0410, 2016

DeepSec2016 Talk: Behavioral Analysis from DNS and Network Traffic – Josh Pyorre

Sanna/ October 4, 2016/ Conference, Internet, Security

What’s in a name? A rose? The preparation for an attack? Or simply your next web page you will be looking at? The Domain Name System (DNS) has gone a long way from replacing text lists of hosts to a full directory service transporting all kinds of queries. DNS even features a security protocol for cryptographically signed zone data. In order to balance the load, name resolution has caches that temporarily store DNS information. Usually organisations run their own DNS resolvers as caches for their infrastructure. Even if it’s just a flat network with local clients all DNS requests are channelled to hit your resolvers. Before applications open a data connection, they will query the local resolver to get address data or other hints on how to contact the other endpoint of the communication.

Read More

2409, 2016

DeepSec2016 Talk: Cover Your SaaS: Protecting Your Cloud With Analytics and Machine Learning – Ian Thornton-Trump

Sanna/ September 24, 2016/ Conference, Security, Security Intelligence

Some people call military intelligence an oxymoron. This usually happens when something goes wrong. It might be due to sloppy reconnaissance, operations, or simply bad luck. While it’s always good to have someone or something to blame, things are not so easy in modern „cyberspace“. Improving your security means to have something to base this improvement on. Despite the fact that being lucky is never a bad thing, the selection of your defences and the assessment of the threats you are facing need to be based on something more solid. IT departments have been mining logs and other kind of raw materials that produce metrics for decades. Every once in a while there is a new trend. Now that we can store enormous amounts of data and can access it, we have a lot

Read More

2209, 2016

DeepSec 2016 Talk: Malicious Hypervisor Threat – Phase Two: How to Catch the Hypervisor – Mikhail A. Utin

Sanna/ September 22, 2016/ Conference, Security

The blue/red pill analogy has been used a lot when it comes to hypervisor security and virtualisation. While there are reliable ways to determine if your code runs in a hypervisor or not, the underlying problem still persists. How do you know if the platform your code runs on watches every single move, i.e. instruction or data? Given the discussion of backdoors in hardware, this threat is real. Mikhail Utin discussed his findings at DeepSec 2014. He discovered manipulation of the BIOS in certain server systems. The hardware was probably affected, too. Two years later he presents his research covering the detection of malicious hypervisors in parts of your infrastructure where they should not be. Utilizing the definition of vulnerability as “inability to resist a threat” we want to update our consideration of three

Read More

2009, 2016

DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco

Sanna/ September 20, 2016/ Conference, Internet, Security

Do you remember the days of Wired Equivalent Privacy (WEP)? One might almost say security design was bad back then. The question is: Has it really improved? Proper encryption and authentication is only a part of the design. In the case of wireless networking there is a whole lot more to consider. Shooting clients off the network is still possible. Penetration testers can tell you much more about the quirks and weaknesses of wireless protocols. This is why we asked Andrés Blanco to give a presentation about the state of wireless affairs. WiFi is everywhere and everyone is using it everyday. Employees connect to enterprise networks using their mobile devices, and later the same day to a WiFi network at a coffee shop or their home network. WiFi networks give users mobility and wire-less

Read More

0809, 2016

DeepSec 2016 Talk: CSP Is Dead, Long Live Strict CSP! – Lukas Weichselbaum

Sanna/ September 8, 2016/ Conference

The Content Security Policy (CSP) is an additional layer of security for web applications. It is intended to detect and mitigate certain types of attacks. CSP is deployed by using the HTTP Content-Security-Policy header for publishing a policy. The policy instructs the web client how various resources will be used, where they come from, and the like. Violations of the policy can be reported to an application. Basically you can give the web client important hints what to expect. The reporting helps your intrusion detection process since the web clients usually understand the Web better than IDS modules. Lukas Weichselbaum is working at Google, and he will explain how CSP can be bypassed. In this presentation I’ll highlight the major roadblocks that make CSP deployment difficult. I talk about common mistakes, about how we automatically bypassed

Read More

0709, 2016

DeepSec2016 Talk: badGPO – Using GPOs for Persistence and Lateral Movement – Yves Kraft & Immanuel Willi

Sanna/ September 7, 2016/ Conference, Development, Security

System administration has evolved a lot during the past decades. Instead of enjoying long walks through the forests of servers and clients, the modern sysadmin controls the whole infrastructure by policies. Most operating systems can take advantage of this technology. As with software upgrades, these tools can make your life easier – or help an intruder to get a firm hold onto your infrastructure. Malicious activity can exploit your management networks/systems. Once this happens, you are in deep trouble. We have invited two security experts who created a demonstration. They used the Microsoft® Windows platform in combination with native tools: Group Policy is a feature which provides centralized management and configuration functions for the Microsoft operating system, application, and user settings. Group Policy is simply the easiest way to reach out and configure computer

Read More

0609, 2016

DeepSec 2016 Talk: Machine Duping – Pwning Deep Learning Systems – Clarence Chio

Sanna/ September 6, 2016/ Conference, Security

Give a man a computer, and you 0wn him for a day. Teach a man to employ machine learning, and he will have to battle Skynet for a lifetime. This quote might not be the exact copy of the original, but it will do. Machine now learn stuff. Hence the are of machine learning is the new playground for start-ups, old school companies, researchers, and hackers, of course. A new era of sapiosexual attraction to artificial minds has begun. Information security is not spared. Algorithms have long been a part of defence. Now they are being used with machine learning. Since algorithms and machines run on networked computers, they can be attacked. At DeepSec 2016 Clarence Chio will explain to you how it can be done. Deep learning and neural networks have gained incredible

Read More

0509, 2016

Deep Sec2016 Talk: DROWN – Breaking TLS using SSLv2 – Nimrod Aviram

Sanna/ September 5, 2016/ Conference, Internet

In the past years encrypted communication has been subject to intense scrutiny by researchers. With the advent of Transport Layer Security (TLS) Internet communication via HTTP became a lot more secure. Its predecessor Secure Sockets Layer (SSL) must not be used any more. The real world has its own ideas. SSLv2 and SSLv3 is still present. Attackers can try to downgrade the TLS session by switching to insecure ciphers. When using the correct configuration, these downgrade attacks cannot happen. The question is: Are all of your devices, applications, and systems correctly configure? If you are not sure, better check again. In order to illustrate how these attacks work, we have invited Nimrod Aviram for DeepSec 2016. He will explain the inner workings of the DROWN attack. We present a novel cross-protocol attack on TLS

Read More

3108, 2016

Buy your ticket for 44CON – and go to prison for free!

René Pfeiffer/ August 31, 2016/ Administrivia, Conference, Security

Forget Winter! 44CON is coming! The conference will be 14 to 16 September 2016 in London. The schedule is online. Take a look! This year’s 44CON also features a Capture The Flag (CTF) contest. It is hosted by the UK Ministry of Justice. Your mission, should you decide to accept it, consists of breaking into a prison! 20 teams have announced to participate. Sounds terrific, if you ask us. We will be there as well. So grab a ticket, cross the Channel, and we’ll meet in the lobby or, better yet, at the registration desk. Spread the word!

1106, 2016

BSidesLND2016 Rookie Track Review

René Pfeiffer/ June 11, 2016/ Discussion, Security, Stories

Sitting through the Rookie Track at BSidesLondon is something we really enjoy. This year the quality of the presentations was amazing. Of course, the rookie’s mentors take a part of the blame for that. Good training gives you always a head start. Nevertheless someone has to stand in front of the crowd and fill the 15 minutes slot with content. All rookies did a good job. It was hard to pick a clear winner. The jury took more than three iterations to find a conclusion. Locard made it, and we welcome him to DeepSec 2016 in November. Honourable mentions go to @Shlibness, @Oxana_Sereda and @callygarr. For you we have some thoughts on the presentations we saw and on the methods being used. Think of your presentation as code. Make it lean and mean. It’s

Read More

2005, 2016

BSidesLondon 2016 – Rookie Track Edition

René Pfeiffer/ May 20, 2016/ Conference, Discussion

The Security BSides London 2016 is coming up. Next month you will have the chance to see presentations all around topics in information security. The schedule will be published soon. Gathering from the talks of past events you will not be disappointed. We will be present to watch over the Rookie Track. Young talents in terms of presentation experience will tell you about selected subjects covering security issues on software, administration, policies, hardware, or social interaction. The Rookie Track is unique among InfoSec events. It is a stage where the presenters can tell their ideas to an audience. They are supported by mentors who guide the content and the presenter from idea to the 15 minutes on stage. The Rookie Track was born out of the fact that a lot of people in information

Read More

0411, 2015

DeepSec 2015 Talk: Bridging the Air-Gap: Data Exfiltration from Air-Gap Networks – Mordechai Guri & Yisroel Mirsky

Sanna/ November 4, 2015/ Conference, Internet, Security

Air does not conduct electricity, usually. Using air gaps between parts transporting electric power by high voltages is a standard method in electrical engineering. Similar strategies are used in information security. Compartmentalisation can be done by network components, logical/physical separation, solid walls, and space filled with air. The only threat you have to worry about are wireless transmissions. Since mobile phone networks permeate our private and business life, access to wireless networks is everywhere. Unless you live in a cave, literally. Mordechai Guri and Yisroel Mirsky have found a way to use cellular frequencies as a carrier in order to transport data out of an air-gapped environment. They will present their results at DeepSec 2015. Air-gapped networks are isolated, separated both logically and physically from public networks. Although the feasibility of invading such systems

Read More

2210, 2015

DeepSec 2015 Talk: A Death in Athens: The inherent Vulnerability of “lawful Intercept” Programs, and Why all Government authorized Backdoors are very dangerous – James Bamford

Sanna/ October 22, 2015/ Conference, Security Intelligence

Some of you might remember the „Athens Affair“. In 2005 Ericsson found backdoors in the lawful interception systems of Vodafone Greece. The software on these modules was altered to successfully wiretap phone numbers without detection. When one of the tapped phones made or received a phone call, the exchange, or switch, sent a duplication of the conversation to one of fourteen anonymous prepaid mobile phones. The incident sparked an investigation, and Vodafone Greece was fined millions of Euros for breaching privacy laws. In February 2015 the Greek authorities issued a warrant for a suspect linked to the NSA. Lawful interception (LI) capabilities are mandatory for telecommunication equipment. In Europe the technical requirements and standards are developed by the European Telecommunications Standards Institute (ETSI); the 3rd Generation Partnership Project (3GPP) maintains the part relevant for

Read More

1410, 2015

DeepSec 2015 Talk: Agile Security – The Good, The Bad, and mostly the Ugly – Daniel Liber

Sanna/ October 14, 2015/ Conference, Security

Particle collisions are a rich source for insights into the inner workings of Nature. Physicists know this. The Large Hadron Collider (LHC) built by the European Organization for Nuclear Research (CERN) demonstrates this to the extreme. You can to the same in information security if you lock developers and security experts into a room. Acceleration can be achieved by asking for the best way for implementing security. Analyse the high energetic trails of heated arguments to gain new insights. This recipe works best with certain models of software development. David Liber will show you the results of the collisions and tell you what you can learn about security with a specific software development methodology. Moving away from Waterfall and traditional development processes towards Agile methodologies has become more and more popular recently. Talking about sprints, looking

Read More