DeepSec 2024 Talk: Living on the Edge: eBPF Defenses for Embedded System (in the Automotive Domain) – Reinhard Kugler (

Sanna/ September 20, 2024/ Conference/ 0 comments

Linux has become a driving factor in the industrial and automotive domain. Vehicles are already a complex network of electrical components. In recent years, the technology stack and connectivity of vehicles have drastically evolved. Is all this complexity still safe and secure? How can embedded systems running different bus systems and physical interfaces be protected against modern attackers? The now mandatory updates of on-board components in these vehicles have introduced even new security challenges to this evolving landscape. Common Linux security measures, including capabilities, permissions, and mandatory access control, are already hitting their limits. Using eBPF technologies promises a flexible way to define security at runtime without the need to change the application code. Will this be as transformative for the embedded sector as it has been for the cloud? This talk presents hands-on

Read More

DeepSec 2024 Talk: Should You Let ChatGPT Control Your Browser? – Donato Capitella

Sanna/ September 19, 2024/ Conference/ 0 comments

This presentation will explore the practical risks associated with granting Large Language Models (LLMs) agency, enabling them to perform actions on behalf of users. We will delve into how attackers can exploit these capabilities in real-world scenarios. Specifically, the focus will be on an emerging use cases: autonomous browser and software engineering agents. The session will cover how LLM agents operate, the risks of indirect prompt injection, and strategies for mitigating these vulnerabilities. We asked Donato a few more questions about his talk. Please tell us the top 5 facts about your talk. LLM Red Teaming tools are benchmarks useful for LLM builders, but they are less useful to developers or application security testers When talking about “LLM Application Security”, we need to focus on the use-case the LLM application is enabling The talk

Read More

DeepSec Talk 2024: Blackbox Android Malware Detection Using Machine Learning and Evasion Attacks Techniques – Professor Dr. Razvan Bocu

Sanna/ September 18, 2024/ Conference/ 0 comments

Over the past ten years, researchers have extensively explored the vulnerability of Android malware detectors to adversarial examples through the development of evasion attacks. Nevertheless, the feasibility of these attacks in real-world use case scenarios is debatable. Most of the existing published papers are based on the assumptions that the attackers know the details of the target classifiers used for malware detection. Nevertheless, in reality, malicious actors have limited access to the target classifiers. This talk presents a problem-space adversarial attack designed to effectively evade blackbox Android malware detectors in real-world use case scenarios. The proposed approach constructs a collection of problem-space transformations derived from benign donors that share opcode-level similarity with malware applications through the consideration of an n-gram-based approach. These transformations are then used to present malware instances as legitimate entities through

Read More

DeepSec 2024 Talk: Far Beyond the Perimeter – Exploring External Attack Surfaces – Stefan Hager / khae

Sanna/ September 17, 2024/ Conference/ 0 comments

Looking for intel in all the right places is an art that adversaries seem to have mastered; but for their own data, many companies seem to lose interest in examining anything that’s outside the “perimeter” – whatever that is supposed to be nowadays. Credential leaks, shadow IT, unofficial websites with official info – the list of assets far outside the data centers of companies is long and those assets nevertheless pose risks. Instead of turning a blind eye, it’s important (and necessary) to get an understanding of what kind of information is out there, ready to be used or abused and protect accordingly. What risks are “out there” and what is meant by “out there”? How can those risks be addressed? What tools are easily available? Gathering information is a valuable tool not only

Read More

DeepSec 2024 Talk: Navigating the Storm: Emerging Threats in AWS Cloud Security – Miguel Hernández & Alessandro Brucato

Sanna/ September 16, 2024/ Conference/ 0 comments

As cloud adoption speeds up, so too does the sophistication of attacks targeting cloud infrastructure. Our talk delves into the evolving landscape of AWS security, focusing on the burgeoning threat of crypto mining. We’ve witnessed a significant shift in the tactics, techniques, and procedures (TTPs) used by attackers. This session will uncover the latest trends in cloud security, spotlighting new threat groups and their innovative methods for abusing AWS services. Attendees will learn about real-world threats involving AWS resources. We will explore the intricate ways these attackers infiltrate and collaborate with other groups in a large black market for credentials. Our discussion will also cover proactive strategies for detection and mitigation, empowering security professionals to safeguard their cloud infrastructure against these evolving threats. We asked Miguel and Alessandro a few more questions about their

Read More

DeepSec 2024 Talk: Reversing Windows RPC in Enterprise Software for Fun and CVEs – Andreas Vikerup

Sanna/ September 13, 2024/ Conference/ 0 comments

This talk will walk the audience through the dissection of Windows RPC usage in the enterprise software ManageEngine ADAudit Plus, which will unravel two CVEs and crack a CTF-like encryption/decryption process. We asked Andreas a few more questions about his talk. Please tell us the top 5 facts about your talk. This talk will guide the audience through a reverse engineering method that will ultimately lead to 2 CVEs in a product known as ManageEngine ADAudit Plus. The reviewed code will be human readable (as in not assembly language) which makes it easy to follow. There will be hurdles along the way to reach the goal and these will be highlighted and discussed in the presentation. How did you come up with it? Was there something like an initial spark that set your mind

Read More

DeepSec 2024 Talk: A Practical Approach to Generative AI Security – Florian Grunow & Hannes Mohr

Sanna/ September 12, 2024/ Conference/ 0 comments

The rise of applications based on AI (mostly generative AI) forces us to think about the security and privacy implications of these systems. We will try to make sense about the attack surface of generative AI applications, what practitioners in the field need to consider in development and operations, and how they can derive security measures for these systems. We will first dive into the range of generative AI applications using examples of the OpenAI ecosystem. This will give the audience an understanding about the fundamental problem of AI from a security perspective. We then offer an insight into the attack surface that those applications have. This will help understand what needs to be secured and what can be secured. Many times, good old security best practices will be a good start, although AI

Read More

DeepSec Talk 2024: GenAI and Cybercrime: Separating Fact from Fiction – Candid Wüest

Sanna/ September 11, 2024/ Conference/ 0 comments

Are we standing at the brink of an AI Armageddon? With the rise of Generative AI (GenAI), cybercriminals allegedly now use unprecedented AI tools, flooding the digital world with sophisticated, unblockable threats. This talk aims to dissect the hype and uncover the reality behind the use of GenAI in cybercrime. We will explore the growing use of deepfakes in scams, exemplified by a million dollar fake BEC video conference call. From son-in-trouble scams to KYC bypass schemes, deepfakes are becoming versatile tools for cybercriminals and a nightmare for defenders. Turning to phishing attacks, we’ll discuss how GenAI personalizes and automates social engineering, significantly increasing the volume of attacks. However, they still require an account to send from and some payload. Having the ultimate phishing text does not mean you are not blocked. We’ll also

Read More

DeepSec 2023 Talk and Breakout Session: Let’s Prepare for the Unexpected – Erlend Andreas Gjære

Sanna/ November 15, 2023/ Conference

What happens when a large group of more or less connected individuals need to deal with a cyber incident, together? In this interactive hands-on session, we will try to experience – first-hand – just how challenging it can be to keep information flowing, make the right decisions and protect our assets while dealing with a simulated crisis. We asked Erlend a few more questions about his talk and breakout session. Please tell us the top 5 facts about your talk and workshop. This will be an interactive session, and everyone can join! We are going to prepare for a cyber incident, together People share anonymous inputs via their phones Participants also receive individual updates on their phones There will be a breakout session afterwards for a deep-dive tabletop How did you come up with

Read More

DeepSec 2023 Talk: Oil – But at What Cost: Azerbaijan and the EU’s Murky Partnership – Pavle Bozalo

Sanna/ November 3, 2023/ Conference

Since Russia’s invasion of Ukraine, the European Union has rightfully sought to reduce its dependence on Russian oil with the ultimate aim of completely eliminating it. In this quest for trustworthy oil suppliers, Brussels has turned to countries such as Azerbaijan who, although wealthy in oil, have dubious human rights records and who, in many ways, are at the forefront of cyber surveillance and cyberwarfare. This quest has come at a cost, with the EU keeping mum on Azerbaijan’s armed invasion of the Nagorno-Karabakh territories southwards of Armenia – a scenario otherwise eerily similar to Russia’s armed invasion. As it cracks down on spyware within the EU, the European Commission buys Azeri President Aliyev’s oil, apparently unaware of hackers from Baku rolling out spyware and remote access trojans. Not only do Armenian officials find

Read More

DeepSec 2023 Tech Track Workshop: Tabletop Exercise/War Games – Julian Botham & Aron Feuer

Sanna/ October 21, 2023/ Conference

The objective of an tabletop exercise is to assess and enhance an organization’s preparedness and executive decision-making protocols in the event of a ransomware attack. The exercise will simulate a ransomware attack on critical systems, culminating in encrypted files and a ransom demand. Participants will role-play as C-suite executives, IT security managers, legal advisors, and the public relations team. The exercise will cover key activities, such as initial incident identification, activation of the incident response team, internal and external communication protocols, decision-making concerning ransom payment, coordination with law enforcement, system recovery and restoration, and post-incident analysis. We asked Julian and Aron a few more questions about their tabletop exercise. Please tell us the top 5 facts about your talk. The average ransom in 2023 is $1.54 million, almost double the 2022 figure of $812,380

Read More

DeepSec 2023 Talk: Improving Cyber Resilience Through Micro Attack Simulations – Christian Schneider & Kevin Ott

Sanna/ October 20, 2023/ Conference

With the increasing adoption of Red Teaming and Purple Teaming in the cybersecurity industry, organizations that have achieved high levels of security maturity can greatly benefit from these activities. However, organizations at the onset of building a security program are often left out. This talk introduces Micro Attack Simulations, an innovative approach that allows organizations to validate specific security controls without waiting for full-blown Red Teaming exercises. Micro Attack Simulations focus on assessing single or multiple security controls that are already implemented, providing a valuable approach for organizations aiming to bolster their cyber resilience. These simulations not only focus on technical aspects but also consider non-technical security controls such as escalation procedures and reporting paths during security incidents. As a result, organizations can derive specific Red Team unit tests and perform a gap analysis

Read More

DeepSec 2023 Talk: The Attackers Guide to Exploiting Secrets in the Universe – Mackenzie Jackson

Sanna/ October 12, 2023/ Conference

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the

Read More

DeepSec 2023 Talk: Up Close & Personnel – Chris Carlis

Sanna/ October 11, 2023/ Conference

You work hard to defend against internet-based threats, but how prepared are you when the attacker is on your literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can cause a difficult to detect network compromise. Attendees will gain a stronger understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited. We asked Chris a few more questions about his talk. Please tell us the top 5 facts about your talk. People often underestimate the amount of practice and level of skill needed to execute a good number of physical testing techniques. Your perimeter is probably bigger than you think or would

Read More

DeepSec 2023 Talk: KENOUGH: More Than Just a Pretty Interface – Daniel Kroiss & Stefan Prinz

Sanna/ October 9, 2023/ Conference

The vast majority of organizations on our planet are SMEs who do not have the capability to leverage professional Threat Intelligence Tools or even have Threat Intelligence Teams. They continuously struggle to prioritize their efforts fixing security problems but are typically not focusing on the right stuff. Not all threat actors are equally likely to penetrate your organization. Therefore, not all TTPs are equally likely to be leveraged against you. MITRE ATT&CK is the de facto standard in researching current TTPs and figuring out how to detect and prevent them from happening. We created a small but powerful tool based on MITRE ATT&CK to easily figuring out connections between Threat Actors, malware, TTPs and their relevance to your industry to help you figure out what to focus on. The tool is specifically built for

Read More