2410, 2012

DeepSec 2012 Talk: The „WOW Effect“

René Pfeiffer/ October 24, 2012/ Conference

If you have ever been in the position of analysing the remains of a compromised system, then you will probably know that a lot of forensic methods rely on data stored in file systems. Of course, you can always look at individual blocks, too, however sooner or later you will need the logical structure of the data. The question is: Do you rely on the file system to be honest with you? What happens if the file system (with a little help from the OS around it) tricks you into believing false information? The answer is easy. Your investigation will fail. Christian Wojner from CERT.at has a presentation for you which describes the stunning „WOW Effect“ stemming from Microsoft’s WoW64 technology. WoW64 is the abbreviation for Windows 32-bit on Windows 64-bit. It allows 64-bit

Read More

1910, 2012

DeepSec 2012 Keynote: We Came In Peace – They Don’t: Hackers vs. CyberWar

René Pfeiffer/ October 19, 2012/ Conference

„Cyberwar“ is all the fashion these days. Everyone knows about it, everyone has capabilities, everyone has a military doctrine to deal with it. Sceptics make fun of it, politicians use it for election campaigns, security researchers wonder what’s new about it, „experts“ use it to beef up their CV, cybercrime yawns, journalists invent new words, most others are confused or don’t care (probably both). This is why DeepSec 2012 features four talks about this topic, including the keynote by Felix ‘FX’ Lindner. FX explains what you can expect from his presentation: “The issues we are facing concerning the militarization and beginning arms race in the so-called “cyber domain” are not what you might think they are. I would like to highlight two aspects of how we, the civilian hackers, in my opinion handle things

Read More

1510, 2012

DeepSec 2012 Talk: I’m the guy your CSO warned you about

René Pfeiffer/ October 15, 2012/ Conference

Social engineering has a bit of a soft touch. Mostly people think of it as “you can get into trouble by talking to strangers”, remember the “don’t talk to strangers” advice from their parents, dismiss all warnings and will get bitten by social security leaks anyway. You have to talk to people, right? You are aware that attackers will use social engineering to get past the expensive security hardware and software. Being aware is very different from being prepared. This is why we asked an expert of social engineering to give you an example of his skills. Be warned, it won’t get pretty and you won’t leave the presentation with the warm and cosy feeling that everything will be alright. To give you a sneak preview, here’s a digital letter from Gavin Ewan himself:

Read More

1410, 2012

DeepSec 2012 Talk: Passive IPS Reconnaissance and Enumeration – false positive (ab)use

René Pfeiffer/ October 14, 2012/ Conference

Once you have a network, you will have intruders. You may already have been compromised. How do you know? Right, you use proper and hard to fool monitoring tools that will always detect good and evil. If you believe this statement, then you probably never heard of the dreaded false positive, commonly known as false alarm. Sometimes a search pattern triggers, but there is no attack. Getting rid of false positives is difficult. As a side effect security researchers have explored false positives as an attack vector. Arron ‘Finux’ Finnon is presenting a new look at intrusion detection/prevention systems (IDS/IPS) and new uses for false positives. You can use false positives to better understand the security posture from an attacker’s point of view, and more importantly be used to discover security devices such as

Read More

1210, 2012

DeepSec 2012 Talk: Own the Network – Own the Data

René Pfeiffer/ October 12, 2012/ Conference

We all use networks every day. This is obvious when it comes to the Internet, but there are more networks if you use phones and other gadgets. Like it or not, these networks are a part of your infrastructure. Now you know, but attackers (and security people) knew this before. So, what can happen to your data if the network is compromised? The short answer: a lot! The long answer is given by Paul Coggin in his presentation at DeepSec 2012. Paul’s presentation discusses the security issues with the critical network architectures being deployed by service providers and utilities to support next generation network services such as IPTV, 3G/4G, smart grid, and more. There’s a lot happening behind the scenes. Once new products are announced, the stage has already been prepared. Network infrastructure security

Read More

0610, 2012

DeepSec 2012 Talk: The Interim Years of Cyberspace – Security in a Domain of Warfare

René Pfeiffer/ October 6, 2012/ Conference

In case you haven’t heard about it yet, officially that is, welcome to the fifth domain! As with space and other environments, the networked world has been discovered by various forces and groups for their advantage. The past years have shown that whatever happens in Cyberspace, doesn’t always stay in Cyberspace. It’s not always about the DDoS attacks, which have been blown out of proportion, but it’s about malicious software, reconnaissance, information extraction and other aspects which are less spectacular (watching less television helps to restore the perspective to normal). We’d like to set your perspective right and recommend listening to Robert M. Lee’s presentation about the Interim Years of Cyberspace. His talk focuses on the bigger picture in an effort to add a different view to the discussions taking place at DeepSec. The

Read More

0510, 2012

DeepSec 2012 Talk: Evolution of E-Money

René Pfeiffer/ October 5, 2012/ Conference

The concept of electronic money has been around long before BitCoin entered the stage. The main characteristic is its electronic storage and exchange. This is both convenient and dangerous since digital goods can be stolen by copying data or cracking codes, depending on the design of the e-money system (which often will involve cryptographers). Jon Matonis will give you an overview about both the goals and the scary aspects of the cashless society. While the talk will focus on BitCoin, which is a peer-to-peer crypto-currency, you will get a deeper insight into how electronic currencies work, what challenges existing designs have solved (or haven’t), and which opportunities the use of digital currencies poses in the future. The phenomenon is quite young, but it is popular, even among criminals who already robbed a BitCoin bank.

Read More

0510, 2012

DeepSec 2012 Talk: The Vienna Programme – A Global Strategy for Cyber Security

René Pfeiffer/ October 5, 2012/ Conference

In case you ever felt frustrated by the countless ways digital systems can fail, you should consider listening to Stefan Schumacher‘s talk about a global strategy for cyber security. It’s not about silver bullets or throwing rings into volcanoes, it’s meant as a roadmap leading to an improved security level in our digital landscape. Information technology and therefore IT security play a bigger role in everyday life than 20 years ago. However, even since IT security becomes more and more important, yet we are still discussion the same old problems: rootkits, viruses and even buffer overflows. Unfortunately, IT security  still revolves about the same problems as it did 20-30 years ago. Instead of fighting the same battles again and again we have to take a look at the strategic level to coordinate efforts. This

Read More

3009, 2012

DeepSec 2012 Talk: SAP Slapping

René Pfeiffer/ September 30, 2012/ Conference

DeepSec 2012 covers SAP in-depth, and we decided also to include a presentation on how to test/pen-test SAP installation. Dave Hartley will give you an overview about how to approach SAP, show you what you can do, and probably achieve complete compromise of insecure and misconfigured SAP environments by pressing buttons. ☺ SAP systems can incorporate many different modules ERP, ECC, CRM, PLM, SCM, SR, … that are installed on multiple operating systems (UNIX, HP-UX, Linux and Windows etc.) which in turn rely on many different back end databases (DB2, Sybase ASE, Oracle, MS SQL, MaxDB and Informix). There are also many different versions/application stacks (SAP Netweaver 7.1 ABAP AS, 7.2 ABAP/Java AS, 7.3 ABAP/Java AS, …). Basically SAP systems often consist of very complex architectures and employ a myriad of integration choices in order to

Read More

2709, 2012

DeepSec 2012 Talk: Breaking SAP Portal

René Pfeiffer/ September 27, 2012/ Conference, Security

SAP products are very widespread in the corporate world. A lot of enterprises run SAP software for a whole variety of purposes. Since enterprises feature many levels of interconnection, there is also a great deal of exposing going on. Usually you do this by means of using portals. The term „portal“ is a trigger for penetration testers, because portals are the gateways to curiosity – and probably compromises. This may give an attacker access to systems that store all informations about your company and process all critical business transactions. You now have compelling reasons to attend DeepSec 2012 for we have a collection of SAP security talks and a workshop for you. Alexander Polyakov talks about how to attack SAP Portal. It is usually connected to the Internet. In turn the Internet is connected

Read More

1909, 2012

DeepSec 2012 Schedule – In-Depth

René Pfeiffer/ September 19, 2012/ Administrivia, Conference

The schedule for DeepSec 2012 has now been online since August. The last two workshop slots have been filled with two superb training by McAfee/Foundstone. There are still some minor blind spots, but Your Favourite Editors work on this. We will start to describe every workshop in-depth with its own blog article, and we will do the same with every presentation. We will try to set every piece of DeepSec 2012’s content into perspective and context. We are really looking forward to the trainings and presentations of DeepSec 2012!

2103, 2012

Use Key Content for your Key Notes

René Pfeiffer/ March 21, 2012/ Administrivia, Security

There is some discussion about certain key note talks in the blogosphere and on mailing lists. Apparently there has been too much mentioning of mayhem and company ads lately. We will judge about this as soon as we have watched the video recordings of these talks. Until we have done that we’d like to point out that all our key note presentations go through the same Call for Papers mechanism as the „regular“ talks. This is true for DeepINTEL and DeepSec alike. It has also been true for all past DeepSec conferences. While we don’t mind provocative content, we still like our speakers to present high quality content. Paid content on the contrary is not always of high quality. As soon as you enter the realm of sponsored talks you’ll suddenly realise that presentations

Read More

1111, 2011

Talk: Advances in IDS and Suricata

René Pfeiffer/ November 11, 2011/ Conference

Intrusion Detection Systems were very much in demand over 10 years ago. The widely known Snort IDS software is a prominent tool. Other vendors have their own implementations and you can readily buy or download thousands of rules distributed in various rule sets. Cranking up the sensitivity will then easily give you more alerts than you will ever be able process sensibly. This is the mindset that settles once they hear „IDS“ or „IPS“. We don’t think this view is still true. That’s why Victor Julien and Eric Leblond, Open Information Security Foundation, will talk about Advances in IDS and Suricata at DeepSec 2011. You have probably heard of Suricata, the next generation intrusion detection engine. Development of Suricata started in 2008 and war first released as stable in December 2009. Past DeepSec conferences featured

Read More

0411, 2011

Talk: On Cyber-Peace – Towards an International Cyber Defense Strategy

René Pfeiffer/ November 4, 2011/ Conference

While UK is preparing for war we’ll try something completely different at DeepSec 2011. We will talk about peace („cyber-peace“ to be exact). The ill-defined term cyber-war is haunting media, security communities, politics and the military for a while now. We already had talks about this at past DeepSec conferences. Cybersecurity is currently a big hype even in mainstream media like the Frankfurter Allgemeine Zeitung, The Guardian or The New Yorker. Exploits and Vulnerabilities like Stuxnet or the German Trojan Rootkit for Lawful Interception are discussed in prime time news. Hackers like the Chaos Computer Club offer technical advice to the German Parliament and the highest court, the Federal Constitutional Court. Due to the constant work of security experts, researchers and hackers (including some really cool media fnords and stints), the level of security

Read More

0311, 2011

Talk: Laws, Compliance and real Life

René Pfeiffer/ November 3, 2011/ Conference

If you believe that computer security is all about having the right tools and an expert staff, then you are mistaken. Never forget why you have computers in the first place – because of your business. Mikhail Utin will shed light on the corporate side of security by talking about  laws, compliance and real life (full title of his talk is US experience – laws, compliance and real life – when everything seems right but does not work). While information security can be improved in a number of ways, one powerful approach is continually overlooked by security researchers. This approach constitutes a collective effort by masses of computer users, where each individual has a very limited understanding of information security and is frequently forced to improve security by various laws and regulations. Pressure coming from

Read More