1610, 2016

DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin

Sanna/ October 16, 2016/ Conference, Internet, Security

At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered. Paul will provide you with defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2. He kindly answered a few questions beforehand: Please tell us the top facts about your talk. The presentation focuses on commonly overlooked layer 2 security issues. In many cases penetration testers and auditors focus on the upper layers of the OSI model and miss the low hanging fruit at layer 2. The talk will cover both offensive exploit techniques and methods for securing networks. Multicast switching and routing protocols, router redundancy protocols, IPv6 and other

Read More

1510, 2016

DeepSec2016 Talk: Security and Privacy in the Current E-Mobility Charging Infrastructure – Achim Friedland

Sanna/ October 15, 2016/ Conference, Development, Security

The whole information technology strongly depends on electric power. Your servers will turn into expensive door stoppers once the power goes out. The same is true for your mobile devices and the hardware you use to get around. Hence there are efforts to extend the power grid to accommodate the demand of new and emerging technologies. The charging infrastructure requires some security considerations. You cannot simply put a cable into any power socket, throw it our of the windows, and use it for charging unknown devices and vehicles. It’s a bit more complicated. At DeepSec 2016 Achim Friedland will give you an overview on what charging really means. In his talk Achim Friedland focuses on the emerging market of  smart and electric mobility as an interesting area of research and development for both academia and startups.

Read More

1410, 2016

DeepSec 2016 Talk: The Perfect Door and The Ideal Padlock – Deviant Ollam

Sanna/ October 14, 2016/ Conference, Discussion, Security

You have spent lots of money on a high-grade pick-resistant lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have little or nothing to do with the lock itself! Deviant Ollams talk  will be a hard-hitting exploration (full of photo and video examples) of the ways in which your doors and padlocks – the most fundamental part of your physical security – can possibly be thwarted by someone attempting illicit entry. The scary problems will be immediately followed by simple solutions that are instantly implementable and usually very within-budget. You, too, can have a near-perfect door and acquire ideal

Read More

1310, 2016

DeepSec2016 Talk: Java Deserialization Vulnerabilities – The Forgotten Bug Class – Matthias Kaiser

Sanna/ October 13, 2016/ Conference, Development, Security

Most programming languages and frameworks have support for serialization of data. It’s quite handy for storing things to disk (or other media) and transporting them around a network for example. The process can be reversed, aptly called deserialization, in order to obtain the original pieces of data. Great. Even though this process sounds simple, there is a lot that can go wrong. First of all data can be manipulated. Subtle modifications can cause havoc when the data is touched. There is a lesser known class of bugs around deserialization and serialization techniques. Matthias Kaiser has some insights to share. Java deserialization vulnerabilities are a bug class of its own. Although several security researchers have published details in the last ten years, still the bug class is fairly unknown. Early 2015 Chris Frohoff and Gabriel

Read More

1210, 2016

DeepSec 2016 Talk: Brace Yourselves – Exploit Automation is Coming! – Andreas Follner

Sanna/ October 12, 2016/ Conference, Development, Security

Automating tasks is not only the domain of system administrators. We use computers for a lot of dull and boring processes. This enhances productivity and enables us to focus on problem solving. That’s good news. The bad news is that your adversaries can do this, too. While there are still more than enough hand-crafted attacks Out There™, there are classes of exploits that follow a certain pattern. So if you want to find out how this auto0wning works, you should listen to the presentation by Andreas Follner. Gone are the days of simple stack smashing and code injection (thanks, DEP / W^X!), says Andreas Follner. Today, return-oriented programming (ROP) is the foundation of exploitation. Most ROP exploits are created as follows: you use a tool to dump all gadgets in a binary to the disk, grep specific

Read More

0810, 2016

DeepSec2016 Talk: The (In)Security or Sad State of Online Newspapers – Ashar Javed

Sanna/ October 8, 2016/ Conference, Internet, Press

Web sites are simply, one might think. The client requests a page, the server sends it, the layout is applied, and your article appears. This is a heavy simplification. It worked like this back in 1994. Modern web sites are much more complex. And complexity attracts curious minds. Usually that’s what gets you into trouble. Now content management systems serve the web page of the 1990s with a lot of queries, executable code, and from different servers. The ever changing Top 10 list of mistakes from the Open Web Application Security Project can show you the tip of the iceberg. Ashar Javed took a closer look at online newspapers, and he found some scary stuff. The goal of his talk is to raise awareness about the (in)securities of online newspapers. Ashar Javed hopes that their

Read More

0710, 2016

DeepSec Talk 2016: Inside Stegosploit – Saumil Shah

Sanna/ October 7, 2016/ Conference, Pictures, Security

Stegosploit creates a new way to encode “drive-by” browser exploits and delivers them through image files. Using current means these payloads are undetectable. In his talk Saumil Shah discusses two broad underlying techniques used for image based exploit delivery – Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant image file is fused with HTML and Javascript decoder code, turning it into an HTML+Image polyglot. The polyglot looks and feels like an image, but is decoded and triggered in a victim’s browser when loaded. This talk focusses more on the inner mechanisms of Stegosploit, implementation details and how certain browser specific obstacles were overcome. The Stegosploit Toolkit contains the tools necessary to test image based exploit delivery. A case study of a Use-After-Free memory corruption exploit (CVE-2014-0282) shall

Read More

0510, 2016

DeepSec 2016 Talk: Social Engineering The Most Underestimated APT – Hacking the Human Operating System – Dominique C. Brack

Sanna/ October 5, 2016/ Conference, Security

Social Engineering is an accepted Advanced Persistent Threat (APT) and is going to stay according to Dominique C. Brack of the Reputelligence, Social Engineering Engagement Framework (SEEF). Most of the high-value hacking attacks include components of social engineering. Understanding the behind the scene methods and approaches of social engineering will help you make the world a safer place. Or make your attack plans more successful! Social Engineering is a topic that does not really fit into technical hacking and is also underestimated by security professionals. There are no tools or hardware you can buy to prevent Social Engineering attacks. But Social Engineering is an APT to be taken seriously, because most attacks consist partly of it and its attack execution and prevention needs training and skills. Social Engineering has progressed and professionalized more than you think. It is disastrously effective.

Read More

0410, 2016

DeepSec2016 Talk: Behavioral Analysis from DNS and Network Traffic – Josh Pyorre

Sanna/ October 4, 2016/ Conference, Internet, Security

What’s in a name? A rose? The preparation for an attack? Or simply your next web page you will be looking at? The Domain Name System (DNS) has gone a long way from replacing text lists of hosts to a full directory service transporting all kinds of queries. DNS even features a security protocol for cryptographically signed zone data. In order to balance the load, name resolution has caches that temporarily store DNS information. Usually organisations run their own DNS resolvers as caches for their infrastructure. Even if it’s just a flat network with local clients all DNS requests are channelled to hit your resolvers. Before applications open a data connection, they will query the local resolver to get address data or other hints on how to contact the other endpoint of the communication.

Read More

2409, 2016

DeepSec2016 Talk: Cover Your SaaS: Protecting Your Cloud With Analytics and Machine Learning – Ian Thornton-Trump

Sanna/ September 24, 2016/ Conference, Security, Security Intelligence

Some people call military intelligence an oxymoron. This usually happens when something goes wrong. It might be due to sloppy reconnaissance, operations, or simply bad luck. While it’s always good to have someone or something to blame, things are not so easy in modern „cyberspace“. Improving your security means to have something to base this improvement on. Despite the fact that being lucky is never a bad thing, the selection of your defences and the assessment of the threats you are facing need to be based on something more solid. IT departments have been mining logs and other kind of raw materials that produce metrics for decades. Every once in a while there is a new trend. Now that we can store enormous amounts of data and can access it, we have a lot

Read More

2209, 2016

DeepSec 2016 Talk: Malicious Hypervisor Threat – Phase Two: How to Catch the Hypervisor – Mikhail A. Utin

Sanna/ September 22, 2016/ Conference, Security

The blue/red pill analogy has been used a lot when it comes to hypervisor security and virtualisation. While there are reliable ways to determine if your code runs in a hypervisor or not, the underlying problem still persists. How do you know if the platform your code runs on watches every single move, i.e. instruction or data? Given the discussion of backdoors in hardware, this threat is real. Mikhail Utin discussed his findings at DeepSec 2014. He discovered manipulation of the BIOS in certain server systems. The hardware was probably affected, too. Two years later he presents his research covering the detection of malicious hypervisors in parts of your infrastructure where they should not be. Utilizing the definition of vulnerability as “inability to resist a threat” we want to update our consideration of three

Read More

2009, 2016

DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco

Sanna/ September 20, 2016/ Conference, Internet, Security

Do you remember the days of Wired Equivalent Privacy (WEP)? One might almost say security design was bad back then. The question is: Has it really improved? Proper encryption and authentication is only a part of the design. In the case of wireless networking there is a whole lot more to consider. Shooting clients off the network is still possible. Penetration testers can tell you much more about the quirks and weaknesses of wireless protocols. This is why we asked Andrés Blanco to give a presentation about the state of wireless affairs. WiFi is everywhere and everyone is using it everyday. Employees connect to enterprise networks using their mobile devices, and later the same day to a WiFi network at a coffee shop or their home network. WiFi networks give users mobility and wire-less

Read More

0809, 2016

DeepSec 2016 Talk: CSP Is Dead, Long Live Strict CSP! – Lukas Weichselbaum

Sanna/ September 8, 2016/ Conference

The Content Security Policy (CSP) is an additional layer of security for web applications. It is intended to detect and mitigate certain types of attacks. CSP is deployed by using the HTTP Content-Security-Policy header for publishing a policy. The policy instructs the web client how various resources will be used, where they come from, and the like. Violations of the policy can be reported to an application. Basically you can give the web client important hints what to expect. The reporting helps your intrusion detection process since the web clients usually understand the Web better than IDS modules. Lukas Weichselbaum is working at Google, and he will explain how CSP can be bypassed. In this presentation I’ll highlight the major roadblocks that make CSP deployment difficult. I talk about common mistakes, about how we automatically bypassed

Read More

0709, 2016

DeepSec2016 Talk: badGPO – Using GPOs for Persistence and Lateral Movement – Yves Kraft & Immanuel Willi

Sanna/ September 7, 2016/ Conference, Development, Security

System administration has evolved a lot during the past decades. Instead of enjoying long walks through the forests of servers and clients, the modern sysadmin controls the whole infrastructure by policies. Most operating systems can take advantage of this technology. As with software upgrades, these tools can make your life easier – or help an intruder to get a firm hold onto your infrastructure. Malicious activity can exploit your management networks/systems. Once this happens, you are in deep trouble. We have invited two security experts who created a demonstration. They used the Microsoft® Windows platform in combination with native tools: Group Policy is a feature which provides centralized management and configuration functions for the Microsoft operating system, application, and user settings. Group Policy is simply the easiest way to reach out and configure computer

Read More

0609, 2016

DeepSec 2016 Talk: Machine Duping – Pwning Deep Learning Systems – Clarence Chio

Sanna/ September 6, 2016/ Conference, Security

Give a man a computer, and you 0wn him for a day. Teach a man to employ machine learning, and he will have to battle Skynet for a lifetime. This quote might not be the exact copy of the original, but it will do. Machine now learn stuff. Hence the are of machine learning is the new playground for start-ups, old school companies, researchers, and hackers, of course. A new era of sapiosexual attraction to artificial minds has begun. Information security is not spared. Algorithms have long been a part of defence. Now they are being used with machine learning. Since algorithms and machines run on networked computers, they can be attacked. At DeepSec 2016 Clarence Chio will explain to you how it can be done. Deep learning and neural networks have gained incredible

Read More