Category Archives: HITBSecConf

Researchers to present new software and hardware vulnerabilities at HITB Amsterdam

Posted on by

Users assume the underlying hardware and software system, mobile antivirus, password managers and encryption technology will protect them from malicious attacks on their communications. Upcoming research at the HITB Security Conference in Amsterdam suggests to think twice before trusting mobile security blindly and shows that security is not a final product, but rather a bumpy process. Auditing Femtocells To secure communication via mobile devices, layered security includes secure mobile network devices. In Femtocell Hacking: From … More Continue reading Researchers to present new software and hardware vulnerabilities at HITB Amsterdam

Machine learning in information security: Getting started

Posted on by

Machine learning (ML) technologies and solutions are expected to become a prominent feature of the information security landscape, as both attackers and defenders turn to artificial intelligence to achieve their goals. “The advent of machine learning in security comes alongside the increased capability for collecting and analyzing massive datasets on user behavior, client characteristics, network communications, and more. As we have already witnessed in many other technological domains, I think machine learning will become the … More Continue reading Machine learning in information security: Getting started

Featured talks at the upcoming Hack In The Box Security Conference

Posted on by

The 8th annual Hack In The Box Security Conference in Amsterdam will feature brand new 2 and 3-day hands-on technical trainings covering a wide variety of topics from Linux kernel exploitation techniques to advanced malware analysis and more. Following on from these training sessions, there will be a 2-day multi-track format conference (quad track with 120-minute hands-on labs), a technology exhibition, capture the flag competition, lock picking village, soldering area with Mitch Altman, a hardware … More Continue reading Featured talks at the upcoming Hack In The Box Security Conference

Hacking smart cities: Dangerous connections

Posted on by

Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets. We’re not just talking about devices such as home lightning systems or audio receivers anymore. Today, we are witnessing a surge in the development of smart buildings, routinely plagued by … More Continue reading Hacking smart cities: Dangerous connections

Hypervisor wiretap feature can leak data from the cloud

Posted on by

Bitdefender has discovered that encrypted communications can be decrypted in real-time using a technique that has virtually zero footprint and is invisible to anyone except extremely careful security auditors. The technique, dubbed TeLeScope, has been developed for research purposes and proves that a third-party can eavesdrop on communications encrypted with the Transport Layer Security (TLS) protocol between an end-user and a virtualised instance of a server. The attack makes it possible for a malicious cloud … More Continue reading Hypervisor wiretap feature can leak data from the cloud

What 17 years as an infosec trainer have taught me

Posted on by

July 2016 shall see me complete 17 years in the infosec training circuit. It has been an amazing journey, with humble beginnings. How it all started I had a strong academic background in Computer Science – Operating Systems, TCP/IP and Cryptography. I was fortunate to work on my master’s degree under Eugene Spafford in the COAST lab (now CERIAS) at Purdue. The late 90s witnessed a meteoric rise of what became known as Silicon Valley … More Continue reading What 17 years as an infosec trainer have taught me

Developing the perfect exfiltration technique

Posted on by

At SafeBreach, one of our major research areas is exfiltration (sending sensitive data out of the corporate network). In one of our research projects in late 2015, we set out to find the perfect exfiltration technique. At that time, we didn’t quite know what it would encompass, but we were determined to find out. Now, when considering exfiltration data from an enterprise, it makes sense to look for covert channels. Otherwise the security policy (implemented … More Continue reading Developing the perfect exfiltration technique

Investigating exploit kits: Clear and present danger

Posted on by

Nick Biasini is the Outreach Engineer at Cisco Talos. He has researched a wide range of topics including exploit kits and various malware campaigns being distributed through email. Biasini is presenting at HITBSecConf Amsterdam 2016 this spring. Come see his session, Exploit Kits: Hunting the Hunters, on May 26, 2016. In this interview he discusses the challenges involved in the investigation of new exploit kits, talks about surprising details he uncovered during his research, and … More Continue reading Investigating exploit kits: Clear and present danger

Detect observation and evade theft of sensitive data

Posted on by

Jacob Torrey is an Advising Research Engineer at Assured Information Security, where he leads the Computer Architectures group. He has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. Torrey is presenting at HITBSecConf Amsterdam 2016 this spring. Come see his session, Using the Observer Effect … More Continue reading Detect observation and evade theft of sensitive data