Tag Archive

DeepSec 2018 Talk: Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests – Tomasz Tuzel

Published on September 3, 2018 By sanna

Over the last decade we have seen a rapid rise in virtualization-based tools in which a hypervisor is used to gain insight into the runtime execution of a system. With these advances in introspection techniques, it is no longer a question of whether a hypervisor can be used to peek inside or even manipulate the […]

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

Published on September 10, 2014 By René Pfeiffer

All good defences start with some good ideas. The is also true for information security. DeepSec 2014 features a presentation by Vlado Luknar who will give you decent hints and a guideline on how to approach the dreaded risk assessment with readily available tools. We have kindly asked Vlado to give you a detailed teaser […]

DeepSec 2013 Video: CSRFT – A Cross Site Request Forgeries Toolkit

Published on February 14, 2014 By René Pfeiffer

While Cross Site Request Forgery (CSRF) is an attack that is primarily targeted at the end user, it still affects web sites. Some developers try to avoid it by using secret cookies or restricting clients to HTTP POST requests, but this won’t work. The usual defence is to implement unique tokens in web forms. CSRF […]

DeepSec 2013 Talk: CSRFT – A Cross Site Request Forgeries Toolkit

Published on November 9, 2013 By René Pfeiffer

Cross Site Request Forgery (CSRF) is a real threat to web users and their sessions. To quote from the OWASP web site: „CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack […]

Talk: Ground BeEF – Cutting, devouring and digesting the legs off a Browser

Published on October 4, 2011 By René Pfeiffer

Web browsers have turned into industrial standard software. There’s no office, no company, no network, no client any more that does not use web browsers for at least one task. Any attacker can safely assume that browser software will be present in most target networks. Sadly browser security has not kept up with the spread […]