HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"count": 9,
"next": null,
"previous": null,
"results": [
{
"code": "8HYV9D",
"speakers": [
{
"code": "YJLQCJ",
"name": "Chris John Riley",
"biography": "Staff Security Engineer, Information Security Engineering\r\n\r\nChris leads Google's Minimum Viable Secure Product (MVSP) efforts, and is part of Google\r\nsecurity teams efforts to help the world secure their software. Previously Chris was responsible\r\nfor leading vendor security assessment efforts and worked on the security of 3P security\r\nintegrations. Before joining Google, Chris was an IT security consultant who specialized in\r\nsecurity testing and research in the financial services sector across the United Kingdom,\r\nGermany, and Austria.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/5GVRxXWH36zsDGM_PhYR4wX.png"
}
],
"title": "Taking third-party risk in stride",
"submission_type": "Talk",
"track": null,
"state": "confirmed",
"abstract": "The 2022 Verizon Data Breach Investigations Report showed that 62% of system intrusion incidents came through a partner. To address this challenge, organisations across the industry have come together to design Minimum Viable Secure Product (MVSP) – a vendor-neutral security baseline that is designed to eliminate overhead, complexity and confusion during the procurement, RFP and vendor security assessment process by establishing minimum acceptable security baselines for enterprise B2B solutions. \r\nIn this presentation, we will talk about how Google uses MVSP, and the goals of the MVSP program to raise the minimum bar for enterprise software and services at scale.",
"description": "Presentation on how Google uses MVSP (mvsp.dev) to raise the minimum bar for enterprise security.\r\n\r\nMVSP is a baseline self-service checklist released under CC0 1.0 Universal license\r\n\r\nMVSP is designed to list the bare minimum controls (25) that must be in place for an enterprise product or service to be classed as secure.\r\n\r\n-Control Areas\r\n-Business controls\r\n-Application design controls\r\n-Application implementation controls\r\n-Operational controls\r\n\r\nGoals of MVSP:\r\n- Present clear minimum security requirements to third parties\r\n - Easily referenced in RFP (Request For Proposal) and procurement processes\r\n - Raising the bar slowly over time to drive industry improvements\r\n- Foundation for contractual language\r\n - Enforce minimum baseline through matching contractual language\r\n- Industry backing from top players in tech\r\n - Encouraging higher adoption and visibility\r\n - Opens the door to future third party security collaboration\r\n- Baseline/Checklist released creative commons\r\n - Removes barrier to access (compared to pay-walled standards)",
"duration": 30,
"slot_count": 1,
"do_not_record": true,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T12:00:00+01:00",
"end": "2023-11-18T12:30:00+01:00"
},
"image": "http://cfp.bsidesvienna.at/media/bsidesvienna-0x7e7/submissions/8HYV9D/logo_4pn7GTV.svg",
"resources": []
},
{
"code": "3QCXRM",
"speakers": [
{
"code": "TRGPWE",
"name": "Markus",
"biography": "For someone working in security management I have a very technical background, from backend development to system administration. I was a penetration tester, and a security engineer.",
"avatar": null
}
],
"title": "Tracking Broken Cloud Security Promises",
"submission_type": "Talk",
"track": null,
"state": "confirmed",
"abstract": "This talk introduces a new and open platform to track and compare cloud vendors and their broken promises about secure cloud operations. CVEs are not working for cloud vendors and we need a better way than tribal knowledge and smoke signals to communicate these issues. The platform provides a structured way to search and evaluate past security incidents at cloud vendors.",
"description": "OMIgod, BingBang, chinese APTs stealing signing keys, developers leaking high-sensitive access tokens and personal data, silently patching IDMSv2 to curb SSRF attacks, ... we need a better way than tribal knowledge and smoke signals to communicate these issues. There is currently no structured way to search, evaluate, track and compare issues with big cloud vendors. Our society relies more and more on cloud vendors. Their vulnerabilities are often unique and a broken process in a single cloud vendor can impact million of businesses and their customers. Cloud security is evolving slowly to have not only technological impacts, but also societal. We need a way to track their broken promises and enable us to make decisions based on a structured analysis of their track record.",
"duration": 30,
"slot_count": 1,
"do_not_record": false,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T13:20:00+01:00",
"end": "2023-11-18T13:50:00+01:00"
},
"image": null,
"resources": []
},
{
"code": "J9PVUT",
"speakers": [
{
"code": "X3N933",
"name": "Ines",
"biography": "Ines Kramer is research staff at the Competence Center for IT-Security at FH Campus Wien - University of Applied Sciences. The security evaluation of the telehealth applications was conducted during the Telehealth Blocks project from the Health Assisting Engineering program at FH Campus Vienna. This project was funded by the City of Vienna, Magistratsabteilung 23, Austria under Grant number MA23-338474-2021-2\r\nhttps://www.fh-campuswien.ac.at/en/studies/study-courses/it-security-master.html\r\nhttps://www.fh-campuswien.ac.at/en/studies/study-courses/health-assisting-engineering.html",
"avatar": null
}
],
"title": "What is Your Painlevel? - Testing Security and Privacy of Physiotherapy Mhealth Apps",
"submission_type": "Talk",
"track": null,
"state": "confirmed",
"abstract": "Physiotherapy mobile health (mhealth) applications facilitate the remote communication between practitioners and their patients. They process and keep track of sensitive health data such as pain levels and training exercises, which reveal health issues or physical impairment. In this presentation we give an introduction into the methodologies of our security and privacy evaluation of four selected physiotherapy mhealth apps commonly used in Austria. The static and dynamic analysis of the apps and web interfaces showed alarming results with plenty of room for improvement.",
"description": "",
"duration": 30,
"slot_count": 1,
"do_not_record": false,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T14:30:00+01:00",
"end": "2023-11-18T15:00:00+01:00"
},
"image": null,
"resources": []
},
{
"code": "F77CXK",
"speakers": [
{
"code": "ZT8YKP",
"name": "Davor Frkat",
"biography": "Security Engineer at an automotive supplier. Also likes trains. Based in Vienna.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/trains_AxZNlFh.png"
}
],
"title": "Automotive Security Challenges: Supplier's View",
"submission_type": {
"en": "Talk"
},
"track": null,
"state": "confirmed",
"abstract": "Security researchers often have more questions than answers in this domain. The aim of this talk is to give some insights from the supplier's view. So get in and let me take you on a short road-trip through the current threat landscape. Let me show you how the industry picks up speed on vulnerability and incident management, puts the brakes on emerging threats and put the pedal to the metal on new security features and solutions. New standards and regulations are popping up as traffic signs to lead the way, but there are many other challenges suppliers have to navigate through with car manufacturers, such as holistic vehicle system security.",
"description": "",
"duration": 50,
"slot_count": 1,
"do_not_record": true,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T11:05:00+01:00",
"end": "2023-11-18T11:55:00+01:00"
},
"image": null,
"resources": []
},
{
"code": "A7M3LP",
"speakers": [
{
"code": "YJGV3N",
"name": "Christopher Skallak",
"biography": "Christopher Skallak is currently an IT-Security masters student at FH Campus Vienna with high interest in Capture The Flag and Pentesting. His studies focus on embedded security, especially on the wireless communication protocols Bluetooth and Bluetooth Low Energy. He deepened his knowledge in his master's thesis by creating a Threat Model of Bluetooth Low Energy, which is based on the STRIDE model to categorize various vulnerabilities.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/chrisi_berry_clean_022IrCM.png"
}
],
"title": "Bluetooth LE Security & Threat Modeling",
"submission_type": "Talk",
"track": null,
"state": "confirmed",
"abstract": "This talk investigates security vulnerabilities of the wireless communication protocol Bluetooth Low Energy. The discovered vulnerabilities are united into a threat model using the STRIDE threat modeling approach. The vulnerabilities examined in this thesis range from packet sniffing on the physical layer to sophisticated Machine-in-the-Middle attacks that are built upon address spoofing and jamming attacks. The proposed threat model also identifies the optional and mandatory dependencies between the attack vectors.",
"description": "",
"duration": 30,
"slot_count": 1,
"do_not_record": false,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T09:30:00+01:00",
"end": "2023-11-18T10:00:00+01:00"
},
"image": null,
"resources": [
{
"resource": "/media/bsidesvienna-0x7e7/submissions/A7M3LP/resources/Bluetooth_LE_Security___Threat_Modeling_oz6CtP1.pdf",
"description": "Bluetooth LE Security & Threat Modeling"
}
]
},
{
"code": "GHURTB",
"speakers": [
{
"code": "UKUU9U",
"name": "Steffen Robertz",
"biography": "Steffen Robertz is a Security Consultant at SEC Consult who specializes in embedded systems. In his Job, he focuses on retrieving and reverse engineering of firmwares in order to find vulnerabilities. Due to his background as an electrical engineering student, he also takes interest in RF systems and hardware development. He already published multiple security advisories via the SEC Consult Vulnerability lab.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/picture_tMVZ2Cn.jpg"
},
{
"code": "8UZ3UP",
"name": "Gerhard Hechenberger",
"biography": "Gerhard Hechenberger is a Senior Security Consultant at SEC Consult who specializes in embedded systems and OT security and works in the SEC Consult Hardware Laboratory in Vienna. His main job is the assessment of embedded systems, IoT/OT devices and OT networks to uncover vulnerabilities. He is a holder of several IT security certificates and has already published multiple security advisories and blog posts.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/foto_ghe_Ll2Ky7q.png"
}
],
"title": "How to Hack Routers Like it's 1996: Adventures with Zyxel Routers",
"submission_type": "Talk",
"track": null,
"state": "confirmed",
"abstract": "Multiple Zyxel devices are prone to critical vulnerabilities resulting from insecure coding practices and insecure configuration. One of the worst vulnerabilities is an unauthenticated buffer overflow in the custom \"zhttpd\" webserver. By bypassing ASLR, the buffer overflow can be turned into an unauthenticated remote code execution (RCE). Besides that, multiple other vulnerabilities including unauthenticated file disclosure, authenticated command injection and processing of symbolic links on storage media were found in the firmware. \r\n\r\n This talk will detail the steps we took to analyze the embedded device and how we reverse engineered the webserver. Furthermore, we will showcase our Metasploit module that is able to gain a root shell on 50+ devices without authentication.",
"description": "",
"duration": 30,
"slot_count": 1,
"do_not_record": false,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T16:10:00+01:00",
"end": "2023-11-18T16:40:00+01:00"
},
"image": null,
"resources": []
},
{
"code": "PWDFZA",
"speakers": [
{
"code": "NYHFTY",
"name": "Martin Herfurt",
"biography": "Martin Herfurt is the founder and managing director of IT-Wachdienst, a small company from Salzburg that specializes in IT security solutions for SMEs. Martin Herfurt has many years of experience in the field of IT security and is a recognized expert in Bluetooth technology. He has made a significant contribution to the development of security standards for Bluetooth and has presented his research results at renowned conferences such as BlackHat and DEF CON.\r\n\r\nAs an IT security consultant and penetration tester, Martin Herfurt supports his customers in protecting their IT systems from attacks and optimizing their security processes. Among other things, he analyzed the security of the Tesla PhoneKey feature and made suggestions for improvements. Martin Herfurt is an innovative and committed entrepreneur who is constantly training and looking for new challenges.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/DSC01535_CKG1Lfg.jpg"
}
],
"title": "Project TEMPA - Hacking Teslas for Fun and NO Profit",
"submission_type": {
"en": "Talk"
},
"track": null,
"state": "confirmed",
"abstract": "If you own a Tesla, you might be familiar with the PhoneKey feature that lets you unlock and start your car with your smartphone. But did you know that this feature has some serious security flaws? In this talk, we will show you some of the ways hackers can exploit these vulnerabilities to steal or TEMPA with your Tesla. We will also discuss how Tesla has responded to these issues and whether they have fixed them or not.",
"description": "Tesla's PhoneKey-Feature is a convenient way to unlock and start your car using your smartphone. However, it also introduces some security risks that could compromise your vehicle or your personal data. In this talk, we will present some of the most significant vulnerabilities that have been discovered and exploited by researchers and hackers over the last two years. We will also discuss how Tesla has responded to these issues and what steps they have taken to improve the security of their PhoneKey-Feature.\r\nAlso, a few tools are going to be presented, that help fellow security researchers to learn more about Tesla's PhoneKey system.",
"duration": 55,
"slot_count": 1,
"do_not_record": false,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T10:05:00+01:00",
"end": "2023-11-18T11:00:00+01:00"
},
"image": null,
"resources": []
},
{
"code": "H9JFKZ",
"speakers": [
{
"code": "NBDH3Y",
"name": "Klaus Agnoletti",
"biography": "Klaus Agnoletti has been an all-round infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides København in 2019. Currently he's a freelance storytelling cyber security advisor specializing in security transformation and community focused marketing, employer branding, playing security games and other fun assignments and ideas coming his way.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/Klaus-2-cropped_4DlzeDo.jpg"
}
],
"title": "Gamified Incident Response training: The whys, whats and hows to get you started right away",
"submission_type": "Talk",
"track": null,
"state": "confirmed",
"abstract": "Tabletops are not a new thing in Incident Response training. But oftentimes they’re pretty dull. But wait! What if we made this into a game much like D&D. But instead of fighting orcs with magic you are fighting a realistic ransomware scenario armed with your D20 playing as the dexterous apprentice (who’s always the scapegoat, right?) along with the rest of your team.\r\n\r\nThat sounds awesome, right? You know what? It is!\r\n\r\nCome to my talk and I’ll tell you about my path to IR role playing, my experiences and how you can get started doing your own IR role playing games right away!",
"description": "Within the field of cyber security it’s pretty common to do a tabletop exercise (TTX) to train your capabilities to defend the business if - or rather - when a serious incident occurs.\r\n\r\nDuring these your team sits down around a table (or virtually), there’s an experienced facilitator there. Usually it’s an external consultant since your own security team needs to be trained as well. And usually it’s not that interesting. Sometimes it even tends to be dull. But you do it because you must check a compliance box and because it makes sense to be prepared.\r\n\r\nBut what if it wasn’t dull? What if it - literally - was a game instead that had a resemblance to those D&D games you played as a kid. But instead of being wizards, orcs and elfs on a magical journey you’re together with your team or management playing through realistic security incidents.\r\n\r\nGamification is becoming more and more popular in general - for a reason. In the shape of Incident Response (IR) training it can help your team to become better in a way where egos don’t get in the way (as they sometimes do). It can even improve teamwork and empathy by building better understanding between team members if you choose to play it with roles shuffled around, giving the CEO the possibility to feel the pressure of a forensic investigator, a communications officer or someone else. \r\n\r\nShortly put: IR roleplaying can up your game in a way an ordinary TTX just can’t. And on top of that it’s great fun. Training IR like this takes up the seemingly impossible task of making compliance fun (at least parts of it) without compromising the learning experience.\r\n\r\nIn my talk I’ll talk about my path to IR role playing, my experiences and how you can get started doing your own IR role playing games right away!",
"duration": 30,
"slot_count": 1,
"do_not_record": false,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T13:55:00+01:00",
"end": "2023-11-18T14:25:00+01:00"
},
"image": null,
"resources": []
},
{
"code": "Z7YPBD",
"speakers": [
{
"code": "LRDB7D",
"name": "Patrick Eisenschmidt",
"biography": "Patrick has worked for several years in the offensive security sector. With his current role as Red Team Lead at NVISO ARES (Adversarial Risk Emulation & Simulation) he is taking care of high profile Red Teams and Tiber Assessments while also leading the exposure activities.\r\n\r\nAdditionally, he also likes to get his hands dirty with creating sophisticated spear phishing campaigns and improving the Red Team's life by maintaining open-source methodology and tooling.",
"avatar": "http://cfp.bsidesvienna.at/media/avatars/IMG-20230216-WA0002_YbJSQns.jpg"
}
],
"title": "Introducing CS2BR - Teaching Badgers new Tricks",
"submission_type": {
"en": "Talk"
},
"track": null,
"state": "confirmed",
"abstract": "Staying under the radar and remaining undetected is one of our priorities during Red Teaming assessments. After all, we’re simulating real threat actors and want to reach our objectives without raising any suspicion. This becomes a more and more challenging task as new defences are implemented, requiring us to add new tools and techniques to our tool belt. Occasionally, though, there is a new technique that brings a broad set of features and doesn’t leave countless traces. This talk is about one such technique: beacon object files (BOFs)!\r\n\r\nBOFs aren’t exactly the new hot stuff, as a matter of fact, they’ve been around for more than two years now. In those two years, a de-facto BOF standard has been adapted by many C2 frameworks out there. But what happens when your C2 doesn’t support it? Will you need to fall back to other, potentially less safe, alternative techniques?\r\n\r\nThat’s a problem we faced and decided to solve when we worked with Brute Ratel C4, which doesn’t support Cobalt Strike’s de-facto BOF standard API. In this talk, we’ll dig deep into the COFF format, show how the Cobalt-Strike de-facto standard is incompatible with Brute Ratel’s and how we established full compatibility between the two. A tool that automates this task and a blog post series about it will be released, accompanying the talk.",
"description": "The presentation is divided into four sections:\r\n\r\nI. Intro: About C2s and BOFs: First we’ll make sure that everyone is on the same page by briefly discussing C2 frameworks (esp. CS and BR) and BOFs (esp. the format and why they’re useful).\r\n\r\nII. BOF APIs: Not exactly best practice: In this section we’ll show that there is a de-facto standard to BOF APIs and how that standard isn’t compatible with Brute Ratel’s BOF API, resulting in a conceptual incompatibility between the two. Then we’ll show how others solved related problem in the past (e.g. TrustedSec’s COFFLoader) and how we can adopt and improve upon their approach.\r\n\r\nIII. Making it work: Sources & binaries: This section discusses two approaches we worked through to solve the problem at hand. The first approach we present is based on the idea that we can patch any BOF’s source code and make it include a compatibility layer. Then. we point out the advantages and disadvantages of this approach. The second approach addresses a shortcoming of the first approach and aims to patch compiled, binary BOFs instead of source code. We’ll show how we proceeded there and how and why we failed there.\r\n\r\nIV. Where to go from here: At this point we’re summing up the talk and drawing conclusions. We’ll briefly go into the exact problem statement, how we approached it and how far we got. Eventually, we point out that (with some constraints), we managed to work out a workflow to finally (and semi-automatically) make CS BOFs work in BR.",
"duration": 60,
"slot_count": 1,
"do_not_record": false,
"is_featured": false,
"content_locale": "en",
"slot": {
"room": {
"en": "Badeschiff"
},
"start": "2023-11-18T15:05:00+01:00",
"end": "2023-11-18T16:05:00+01:00"
},
"image": null,
"resources": []
}
]
}
