0911, 2016

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

Sanna/ November 9, 2016/ Conference, Development, Internet, Report, Security

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis system, detect obfuscations and malicious packer apps. In his presentation Inseung Yang will describe trends of malicious android apps and obfuscated mobile malware in Korea. He’ll explain the policy methods for Korean mobile banking and the attack methods used by hackers, f.ex. the stealing of certifications, fake banking apps that require the security numbers issued to users when they open their accounts, Automatic Response Service(ARS) phishing attacks in conjunction with Call Forwarding, and the requesting of the One Time Password(OTP) number. But

0811, 2016

DeepSec 2016 Talk: Systematic Fuzzing and Testing of TLS Libraries – Juraj Somorovsky

Sanna/ November 8, 2016/ Conference, Development, Security

In his talk Juraj Somorovsky presents TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, he and his team first developed a two-stage TLS fuzzing approach. This approach automatically searches for cryptographic failures and boundary violation vulnerabilities. It allowed him to find unusual padding oracle vulnerabilities and overflows/overreads in widely used TLS libraries, including OpenSSL, Botan, and MatrixSSL. Juraj’s findings encouraged the use of comprehensive test suites for the evaluation of TLS libraries, including positive as well as negative tests. He and his team used TLS-Attacker to create such a test suite framework, which finds further problems in TLS libraries. TLS-Attacker is an open source tool, and is currently being deployed for internal

0411, 2016

DeepSec2016 Talk: Smart Sheriff, Dumb Idea: The Wild West of Government Assisted Parenting – Abraham Aranguren & Fabian Fäßler

Sanna/ November 4, 2016/ Conference, Legal, Security, Stories

Would you want to let your kids discover the darker corners of the Internet without protection? Wouldn’t it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit and even when they play games? Worry no longer, the South Korean government got you covered. Simply install the “Smart Sheriff” app on your and your kids’ phones. Smart Sheriff is the first parental-control mobile app that has been made a legally required, obligatory install in an entire country! Yay, monitoring! Well, something shady yet mandatory like this cannot come about without an external pentest. And even better, one that wasn’t solicited by the maintainer but initiated by the OTF and CitizenLab and executed by the Cure53 team!

0311, 2016

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

Sanna/ November 3, 2016/ Conference, Internet, Security

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have to be around to attack something or someone. Plus the victims often don’t know what it happening. At DeepSec 2016 Gerhard Klostermeier will present the results of research on the matter of wireless mouse/keyboard attacks. Furthermore you he will demonstrate ways in which modern wireless desktop sets of several manufacturers can be attacked by practically exploiting different security vulnerabilities. We recommend this talk to anyone still using old-fashioned input devices for creating content. Gerhard is interested in all things

0311, 2016

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

Sanna/ November 3, 2016/ Conference, Security, Security Intelligence

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. We are still lacking useful definitions for modern IT security threats and we still have to think about the assessment of capabilities in the IT field.Besides institutional actors like states and their military and intelligence community we also have to assess the capabilities of non-institutional actors like terrorist groups or organised crime. Unlike the assessment of classic military strength (eg. fighting power or Kriegsstärkenachweise), assessing the capabilities and powers of actors in the IT field is much more complicated

0311, 2016

DeepSec 2016 Talk: Why Companies Must Control Their Data in the Era of IoT – and How To – Kurt Kammerer

Sanna/ November 3, 2016/ Conference, Internet, Interview, Security

In his talk Kurt Kammerer addresses any company’s dilemma: The need for data sharing in the era of IoT while at the same time controlling access and ownership. In order to succeed in business, it is imperative to make data available to customers, suppliers and business partners. However, the explosion and the proclaimed free flow of data can turn against an organisation and threaten its very existence, if not professionally controlled. We asked Mr. Kammerer a few questions beforehand. Please tell us the top 5 facts about your talk. The relevance of “data” increases by the day and “data” is imperative to compete. Therefore, it is an asset companies must control. Data ownership is increasingly being challenged in the era of cloud/IoT (who created the data and who actually owns it?) Not exercising enough control

3110, 2016

DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

Sanna/ October 31, 2016/ Conference, Security

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection measures. In fact, based on new technical developments and opportunities, data theft has become much easier these days: Mobile trends like BYOD, the increased ability to work from home, access to the organization’s systems when on the road, cloud services with related security vulnerabilities for example, as well as more and more malware opportunities have increased the potential of related attacks. Other main security obstacles and trigger factors inside and outside an organization may be, to name a few, a

2110, 2016

DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco

Sanna/ October 21, 2016/ Conference, Interview

Please tell us the top facts about your talk. It discloses a vulnerability that affects Linux systems encrypted with Luks, and how it can be abused to escalate privileges: CVE-2016-4484 Includes a sketch of the boot sequence with a deeper insight into the initrd Linux process A brief discussion about why complexity is the enemy of security: The whole system needs to be observed. A practical real working demo attack will be presented. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? Well, this is a difficult question. Basically, it is an attitude in front of the computer. When we start a research line, we don’t stop digging until the ultimate doubt and question is addressed. After the GRUB 28 bug, we keep reviewing the rest of

2110, 2016

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

Sanna/ October 21, 2016/ Conference, Development, Security

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a process to better detect and understand when you’ve been breached?” More and more security data is being produced and usually aggregated into a central location or body to hopefully take quick and informed decisions on attacks or compromises amongst a mountain of data. When you start to include data gathered from your endpoints the amount of data starts to explode exponentially. This level of data provides us with a large amount of visibility. But is having visibility enough? What

2010, 2016

DeepSec2016 Talk: AMSI: How Windows 10 Plans To Stop Script Based Attacks and How Good It Does That – Nikhil Mittal

Sanna/ October 20, 2016/ Conference, Development, Security

In his talk Nikhil Mittal will focus on AMSI: In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI), which is designed to target script based attacks and malware. Script based attacks have been lethal for enterprise security and with the advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written in PowerShell, VBScript, JScript, etc. It drastically improves detection and the blocking rate of malicious scripts. When a piece of code is submitted for execution to the scripting host, AMSI steps in and scans the code for malicious content. What makes AMSI effective is that no matter how obfuscated the code is, it needs to be presented to the script host in clear text and unobfuscated. Moreover, since the code is submitted to AMSI just before execution, it doesn’t

1810, 2016

DeepSec 2016 Talk: Where Should I Host My Malware? – Attila Marosi

Sanna/ October 18, 2016/ Conference, Internet, Security

The growth of IoT devices continues to raise questions about their role and impact on cybersecurity. Badly or poorly configured devices are easy targets for malicious actors. At first glance launching an attack against IoT devices seems challenging due to the diversity of their ecosystem, but actually an attack is very easy to execute. In his talk Attila Marosi will explain why the IoT is a cybercriminal’s paradise: “In our SophosLabs research, we focused on a very generic attack scenario that would affect almost any device using FTP services – Your router or network-attached storage (NAS) for example. These attacks typically exploit the level of trust people place on any content hosted on internal network shares. A successful attacker would abuse or compromise a default FTP guest account, place a “Trojan horse” in a visible file share and rely on human curiosity

1610, 2016

DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin

Sanna/ October 16, 2016/ Conference, Internet, Security

At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered. Paul will provide you with defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2. He kindly answered a few questions beforehand: Please tell us the top facts about your talk. The presentation focuses on commonly overlooked layer 2 security issues. In many cases penetration testers and auditors focus on the upper layers of the OSI model and miss the low hanging fruit at layer 2. The talk will cover both offensive exploit techniques and methods for securing networks. Multicast switching and routing protocols, router redundancy protocols, IPv6 and other

1510, 2016

DeepSec2016 Talk: Security and Privacy in the Current E-Mobility Charging Infrastructure – Achim Friedland

Sanna/ October 15, 2016/ Conference, Development, Security

The whole information technology strongly depends on electric power. Your servers will turn into expensive door stoppers once the power goes out. The same is true for your mobile devices and the hardware you use to get around. Hence there are efforts to extend the power grid to accommodate the demand of new and emerging technologies. The charging infrastructure requires some security considerations. You cannot simply put a cable into any power socket, throw it our of the windows, and use it for charging unknown devices and vehicles. It’s a bit more complicated. At DeepSec 2016 Achim Friedland will give you an overview on what charging really means. In his talk Achim Friedland focuses on the emerging market of smart and electric mobility as an interesting area of research and development for both academia and startups.

1410, 2016

DeepSec 2016 Talk: The Perfect Door and The Ideal Padlock – Deviant Ollam

Sanna/ October 14, 2016/ Conference, Discussion, Security

You have spent lots of money on a high-grade pick-resistant lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have little or nothing to do with the lock itself! Deviant Ollams talk will be a hard-hitting exploration (full of photo and video examples) of the ways in which your doors and padlocks – the most fundamental part of your physical security – can possibly be thwarted by someone attempting illicit entry. The scary problems will be immediately followed by simple solutions that are instantly implementable and usually very within-budget. You, too, can have a near-perfect door and acquire ideal

1310, 2016

DeepSec2016 Talk: Java Deserialization Vulnerabilities – The Forgotten Bug Class – Matthias Kaiser

Sanna/ October 13, 2016/ Conference, Development, Security

Most programming languages and frameworks have support for serialization of data. It’s quite handy for storing things to disk (or other media) and transporting them around a network for example. The process can be reversed, aptly called deserialization, in order to obtain the original pieces of data. Great. Even though this process sounds simple, there is a lot that can go wrong. First of all data can be manipulated. Subtle modifications can cause havoc when the data is touched. There is a lesser known class of bugs around deserialization and serialization techniques. Matthias Kaiser has some insights to share. Java deserialization vulnerabilities are a bug class of its own. Although several security researchers have published details in the last ten years, still the bug class is fairly unknown. Early 2015 Chris Frohoff and Gabriel

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: