0109, 2023

DeepSec 2023 Talk: The Attacker Mindset: Practical Lessons from the Field – Yossi Sassi

Sanna/ September 1, 2023/ Conference

Occasionally we come across the expression “attacker mindset”, yet without properly understanding what it means in practice. What does it REALLY mean? Is it a different way of thinking? Planning? Improvising? Or execution? Or maybe all of the above? We’ll dive into some practical examples & hands-on demos to understand what this term actually means, from an engagement perspective. We asked Yossi a few more questions about his talk. Please tell us the top 5 facts about your talk. Based on real-world engagements at dozens of customers worldwide, four continents, including Fortune 100 companies. Learn how to “think” like an adversary, not just hear about tools & techniques. Various hands-on demos to demonstrate the session topic. Cool research and code from self exploration. Gain overall insights, whether you are a Red or Blue teamer

Read More

3108, 2023

DeepSec 2023 Talk: Nostalgic Memory – Remembering All the Wins and Losses for Protecting Memory Corruption – Shubham Dubey

Sanna/ August 31, 2023/ Conference

Memory corruption, a vulnerability that emerged in the 1980s and gained prominence with the discovery of the first buffer overflow in the fingerd Unix application exploited by the Morris worm in 1988, has since become a significant concern in the field of information security. Its prevalence was further underscored by the influential Phrack edition 49 titled “Smashing the Stack for Fun and Profit” in 1996. Today, memory corruption remains one of the most pressing security challenges, compelling the entire defensive security industry to develop robust countermeasures. This session aims to delve into the progress made by the security industry in mitigating and protecting against different types of memory corruption, as well as the current state of these efforts. During the talk, I will explore various techniques that have been introduced worldwide to safeguard against

Read More

0606, 2023

DeepSec 2023 Talk: Deepfake vs AI: How To Detect Deepfakes With Artificial Intelligence – Dr. Nicolas Müller

Sanna/ June 6, 2023/ Conference

Artificial intelligence is developing at a breathtaking pace, already surpassing humans in some areas. But with opportunity comes potential for abuse: generative models are getting better at creating deceptively real deepfakes – audio or video recordings of people that are not real, but entirely digitally created. While the technology can be used legitimately for film and television, it has great potential for abuse. This lecture illustrates this problem using audio deepfakes, i.e. fake voice recordings. The technical background of synthesis will be highlighted, and current research on countermeasures will be presented: Can we use AI to expose deepfakes? Can we learn to recognise deepfakes, and if so, how? We asked Dr. Nicolas Müller a few questions about his talk. Please tell us the top 5 facts about your talk. We will listen to Angela

Read More

1111, 2022

DeepSec 2022 Talk: Industrial-Security vs. IT-Security – What Can We Learn From Each Other? – Michael Walser

Sanna/ November 11, 2022/ Conference

In the age of digitalisation, classic IT and industry are moving ever closer together. Devices are being networked and more and more smart devices are flooding the production hall. However, IT security is often disregarded in the process. Every device in the network can be compromised and requires an adapted strategy. Experience from 30 years of IT security gives the industry an orientation – but does not solve its problems. The challenges are often completely different, and the situation often requires completely different approaches. We try an approach and show experiences from the work with our customers and partners and give food for thought on what an IT security strategy for industry can look like and what both worlds can learn from each other. We asked Michael Walser a few more questions about his

Read More

1011, 2022

DeepSec 2022 Talk: Cyber Maturity Doesn’t Just Happen. True Tales Of A Cyber Maturity Concept – Uğur Can Atasoy

Sanna/ November 10, 2022/ Conference

Having a proper(!) security posture is more challenging than ever. Implementing the bare necessities for usability and security is scalable (literally), but the reality is always full of surprises. Dozens of assets, services, tools, requirements, workforce, risks and threats. How to keep the balance between usability, security and reputation while being honest with yourself? Many enterprises suffer from “keywords” and “trends” and have to pretend to be “proactive” by implementing the “latest” trends and approaches instead of solving the problems on “bits” that need “change”. When you look at enterprise-level security incidents, you can quickly notice that they have the latest tools, technologies and services, implemented the “Zero Trust Security” model, achieved base standards and compliance requirements, and hired the experts. Literally, they are prepared for almost all possible risks and threats, but they

Read More

1011, 2022

DeepSec 2022 Talk: Communicative Incident Response – Hauke Gierow, Paul Gärtner

Sanna/ November 10, 2022/ Conference

Crisis communication is probably the hardest part of communication to get right – and the most important. Combine this with a successful attack attempt on a company’s network that completely shatters operation and you have all the ingredients for disaster. But especially in situations like this, it is imperative to stay calm and remain in contact with the outside world. In this talk, we will relay best practices for crisis communication and how they specifically apply to IR situations. We will show the best and the worst attempts to manage a crisis – and show that situations like this can reposition a company and build trust rather than loosing it. We asked Hauke Gierow and Paul Gärtner a few more questions about their talk. Please tell us the top 5 facts about your talk.

Read More

0811, 2022

DeepSec 2022 Keynote: Complexity killed the Cat

René Pfeiffer/ November 8, 2022/ Conference

Complex systems is not a term indicating that you have stopped to understand something. The colloquial phrase „it’s complicated“ is often used as a joke. Complex systems have their own science. Information technology has managed to make our daily life easier. Applications manage vast amount of data, communication protocols transport countless numbers of messages, systems just work, and everything is fine. The problem is that code usually grows and never shrinks. This has implication for software development and for information security. The keynote will take you on a tour through complex systems, complexity, the limits of growth, and how the consequences can be managed in a sane way. The presentation will also try to remind you to ask questions, think twice about selecting appropriate metrics, and how to apply this approach to the tools

Read More

2810, 2022

DeepSec 2022 Talk: Fighting Fire with Fire – Detecting DNS-Tunneling with DNS – Artsiom Holub

Sanna/ October 28, 2022/ Conference

DNS tunneling used as a covert-channel method to bypass security policies has ballooned in the landscape of Ransomware attacks in recent years. This can be attributed to CobaltStrike post exploitation tools becoming modus operandi of cybercrime syndicates operating with ransomware. Most of the detections rely on packet inspection, which suffers from scalability performance when an extensive set of sockets should be monitored in real time. Aggregation-based monitoring avoids packet inspection, but has two drawbacks: silent intruders (generating small statistical variations of legitimate traffic) and quick statistical fingerprints generation (to obtain a detection tool really applicable in the field). Our approach uses statistical analysis coupled with behavioral characteristics applied directly in the DNS resolver. This presentation will cover examples of the malicious tools used by threat actors and detections designed to protect from such tools.

Read More

2610, 2022

DeepSec 2022 Talk: Attacking Developer Environment Through Drive-by Localhost Attacks – Joseph Beeton

Sanna/ October 26, 2022/ Conference

There is a widespread belief that services that are only bound to localhost are not accessible from the outside world. Developers for convenience sake will run services they are developing configured in a less secure way compared to how they would (hopefully!) do in higher environments. By compromising websites developers use, just injecting JS into adverts served on those sites or just a phishing attack that gets the developer to open a web browser on a compromised page, it is possible to reach out via non pre-flighted http requests to those services bound to localhost, by exploiting common misconfigurations in Spring, or known vulnerabilities found by myself and others. I’ll demonstrate during the talk, it is possible to generate a RCE on the developer’s machine or other services on their private network. As developers

Read More

1910, 2022

DeepSec 2022 Talk: Ukrainian-Russian Warfare In Cyberspace: Technological And Psychological Aspects – Sergiy Gnatyuk

Sanna/ October 19, 2022/ Conference

On 24th of February, 2022, the life of Ukrainians has changed fundamentally. Russian troops attacked peaceful Ukrainian cities and civilian infrastructure, using all possible means and bridgeheads – land, sea, air and cyberspace. Predictably, given the technological conditions, the cyberspace has become one of the main arenas of combat in this war. Powerful cyber-attacks (more than 1,100 attacks so far) on the state’s critical information infrastructure were accompanied by destructive information and psychological effects and special psychological operations (PSYOP). However, as in other domains, Ukraine persevered in cyberspace, fought back and counterattacked the enemy. At DeepSec up-to-date information on the specifics of cyber-attacks on the technological infrastructures (DoS-attacks, malicious software, unauthorized data collection, etc.) will be presented and analyzed, as well as attacks on the population (mis- and disinformation, deep fakes, etc.). Current initiatives

Read More

1810, 2022

DeepSec 2022 Talk: Signature-based Detection Using Network Timing – Josh Pyorre

Sanna/ October 18, 2022/ Conference

Malware often has behaviors that can be used to identify other variants of the same malware families, typically seen in the code structure, IP addresses and domains contacted, or in certain text strings and variable names within the malware. However, it may be possible to identify malware, or anomalous behavior by analyzing the timing in between network transactions. My presentation will explore this idea using network captures of malicious activity amongst potentially normal network traffic, analyzed quickly with Python. We’ll explore this on network data with full visibility into the transactions as well as noisier encrypted traffic, where we’ll attempt to identify unusual activity based only on bandwidth. We asked Josh Pyorre a few more questions about his talk. Please tell us the top 5 facts about your talk. Signatures are the primary method

Read More

1710, 2022

DeepSec 2022 Talk: Iran: A Top Tier Threat Actor – Steph Shample

Sanna/ October 17, 2022/ Conference

This presentation, conducted hundreds of times throughout the United States on Wall Street, at various American universities, and throughout the US Defense sector, will go into detail on the evolution of the Iranian cyber program, its current state and most common malware, as well as what geopolitical events and relationships influence Iranian cyber actors. It will also detail why Iran needs to be taken seriously as a digital threat, as they indeed operate at the same level as malicious Russian and Chinese threat actors. We asked Steph Shample a few more questions about her talk. Please tell us the top facts about your talk.  Iran continues to quickly gain sophistication in Cyber. Its state sponsored (military and civilian) and cybercriminal operations have worldwide impact and deserve attention. Iran’s relationships with other adversaries like China

Read More

1010, 2022

DeepSec 2022 Talk: Working in Warzones in Theory and in Practice – Enno Lenze

Sanna/ October 10, 2022/ Conference

The difference between theory and practice is much smaller in theory than in practice. This also applies to physical and digital security in war zones. While those at home imagine journalists driving certified armored vehicles and using special encrypted devices, in practice, it is often a Toyota Corolla and WhatsApp. Why is that the case? I will try to explain the different aspects and reasoning behind the decisions on digital and physical security based on real-world experiences and examples. We asked Enno Lenze a few more questions about his talk. Please tell us the top 5 facts about your talk. How IT Nerds think you should prepare for a war zone and what it‘s like in reality Threat analysis and the question if you need a bulletproof vest What to pack when going to

Read More

0710, 2022

DeepSec 2022 Talk: Protecting Your Web Application/API With CrowdSec – Klaus Agnoletti

Sanna/ October 7, 2022/ Conference

Protecting your web applications and APIs are more important than ever. Especially these days where one can deploy their application in the cloud, where everything but the application itself is a standardized application constantly updated for you by continuous patch processes, it is more evident than ever that the biggest risk is present in the code you produce yourself and expose to the internet. But what are the risks? And how to mitigate them? And is it true that APIs don’t need to be secured as much as your website? All competent security professionals know that there’s no such thing as a silver bullet, so obviously creating an AppSec program is inevitable to achieve a sufficient security posture. But how do we handle the remaining risks? CrowdSec is a FOSS security tool that can

Read More

0510, 2022

DeepSec Talk 2022: Anticipating Damage Control: Communicating About Cybersecurity Within And Outside Organizations – Prof. Matthieu J. Guitton

Sanna/ October 5, 2022/ Conference

Although cybersecurity aims at protecting individuals and organizations from the threats emerging from the massive use of and dependency upon digitalized spaces, the efforts of cybersecurity experts unfortunately do not always succeed in doing so. Therefore, integrated cybersecurity strategies of large organizations should minimally include a plan for damage control. Damage control strategies are typically handled by public relations experts and tend to follow a classical narrative, combining a mix of both apologizing and reassuring discourses. However, in an age of communication technologies, efficient narrative strategies have to be multi-layered. Indeed, while damage control is typically conceptualized as taking place after the occurrence of a damage causing event, it should also include an anticipatory component, both dealing with communication planning and pre-event communication. Furthermore, a damage control narrative can not exclusively focus on a

Read More