1710, 2018

DeepSec 2018 Talk: Security Response Survival Skills – Benjamin Ridgway

Sanna/ October 17, 2018/ Conference, Security

Jarred awake by your ringing phone, bloodshot eyes groggily focus on a clock reading 3:00 AM. A weak “Hello?” barely escapes your lips before a colleague frantically relays the happenings of the evening. As the story unfolds, you start to piece together details leading you to one undeniable fact: Something has gone horribly wrong… Despite the many talks addressing the technical mechanisms of security incident response (from the deep forensic know-how to developing world-class tools) the one aspect of IR that has been consistently overlooked is the human element. Not every incident requires forensic tooling or state of the art intrusion detection systems, yet every incident involves coordinated activity of people with differing personalities, outlooks, and emotional backgrounds. Often these people are scared, angry, or otherwise emotionally impaired. Drawing from years of real-word experience,

Read More

0910, 2018

Translated Press Release: Systemic Errors as Vulnerabilities – Backdoors and Trojan Horses

René Pfeiffer/ October 9, 2018/ Conference, Discussion, Press, Security

DeepSec and Privacy Week highlight consequences of backdoors in IT Vienna (pts009/09.10.2018/09:15) – Ever since the first messages were sent, people try to intercept them. Today, our modern communication society writes more small, digital notes than one can read along. Everything is protected with methods of mathematics – encryption is omnipresent on the Internet. The state of security technology is the so-called end-to-end encryption, where only the communication partners have access to the conversation content or messages. Third parties can not read along, regardless of the situation. The introduction of this technology has led to a battle between security researchers, privacy advocates and investigators. Kick down doors with Horses In end-to-end encryption the keys to the messages, as well as the content itself, remain on the terminal devices involved in the conversation. This is

Read More

0510, 2018

DeepSec 2018 Talk: Leveraging Endpoints to Boost Incident Response Capabilities – Francisco Galian, Mauro Silva

Sanna/ October 5, 2018/ Conference, Security

The information technology world is full of terms and acronyms. You got servers, nodes, clients, workstations, mobile devices, lots of stuff talking via the network to even more stuff. And then you got security breaches. How do you detect the latter? Well, you look for things out of the ordinary. Error messages, anomalies in behaviour, activity outside the usual time slots as system is being used, and the like. What’s the best place to look? Answer: The systems directly in touch with all the interactions attackers are interested in – endpoints. Most organisations fail to properly detect or even respond to incidents. A factor that significantly contributes to this fact is the lack of visibility on endpoints. That being said, endpoint logging can be very noisy and most organizations don’t have infrastructure to cope

Read More

0410, 2018

DeepSec 2018 Talk: Dissecting The Boot Sector: The Hunt for Ransomware in the Boot Process – Raul Alvarez

Sanna/ October 4, 2018/ Conference, Security

Ransomware is as cyber as it gets these days. It’s all over the news, and it is a lucrative business case. Modern malicious software has been put to work for its masters. It is the platform of deployment for a whole variety of additional code. So why is ransomware not the same as any other malicious software? Raul Alvarez will explain this to you at DeepSec 2018: Ransomware slightly differs in their attack vectors, encryption algorithms, and selection of files to encrypt. A common ransomware technique is to encrypt files and hold it for ransom. Petya ransomware does the infection a bit different from the others. Instead of encrypting files, it encrypts the MFT, Master File Table, which contains the metadata and headers for each file in the system. Another trait of this malware

Read More

0310, 2018

DeepSec 2018 Talk: Uncovering Vulnerabilities in Secure Coding Guidelines – Fernando Arnaboldi

Sanna/ October 3, 2018/ Conference, Security

Several government-related and private organizations provide guidance on how to improve the security of existing software as well as best practices for developing new code. These organizations include the Computer Emergency Readiness Team (CERT) Secure Coding Standards, Common Weakness Enumeration (CWE), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Software Assurance Metrics. Fernando’s talk will expose multiple underlying exploitable vulnerabilities in the secure code that follows the recommendations from each of these organizations. Even though these guidelines were created to improve software security, they may also inject side vulnerabilities due to a lack of proper analysis. Within secure code snippets, reviewed by many and considered trustworthy by all, are issues that attackers could exploit to escape secure directories, abuse insecure hashing and encryption practices, or even expose applications

Read More

0210, 2018

DeepSec 2018 Talk: Security as a Community Healthcare: Helping Small Non-Profit Organisations Stay Secure – Eva Blum-Dumontet

Sanna/ October 2, 2018/ Conference, Security

This talk will look at the way Privacy International has relied on its experience from working with a network of small NGOs across the Global South to shape its approach to security and develop Thornsec, an automated way to deploy, test, and audit internal and external services for an organisation. Privacy International works with a network of over twenty organisations located in Latin America, Africa, Asia and the Middle-East. Together we research and document threats and abuses to privacy from governments and corporations and advocate for better privacy protection both from a technological and a legal standpoint. Being at the forefront of the fight against surveillance means that the partners of privacy International are sometimes exposed to oppressive political regimes. They experience a wide range of threats from office burglary, physical surveillance by intelligence

Read More

2509, 2018

DeepSec 2018 Talk: Global Deep Scans – Measuring Vulnerability Levels across Organizations, Industries, and Countries – Luca Melette & Fabian Bräunlein

Sanna/ September 25, 2018/ Conference, Internet, Security

Metrics are plentiful, but they are hard to come by when it comes to meaningful numbers. This is why we were amazed by the submission of Luca Melette and Fabian Bräunlein. Why? This is why: “We introduce global deep scans that provide insights into the security hygiene of all organizations exposed to the Internet. Our presentation discusses vulnerability levels across different groups of organizations and points out differences in the underlying maintenance processes. We find that different industries have a lot to learn from each other and provide the necessary measurements to start these dialogues.” We asked Luca and Fabian a few more questions about their talk. Please tell us the top 5 facts about your talk. 1. Come 2. Watch 3. Our 4. Talk 5. You’ll see results from a global vulnerability scan

Read More

2009, 2018

DeepSec 2018 Talk: Injecting Security Controls into Software Applications – Katy Anton

Sanna/ September 20, 2018/ Conference, Security

“SQL Injection was first mentioned in a 1998 article in Phrack Magazine. Twenty years later, injection is still a common occurrence in software applications (No.1 in latest OWASP Top 10 2017). For the last 20 years, we have been focusing on vulnerabilities from an attacker’s point of view and SQL injection is still King. Something else must be done.”, says Katy Anton. “What if there is another way to look at software vulnerabilities? Can vulnerabilities be decomposed into security controls familiar to developers? Which security controls are an absolute must-have, and which additional security measures do you need to take into account? These are hard questions as evidenced by the numerous insecure applications we still have today. Attend this talk to explore security vulnerabilities from a different angle. As part of this talk, we

Read More

1909, 2018

DeepSec 2018 Talk: New Attack Vectors for the Mobile Core Networks – Dr. Silke Holtmanns / Isha Singh

Sanna/ September 19, 2018/ Conference

DeepSec has a long tradition of tackling the security of mobile networks and devices alike. The first DeepSec conference featured a presentation about the A5/1 crack. Later one we offered trainings covering mobile network security and weaknesses. So we are proud to announce Isha Singh’s and Silke Holtmanns’ talk about new attack vectors. Here is a brief summary: “Roaming or being called from abroad is being something we take for granted.”, says Silke Holtmanns. “Technically it implies that large networks communicate with each other across geographical and political boundaries. Those communication and the network behind is not well known and understood by most cellular users. This network, its background, security and usage will be explained. We will highlight the attack vectors for 2G, 3G and 4G networks and give an outlook on 5G. We

Read More

1809, 2018

DeepSec 2018 Talk: Pure In-Memory (Shell)Code Injection in Linux Userland – reenz0h

Sanna/ September 18, 2018/ Conference, Security

A lot of research has been conducted in recent years on performing code injection in the Windows operating system without touching the disk. The same cannot be said about *NIX (and Linux specifically). Imagine yourself sitting in front of a blinking cursor, using a shell on a freshly compromised Linux server, and you want to move forward without leaving any trace behind. You need to run additional tools, but you don’t want to upload anything to the machine. Or, you simply cannot run anything because the noexec option is set on mounted partitions. What options remain? This talk will show how to bypass execution restrictions and run code on the machine, using only tools available on the system. It’s a bit challenging in an everything-is-a-file OS, but doable if you think outside the box

Read More

1709, 2018

DeepSec 2018 Talk: Orchestrating Security Tools with AWS Step Functions – Jules Denardou & Justin Massey

Sanna/ September 17, 2018/ Conference

Increasingly frequent deployments make it impossible for security teams to manually review all of the code before it is released. Jules Denardou and Justin Massey wrote a Terraform-deployed application to solve this problem by tightly integrating into the developer workflow. The plugin-based application has three core components, each represented by at least one Lambda function: a trigger, processing and analysis, and output. The plugins, such as static analysis, dependency checking, github integrations, container security scanning, or secret leak detection can be written in any language supported by AWS Lambda. The underlying technology for this tool is a serverless system utilizing several AWS Services, such as API Gateways, Step Functions and Lambdas. In this talk you’ll not only learn about our tool and how to implement it in your CI/CD pipeline, but also how to

Read More

1409, 2018

DeepSec 2018 Talk: Without a Trace – Cybercrime, Who are the Offenders? – Edith Huber & Bettina Pospisil

Sanna/ September 14, 2018/ Conference, Security

Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation in Austria, no evidence-based scientific analysis exists that depicts the bright field of Cybercrime. Therefore an interdisciplinary research group investigated the phenomenon cybercrime regarding the questions – Edith Huber and Bettina Prospisil will present their findings at DeepSec 2018. We asked them a few questions about their talk: Please tell us the top 5 facts about your talk. We will talk about cybercrime, offender profiling, the typical modus operandi and successful methods to apprehend offenders. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation

Read More

1309, 2018

DeepSec 2018 Talk: Left of Boom – Brian Contos

Sanna/ September 13, 2018/ Conference, Discussion, Security

By Brian Contos, CISO of Verodin: “The idea for my presentation “Left of Boom” was based on conversations I was having with some of my co-workers at Verodin. Many people on our team are former military and some served in Iraq and Afghanistan where they engaged in anti-IED (Improvised Explosive Device) missions. During these conversations I first heard the term, Left of Boom, and the more we discussed it, the more I found similarities with cybersecurity. Left of Boom was made popular in 2007 in reference to the U.S. military combating improvised IED used by insurgents in Afghanistan and Iraq. The U.S. military spent billions of dollars developing technology and tactics to prevent and detect IEDs before detonation, with a goal of disrupting the bomb chain. This is an analog to cybersecurity as we

Read More

0609, 2018

DeepSec 2018 Talk: Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering – Kevin Sheldrake

Sanna/ September 6, 2018/ Conference, Security

HiTag2 is an Radio-Frequency Identification (RFID) technology operating at 125KHz.  It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all.  As a result it has been widely used to provide secure building access and has also been used as the technology that implements car immobilisers. In 2012, academic researchers Roel Verdult, Flavio D. Garcia and Josep Balasch published the seminal paper, ‘Gone in 360 Seconds: Hijacking with Hitag2’ that presented three attacks on the encryption system used in HiTag2; in 2016 Garcia et al presented a further attack in ‘Lock It and Still Lose It’.  They implemented their attacks on the Proxmark 3 device

Read More

0509, 2018

DeepSec 2018 Talk: Defense Informs Offense Improves Defense – How to Compromise an ICS Network and How to Defend It – Joe Slowik

Sanna/ September 5, 2018/ Conference, Security

Industrial control system (ICS) attacks have an aura of sophistication, high barriers to entry, and significant investment in time and resources. Yet when looking at the situation – especially recent attacks – from a defender’s perspective, nothing could be further from the truth. Initial attack, lateral movement, and entrenchment within an ICS network requires – and probably operates best – via variations of ‘pen tester 101’ actions combined with some knowledge of the environment and living off the land. Only after initial access is achieved and final targets are identified do adversaries need to enhance their knowledge of ICS-specific environments to deliver disruptive (or destructive) impacts resulting in a potentially large pool of adversaries capable of conducting operations. Examining concrete ICS attack examples allows us to explore just what is needed to breach and

Read More