DeepSec 2020 Talk: Security of Home Automation Systems – A Status Quo Analysis For Austrian Households – Edith Huber, Albert Treytl

Sanna/ September 28, 2020/ Conference

Home Automation System (HAS) are a growing market, which is very diverse ranging  from consumer electronics like TVs, mobile phones and gaming consoles via WLAN connected sensors, power plugs or lightbulbs to building automation devices for HVAC systems or access solutions. Beside “classical” network technologies IoT technologies gain increasing spread and importance. This paper presents results of a representative survey analysing the security awareness and perception as well as susceptibility to cybercrime of HAS users in Austria. The aim of this survey is to investigate the spread of the device types, cybercrime attacks and security risks. These results are compared with technical vulnerabilities of such devices to identify relevant security risks and countermeasures. Additionally, a concept to protect sensor values directly in the analogue circuit is presented as an outlook to ongoing research. We asked Edith and Albert a few more questions about their talk.   Please tell us the top facts about your talk. The most common HAS are Smart TV, voice assistants and surveillance cameras, but many other applications are on the rise. Respondents of the survey say

Read More

DeepSec 2020 Talk: Efficient Post-quantum Digital Signature – Maksim Iavich (DeepSec Scholar 2020)

Sanna/ September 25, 2020/ Conference

Active work is being done to create and develop quantum computers. Traditional digital signature systems, which are used in practice, are vulnerable to quantum computers attacks. The security of these systems is based on the problem of factoring large numbers and calculating discrete logarithms. Scientists are working on the development of alternatives to RSA, which are protected from attacks by quantum computer. One of the alternatives are hash based digital signature schemes. Merkle digital signature scheme is the very promising alternative to the classical digital signature schemes. It must be emphasized, that the scheme has efficiency problems and can not be used in practice. Major improvements of the scheme lead to security vulnerabilities. I will show that Merkle uses hash functions many times. I will offer the improved implementation of the hash function. I

Read More

DeepSec2020 Talk: The Art Of The Breach – Robert Sell

Sanna/ September 16, 2020/ Conference

The Art of the Breach is designed to be a journey for anyone interested in physical security. Robert takes the audience on a trip from the public sidewalk outside a target organization all the way through to the executive filing cabinet in the President’s office. While many physical security talks focus strictly on the information security aspect of breaching, Robert will combine this with techniques used by first responders to enter a building. While social engineering and lock picking will be discussed, Robert will also outline the third option of forced entry. During this adventure, Robert discusses everything from successful reconnaissance to ensuring an easy exit afterwards. Robert spends time at each step to go over the various options for moving forward. Some of these options are easy and straightforward while others require preparations

Read More

DeepSec 2020 Talk: Abusing Azure Active Directory: Who Would You Like To Be Today? – Dr. Nestori Syynimaa

Sanna/ September 14, 2020/ Conference

This will be one of the few online talks held at DeepSec. Dr. Nestori Syynimaa covers the wonderful world of Azure AD and third-party code. Azure AD is used by Microsoft Office 365 and over 2900 third-party apps. Although Azure AD is commonly regarded as secure, there are serious vulnerabilities regarding identity federation, pass-through authentication, and seamless single-sign-on. In this session, using AADInternals PowerShell module, I’ll demonstrate the exploitation of these vulnerabilities to create backdoors, impersonate users, and bypass MFA. The purpose of this session is to raise awareness of the importance of the principle of least privilege and the role of on-prem security to cloud security. We asked Dr. Nestori Syynimaa a few more questions about his talk. Please tell us the most important facts about your talk. Azure AD acts as an

Read More

DeepSec 2020 Talk: Caught in the Middle with You: Examining the Implications of Adversary Midpoint Collection – Joe Slowik

Sanna/ September 9, 2020/ Conference

Information security typically focuses on endpoint exploitation and manipulation. Endpoints are where our tools reside (EDR, log sources, and similar artifacts), and where we are most comfortable operating as these are the systems we interact with on a daily basis. However, adversaries increasingly migrate attacks to cover “midpoint” techniques (DNS manipulation, router exploitation, and traffic shaping mechanisms) to circumvent both endpoint and network defenses. Such actions shift operations to either devices we are unfamiliar with – routers, VPN concentrators, and similar devices – or systems and services completely outside our control – ISP equipment and fundamental Internet functionality. Although media stories highlighting such attacks exist, most threat analysis provides little information on the implications of such attacks or defensive strategies to meet them. By analyzing revelations emerging from various NSA-related leaks, followed by consideration

Read More

DeepSec 2020 Talk: EPP/EDR – Unhooking Their Protections – Daniel Feichter

Sanna/ September 4, 2020/ Conference

More and more we see in our penetration tests, that companies do not just rely on the traditional endpoint protection (EPP). Instead they began to add an additional EDR to the existing EPP or they use an EPP/EDR combination from different vendors like Microsoft, CrowdStrike, Endgame etc. Compared to EPP, an EDR is not designed for the prevention of malware, but for detection, response and hunting. EDR systems have a high process visibility at the endpoint. This makes it possible to conduct malware analysis based on the monitored behaviour. For that some EPP/EDR products under Windows rely on the technique API-Hooking. API-Hooking is a method to check executed code (via APIs) for malicious content by interception. For this purpose, the EPP/EDR software injects its own .dll into the address memory of a process. In

Read More

DeepSec 2020 U21 Talk: Protecting Mobile Devices from Malware Attacks with a Python IDS – Kamila Babayeva, Sebastian Garcia

Sanna/ September 2, 2020/ Conference

[Editorial note: We are proud to publish the articles about the U21 presentation slot for young researchers. The U21 track is a tradition of DeepSec. We aim to support (young) talents and give them a place on the stage to present their ideas and to gain experience.] Technology poses a risk of cyber attacks to all of us, but mobile devices are more at risk because there are no good detection applications for phones, and because they are the target of many novel attacks. We still don’t have a good idea of what our phones are doing in the network. To be better protected, mobile devices need better detection solutions from our community. In this talk I will present the development of Slips, a Python-based, free software IDS using machine learning to detect attacks

Read More

DeepSec 2020 Talk: Security Model Of Endpoint Devices – Martin Kacer

Sanna/ September 1, 2020/ Conference

Have you ever asked these questions? You are using the latest mobile and using your laptop with the latest and patched OS, running antivirus: Do you need to worry about security? Isn’t there still something broken in the entire security and permission model? Why can the desktop application, that is not an internet browser, access and communicate by using any IP address? Why can the application access your whole filesystem and collect the files from there? Why can an android app with internet permission communicate using any arbitrary IP, even a private one? Why can the app communicate by using different domains? Isn’t the app market ecosystem creating a friendly environment for botnets? This talk will shed some light on these issues and propose some mitigation strategy. We have asked Martin a few more

Read More

DeepSec 2019 Talk: How To Create a Botnet of GSM Devices – Aleksandr Kolchanov

Sanna/ November 26, 2019/ Conference

There are different types of GSM-devices: from GSM-alarms for homes and cars to industrial controllers, remote-controlled electric sockets and smartwatches for kids. Also, often they are vulnerable, so GSM-devices are interesting targets for hackers and pranksters. But it is easier to hack a device than to find these devices (usually, you should make a call, send SMS with a command to the phone number of this device, so it is necessary for an attacker to know or find this number). During this talk, I will give a short overview of types of devices and common vulnerabilities, then I will tell about different methods, which can be used to find the phone number of the device. Also, I will show some funny ideas, which allows hackers to create small (or huge, who knows?) botnet of

Read More

DeepSec 2019 Press Release: High-quality Randomness protects Companies

Sanna/ November 25, 2019/ Conference, Training

The ‘bugs’ of the’ 90s are still alive – hidden in IoT devices, integrated systems and industrial controls. Modern information security can’t manage without mathematics. It is less about statistics in the form of operational data or risk analysis. It’s about cryptography, which is constantly used in everyday life. It uses elements that build on high-quality random numbers to protect information from attacks. This year’s DeepSec Security Conference addresses key aspects of product implementation – data protection during transport and storage. Protecting the Digital Transformation Whether “intelligent” bulbs and illuminants, heating or building controls, tv-sets, industrial plants or entire production lines – the digital transformation covers all areas of our lives and leads to changes. On the one hand, digitization opens up opportunities such as the optimization of processes, the more efficient use of

Read More

DeepSec 2019 Talk: Abusing Google Play Billing for Fun and Unlimited Credits! – Guillaume Lopes

Sanna/ November 22, 2019/ Conference, Security

In 2017, the estimated global in-app purchase revenue was projected to exceed $37 billion. Just in the Google Play Store, for 2018, more than 200 000 apps are offering in-app purchases. However, the Google Play Billing API is vulnerable by design and allows an attacker to bypass the payment process. I analyzed several android games and found that it’s possible to bypass the payment process. This presentation will show real vulnerable applications (Fruit Ninja, Doodle Jump, etc.). We asked Guillaume a few more questions about his talk. Please tell us the top 5 facts about your talk. The vulnerability presented is really easy to exploit Client side issues are not dead in 2019! It seems nobody cares about losing money in the game industry… Very few vendors fixed their implementation Real vulnerable applications will

Read More

ROOTS 2019 Talk: Shallow Security: on the Creation of Adversarial Variants to Evade ML-Based Malware Detectors – Fabricio Ceschin

Sanna/ November 22, 2019/ ROOTS

The use of Machine Learning (ML) techniques for malware detection has been a trend in the last two decades. More recently, researchers started to investigate adversarial approaches to bypass these ML-based malware detectors. Adversarial attacks became so popular that a large Internet company (ENDGAME Inc.) has launched a public challenge to encourage researchers to bypass their (three) ML-based static malware detectors. Our research group teamed to participate in this challenge in August/2019 and accomplishing the bypass of all 150 tests proposed by the company. To do so, we implemented an automatic exploitation method which moves the original malware binary sections to resources and includes new chunks of data to it to create adversarial samples that not only bypassed their ML detectors, but also real AV engines as well (with a lower detection rate than

Read More

ROOTS 2019 Talk: RevEngE is a dish served cold: Debug-Oriented Malware Decompilation and Reassembly – Marcus Botacin

Sanna/ November 21, 2019/ ROOTS

Malware analysis is a key process for knowledge gain on infections and cyber security overall improvement. Analysis tools have been evolving from complete static analyzers to partial code decompilers. Malware decompilation allows for code inspection at higher abstraction levels, facilitating incident response procedures. However, the decompilation procedure has many challenges, such as opaque constructions, irreversible mappings, semantic gap bridging, among others. In this talk, we propose a new approach that leverages the human analyst expertise to overcome decompilation challenges. We name this approach “DoD—debug-oriented decompilation”, in which the analyst is able to reverse engineer the malware sample on his own and to instruct the decompiler to translate selected code portions (e.g., decision branches, fingerprinting functions, payloads etc.) into high level code. With DoD, the analyst might group all decompiled pieces into new code to

Read More

DeepSec 2019 Talk: Demystifying Hardware Security Modules – How to Protect Keys in Hardware – Michael Walser

Sanna/ November 20, 2019/ Conference

[Editorial note: Cryptography is one of our favourite topics. This is why we invited experts from sematicon AG to show some of their skills and help you navigate through the jungle of false promises by vendors, magic bullets, and misuse of the word „crypto“.] A secure crypto-algorithm is based on the fact that only the key needs to be kept secret, not the algorithm itself. The key is of high value and must be protected. In this talk we will have a look at how to protect keys and why a dedicated hardware is needed to make sure the key is kept secret and always under the control of the owner. Different use cases require different HSMs (Hardware Security Modules). We will have a look at data centres and cloud HSMs as well as

Read More

ROOTS 2019 Talk: Automatic Modulation Parameter Detection In Practice – Johannes Pohl

Sanna/ November 19, 2019/ ROOTS

Internet of Things (IoT) devices have to be small and energy efficient so that resources for security mechanisms tend to be limited. Due to the lack of open source or license free standards, device manufacturers often use proprietary protocols. Software Defined Radios (SDR) provide a generic way to investigate wireless protocols because they operate on nearly arbitrary frequencies, but they output sine waves that have to be demodulated. This demodulation process slows down security investigations because it forces researchers to start on the physical layer while the real reverse-engineering is performed on the logical layer. We contribute an auto-detection system that estimates all demodulation parameters of a wireless signal and, additionally, explicitly returns all these parameters so that they can be fine-tuned afterwards. This allows security researchers to skip the physical layer and work

Read More