intrusive solution that purely relies on off-the-shelf smart home gadgets only. Understanding the undocumented APIs of these IoT devices required reverse engineering the corresponding official mobile applications and eavesdropping on the network communication between them and the cloud management services. Researching this uncovered design flaws in the pairing protocol and vulnerabilities in the implementation that allowed attackers to steal victim sessions and to impersonate these devices for a life-time. We asked Imre a few more questions about his talk. Please tell us the top 5 facts about your talk. Recognizing digits on a still picture is far from easy (regardless the

Read More

DeepSec 2023 Talk: I’m Ok, You’re Ok, We’re Ok: Living with AD(H)D in Infosec – Klaus Agnoletti

Sanna/ September 22, 2023/ Conference

[This is a different topic than information security. Klaus’ presentation was included in the DeepSec 2023 schedule, because it deals with the way some of us are dealing with the individual thought processes. The work environment doesn’t fit for everyone.] I was diagnosed with AD(H)D almost three years ago, aged 44. Getting the diagnosis and being able to get proper medicine meant the world to me; suddenly I understood all those symptoms and I could function remarkably better. Better understanding also meant that I got more insight to why it was becoming increasingly harder for me to get and keep a job. So something had to happen. I’ve been an InfoSec professional for almost 20 years but after my diagnosis I moved to community marketing which basically meant doing the spare-time thing I love

Read More

DeepSec 2023 Talk: WEFF : p2p Communication without Third Party – Nikolaos Tsapakis

Sanna/ September 19, 2023/ Conference

References in public available literature pertaining to a completely serverless connection method between two peers behind routers implementing NAT are scarce. In this talk, we are describing a more generic method for NAT traversal that requires no intermediate server and relies on a multiple port testing method which resembles a brute force attack. We have created a proof of concept for verifying and showing our results. This talk relates to p2p communication without the need for a third party (intermediate server or other) for initiating the communication. We asked Nikolaos a few more questions about his presentation. Please tell us the top 5 facts about your talk. Privacy Decentralized communications Secure communications Easy to implement Fun to use How did you come up with it? Was there something like an initial spark that set

Read More