Speakers (preliminary) - DeepSec IDSC 2021 Europe

Advanced Deployment and Architecture for Network Traffic Analysis

Peter Manev, Eric Leblond & Josh Stroschein (Open Information Security Foundation)

Network-based threat detection is crucial for developing a comprehensive security strategy, whether it is on-premise or in the cloud. In Advanced Deployment and Architecture for Network Traffic Analysis, you will learn how to maximize the visibility that Suricata can provide in your network. You will gain deep technical understanding and hands on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage and integration scenarios. Tuning and optimizing Suricata for threat/anomaly detection, file extraction, and/or protocol detection are critical for a successful deployment. You will also learn traditional and non-traditional tips, tricks and techniques to implement Suricata and its newest features, based on real-world deployment experiences to include cloud-based deployments. This class also offers a unique opportunity to bring in-depth use cases, questions, and challenges directly to the Suricata team. By the end of this course you will be able to successfully design, deploy, implement, optimize and hunt with your high-performance Suricata deployment.

Peter Manev: Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA lead, currently a Suricata executive council member. Peter has 15 years experience in the IT industry, including enterprise and government level IT security practice. As an adamant admirer and explorer of innovative open source security software he is also one of the creators of SELKS - an open source threat detection security distro. He is also one of the founders of Stamus Networks, a company providing security solutions based on Suricata.

Eric Leblond: Eric is an active member of the security and open source communities. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He works on the development of Suricata, the open source IDS/IPS since 2009 and he is currently one of the Suricata core developers. He is also one of the founders of Stamus Networks, a company providing security solutions based on Suricata.

Josh Stroschein is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activities for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight and a threat researcher for Bromium.

Hacking Modern Desktop Apps: Master the Future of Attack Vectors

Abraham Aranguren & Anirudh Anand (7ASecurity LLLP)

This course is a 100% hands-on deep dive into the OWASP Security Testing
Guide and relevant items of the OWASP Application Security Verification
Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.
Long gone are the days since desktop apps were written in Delphi. What have
Microsoft Teams, Skype, Bitwarden, Slack and Discord in common? All of them are
written in Electron: JavaScript on the client.

Modern desktop apps share traditional attack vectors and also introduce new
opportunities to threat actors. This course will teach you how to review modern
desktop apps, showcasing Node.js and Electron but using techniques that will
also work with any other desktop app platform. Ideal for Penetration Testers,
Desktop App Developers as well as everybody interested in
JavaScript/Node.js/Electron app security.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with: 1.5 hour workshop - https://7asecurity.com/free-workshop-desktop-apps

All action, no fluff, improve your security analysis workflow and immediately apply
these gained skills in your workplace. Packed with exercises, extra mile
challenges and CTF, self-paced and suitable for all skill levels, with continued
education via unlimited email support and lifetime access to our training portal with
step-by-step video recordings and interesting apps to practice, including all future
updates for free.

Abraham Aranguren: After 13 years in ITsec and 20 in IT Abraham is now the CEO of 7ASecurity (​7asecurity.com​), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB,
OWASP Global AppSec and many other events. Former senior penetration tester / team
lead at Cure53 (​cure53.de​) and Version 1 (​www.version1.com​). Creator of “Practical
Web Defense” - a hands-on eLearnSecurity attack / defense course
(​www.elearnsecurity.com/PWD​), OWASP OWTF project leader, an OWASP flagship
project (​owtf.org​), Major degree and Diploma in Computer Science, some certs: CISSP,
OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a
shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He
writes on Twitter as ​ @7asecurity​ ​ @7a_​ ​ @owtfp​ or ​ https://7asecurity.com/blog​ . Multiple
presentations, pentest reports and recordings can be found at

Anirudh Anand:
Anirudh Anand is a security researcher with a primary focus on Web and Mobile
Application Security. He is currently working as a Senior Security Engineer at ​ CRED​ and
also as a Security Trainer at ​7asecurity​. He has been submitting bugs and contributing to
security tools for over 7 years. In his free time, he participates in CTF competitions along
with ​Team bi0s​ (#1 security team in India according to CTFtime). His bounties involve
vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and
Anirudh is an open source enthusiast and has contributed to several OWASP projects
with notable contributions being in OWTF and Hackademic Challenges Project. He has
presented/trained at a multitude of conferences including c0c0n 2019, BlackHat Arsenal
2019, BlackHat Europe Arsenal 2018, HITB Dubai 2018, Offzone Moscow 2018, Ground
Zero Summit Delhi 2015 and Xorconf 2015.

How to Break and Secure Single Sign-On (OAuth and OpenID Connect)

Karsten Meyer zu Selhausen (Hackmanit GmbH)

Single sign-on protocols are one of the most important Internet technologies and are used by countless applications. Security plays a critical role when using systems based on standards such as OAuth and OpenID Connect. Successful attacks allow hackers to bypass authentication or to access confidential user data. In this training, you will learn all security aspects relevant to single sign-on based on OAuth and OpenID Connect. You will learn which serious attacks exist and get the chance to try them yourself in our test environment. Finally, you will learn how to test and defend your own systems against these attacks.

Karsten Meyer zu Selhausen has several years of experience in the fields of secure deployment and secure use of well-known single sign-on standards, such as OAuth, OpenID Connect and SAML.

He works as an IT security consultant, penetration tester and trainer for Hackmanit GmbH since 2016. During his master degree in IT Security at the Ruhr-University Bochum, he specialized on the security of protocols for delegated authorization and authentication, as well as data description languages, such as XML and PDF. He gained profound expertise in the security of single sign-on procedures, such as OAuth, OpenID Connect and SAML, during numerous consulting projects and penetration tests. Karsten frequently shares his knowledge and experience with customers from various industry fields in IT security training courses.

Mobile Network Operations and Security

David Burgess (-)

This workshop describes basic functions and security shortcomings in mobile
networks, both in the core network and in radio network, for GSM, UMTS, LTE
and 5GNR. The material is intended for individuals in the areas of
journalism, international aid, corporate security, and the law, who have or
who work with people who have specific security concerns and want to
better understand what is really happening in their phones and in the
mobile networks that serve those phones.

The workshop will start with an overview of cellular technology in general
and types of security flaws common to all mobile networks, and then
proceed to specific examples for different network segments and technology
types. The workshop will include demonstrations of some security failures
and deeper analysis of specific events reported in the popular press. The
goal of the workshop is to give attendees a good grasp of key concepts in
mobile network operation and the security implications, while avoiding
unnecessary technical details. Questions and discussion are welcome and

This workshop covers the mobile network, handset baseband, and SIM only,
and does not address Android, iOS or application-layer security.

David Burgess has worked in telecommunications since 1998, first in signals
intelligence and then in commercial network equipment. He is probably best
known as the primary author of OpenBTS, but has written complete stacks for
other cellular radio protocols as well. David’s company, Legba, provides
mobile network equipment and test equipment for small network operators,
embedded systems developers, and special applications. David also writes
about telecommunications and does occasional work as an expert in legal

Pentesting Industrial Control Systems

Arnaud Soullié (RS formation et conseil)

In this intense 2-day training, you will learn everything you need to start pentesting Industrial Control Networks. We will cover the basics to help you understand the most common ICS vulnerabilities. We will then spend some time learning and exploiting Windows & Active Directory weaknesses, as most ICS are controlled by Windows systems.
We will cover the most common ICS protocols (Modbus, S7, OPC…), analyze packet captures and learn how to use these protocols to talk to Programmable Logic Controllers (PLCs). You will learn how to program a PLC, to better understand how to exploit them.
The training will end with a challenging hands-on exercise: The first CTF in which you capture a real flag! Using your newly acquired skills, you will try to compromise a Windows Active Directory, pivot to an ICS setup to take control of a model train and robotic arms.
Moreover, the training doesn’t stop on the last day! Each participant will receive a 30-day access to an elearning portal, which allows to watch the training content on video, as well as to perform all the exercises on a cloud platform.

Arnaud Soullié (@arnaudsoullie) is a manager at Wavestone. For 10 years, he has been performing security audits and pentests on all type of targets. He specializes in Industrial Control Systems and Active Directory security. He has spoken at numerous security conferences on ICS topics : BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an open­source data diode aimed at ICS.