Tag Archive

DeepSec 2019 talk: New Tales of Wireless Input Devices – Matthias Deeg

Published on September 13, 2019 By sanna

You can’t do much with computer without input devices. Microphones do not count, yet. This leaves the classic selection of human input. How secure are these devices? Did you ever wonder when typing, moving the mouse pointer, or attaching a presenting tool? Well, your questions will be answered at DeepSec 2019. Matthias Deeg will hold […]

DeepSec 2019 Talk: Lauschgerät – Gets in the Way of Your Victim’s Traffic and Out of Yours – Adrian Vollmer

Published on September 11, 2019 By sanna

The talk will present a new tool for pentesters called „Lauschgerät“. This python script acts as a convenient man-in-the-middle tool to sniff traffic, terminate TLS encryption, host malicious services and bypass 802.1X – provided you have physical access to the victim machine, or at least its network cable. There are three ways to run it: […]

DeepSec 2019 Talk: Once upon a Time in the West – A Story on DNS Attacks – Valentina Palacín, Ruth Esmeralda Barbacil

Published on September 9, 2019 By sanna

The Internet is the new frontier for some. So just like in Old West movies, we are going through a land riddled with well-known gunmen: OceanLotus, DNSpionage and OilRig, who roam at ease, while the security cowboys sleep. This presentation will uncover the toolset and techniques used by these gunmen, taking a closer look at […]

DeepSec 2019 Talk: Well, That Escalated Quickly! – A Penetration Tester’s Approach to Windows Privilege Escalation – Khalil Bijjou

Published on September 4, 2019 By sanna

Since the early stages of operating systems, users and privileges were separated. Implemented security mechanisms prevent unauthorized access and usage of data and functions. These security mechanisms have been circumvented a number of times, which has led to steady improvements. Nevertheless, attackers find new vulnerabilities and security holes. Security experts often encounter Mirosoft® Windows endpoints […]

DeepSec2019 Talk: IPFS As a Distributed Alternative to Logs Collection – Fabio Nigi

Published on August 30, 2019 By sanna

Logging stuff is easy. You take a piece of information created by the infrastructure, systems, or applications and stash it away. The problems start once you want to use the stored log data for analysis, reference, correlation, or any other more sophisticated approach. At DeepSec 2019 Fabio Nigi will share his experience in dealing with […]

DeepSec2019 Talk: Android Malware Adventures – Analyzing Samples and Breaking into C&C – Kürşat Oğuzhan Akıncı & Mert Can Coşkuner

Published on August 29, 2019 By sanna

Android malware is evolving every day and is everywhere, even in Google Play Store. Malware developers have found ways to bypass Google’s Bouncer as well as antivirus solutions, and many alternative techniques to operate like Windows malware does. Using benign looking applications working as a dropper is just one of them. This talk is about […]

Use Handshake Data to create TLS Fingerprints

Published on May 25, 2019 By René Pfeiffer

While the whole world busily works on the next round of the Crypto Wars, the smart people work on actual information security. TLS has always been in the focus of inspection. Using on-the-fly generated certificates to look inside is a features of many gadgets and filter applications. Peeking at the data is moot if you […]

Supporting BSidesLondon “My Machine is not Learning” 2019

Published on February 14, 2019 By René Pfeiffer

This year’s BSidesLondon is pondering the most important question of machine learning. What is my machine doing and learning? Well, it might be that “My Machine is not Learning” at all. Sounds a lot like the intelligence we all know from living beings. So, armed with this new motto, BSidesLondon is turning 9, and we […]

Need something to read? – First Batch of DeepSec 2018 Presentation Slides online

Published on December 11, 2018 By René Pfeiffer

Do you fear reading the news? Fancy some facts? Well, we have something different for you to read. We have collected presentation slides from DeepSec 2018 and put the first batch online. You can find them in this rather nostalgic directory listing. We have renamed the files with their title and the name of the […]

ROOTS 2018 Talk: Kernel-Assisted Debugging of Linux Applications – Tobias Holl, Philipp Klocke, Fabian Franzen

Published on November 22, 2018 By sanna

On Linux, most—if not all—debuggers use the ptrace debugging API to control their target processes. However, ptrace proves unsatisfactory for many malware analysis and reverse engineering tasks: So-called split-personality malware often adapts its behavior in the presence of a debugger, yet ptrace makes no attempt to hide from a target process. Furthermore, ptrace enforces a […]

DeepSec 2018 Talk: Attacks on Mobile Operators – Aleksandr Kolchanov

Published on November 21, 2018 By sanna

I’d like to talk about telecom security. My research contains information about security of mobile operators: classic and new (or very rare) attack vectors and vulnerabilities. This presentation will consist of three main parts: First, I will share information on the security of mobile operators in general. I’ll tell you a little bit about why […]

DeepINTEL 2018 Talk: Framing HUMINT as an information gathering technique – Ulrike Hugl

Published on November 20, 2018 By sanna

NATO defines human intelligence (HUMINT) or hyoo-mint as “a category of intelligence derived from information collected and provided by human sources” (NATO Glossary of terms and definitions, APP-6, 2004) focusing on different kinds of information, for example data on things related to a human, information about a human’s specific knowledge of a situation, and other […]

DeepSec 2018 Talk: RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues – Ulrike Hugl

Published on November 14, 2018 By sanna

Chipping humans can be seen as one of the most invasive biometric identification technologies. RFID (Radio Frequency Identification) as the key technology in the field of the Internet of Things produces many applications. For example, human implants are used by scientists in the fields of cyborgism, robotics, biomedical engineering and artificial intelligence, by hobbyists for […]

ROOTS 2018 Talk: The Swift Language from a Reverse Engineering Perspective – Malte Kraus & Vincent Haupert

Published on November 13, 2018 By sanna

Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising adoption of this new […]

ROOTS 2018: How Android’s UI Security is Undermined by Accessibility – Anatoli Kalysch

Published on November 9, 2018 By sanna

Android’s accessibility API was designed to assist users with disabilities, or temporarily preoccupied users unable to interact with a device, e.g., while driving a car. Nowadays, many Android apps rely on the accessibility API for other purposes, including apps like password managers but also malware. From a security perspective, the accessibility API is precarious as […]