BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.bsidesvienna.at//
BEGIN:VTIMEZONE
TZID:Europe/Vienna
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-RPTFZ7@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T093500
DTEND;TZID=Europe/Vienna:20251122T103500
DESCRIPTION:In his book “The Great Train Robbery” Michael Crichton deta
ils the events of a Victorian era train robbery involving an underage pros
titute and a child scaling buildings. Although these methods are unlikely
to be included in a modern letter of engagement\, the case of the most fam
ous train robbery of its time has some interesting parallels to modern day
physical security. It will remind us that core principals rarely change\,
humans always play a key role in security systems\, and will hopefully re
kindle your joy for heist stories.\n\nAs a result\, this talk shares the s
tory of The Great Train Robbery\, enriched by my adventures and research i
nto replicating multiple hacks. We will explore duplicating keys\, crackin
g safes\, physical recon and many more fun hacks that still today have a s
urprising resemblance to their Victorian era counterparts.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:The Great Train Robbery - Hacking Like It's 1855 - Paul Zenker
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/RPTFZ7/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-TQTFXR@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T093500
DTEND;TZID=Europe/Vienna:20251122T113500
DESCRIPTION:A lot of companies are bragging with their "AI enabled Security
Testing Solutions"\, and a lot of them are not very good. Learn how you c
an build your own that is less bad\, more fun and best of all\, understand
what is actually possible at the moment and what most definitely is not (
no matter what certain marketing departments claim).
DTSTAMP:20260514T111848Z
LOCATION:Workshop Room
SUMMARY:Hacking with AI\, how to have some fun - Manuel Reinsperger
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/TQTFXR/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-ALANTS@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T093500
DTEND;TZID=Europe/Vienna:20251122T100500
DESCRIPTION:Top software vulnerability lists like OWASP Top 10 or CWE Top 2
5 are well-known and used broadly across the industry. They shape how we t
alk about software vulnerabilities and guide us to focus on certain vulner
abilities over others. But how well do they hold up in the real world? A
re there any blind spots that are not covered by the most prominent lists?
\nTo answer this question\, I aggregate results from over 400 web applic
ation penetration tests in the last four years.\n\nIn this talk\, I will w
alk through how these “top vulnerability” lists are created\, what tra
de-offs they make\, and where they fall short. \nFinally\, we will compar
e their priorities against real-world data from a mid-sized penetration te
sting team and see which issues actually show up again and again in practi
ce.
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:The OWASP Top 10 Looks Different From the Trenches - Fabian Funder
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/ALANTS/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-HT3LTA@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T101000
DTEND;TZID=Europe/Vienna:20251122T104000
DESCRIPTION:NPM recently made headlines in the history of supply chain secu
rity. Malware in package registries is\, of course\, a broader problem. Un
like mobile app stores\, popular package registries often do not have enou
gh resources for reviews\, and so do not require any prior approval for pu
blication. The Python Package Index is another major player who relies on
external reports to detect and remove malicious packages. In this talk\, I
will present how existing tools can be used for the static and dynamic an
alysis of Python packages. I will also provide a brief recap of my almost
two-year nighttime hunting for malicious packages in PyPI\, and offer my s
ubjective view on what has changed and what remains challenging in securin
g the Python packaging environment.
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:Hunting Bad Snakes - Kamil Mańkowski
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/HT3LTA/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-BRVR3G@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T104000
DTEND;TZID=Europe/Vienna:20251122T112500
DESCRIPTION:There is a common saying that "every problem in cryptography ca
n be reduced to key management problem". What if we could make life easier
for us in this area?\nTPMs (Trusted Platform Modules) have been a fixed p
art of every standard PC for many years\, providing all users with a "free
" hardware that can be used for all kinds of cryptography. \nThey are alre
ady widely in use by most operating systems and firmwares\, but haven't re
ally found usage for userspace applications yet.\n\nThis talk elaborates w
hy this is the case and how to change this fact. We are going to discuss t
he capabilities of a TPM and demonstrate with a sample application\, a TOT
P client which stores its secrets securely.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:The TPM and You - How (and why) to actually make use of your TPM -
Mathias Tausig
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/BRVR3G/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-WCHVWJ@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T104500
DTEND;TZID=Europe/Vienna:20251122T111500
DESCRIPTION:You already know\, what we talking about\, right? \;)\nIf not\,
this is named lock picking and it is for fun.\nOf course\, we also talk a
bout the locks itself.\nSo\, if you want to know\, how locks work or how t
o open them nondestructive with lock picks\, than\, you are welcome.
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:How to open nondestructive a lock with some handy tools? - deac\, B
en
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/WCHVWJ/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-YX33SP@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T112000
DTEND;TZID=Europe/Vienna:20251122T115000
DESCRIPTION:Most benchmarks make your EDR\, IDS\, or SIEM look great - unti
l a human attacker shows up. \n\nIn a 9-hour live challenge\, 60 specialis
ts from leading security companies and universities\, all with deep expert
ise in offensive cyber operations\, formed 12 international red teams from
the UAE to Ireland. Their mission: infiltrate and evade detection in a mu
lti-layer\, multi-stage IT/OT environment built for realism\, featuring mu
ltiple Active Directories\, segmented networks\, and digital twins of PLCs
.\n\nThe testbed\, implemented entirely via Infrastructure-as-Code and val
idated by Austrian critical infrastructure providers\, hosted two high-sta
kes objectives: (1) take over the Enterprise IT network of Plumetech\, a f
ictitious company serving as the scenario base\, and (2) manipulate the OT
control network to leak chemicals by taking over a PLC.\n\nThe twist: ach
ieve both objectives without being detected by a layered stack of open-sou
rce and leading commercial EDR\, IDS\, and SIEM solutions. Each team opera
ted in its own isolated infrastructure\, had access to live detection logs
\, and could reset their environment at will\, forcing them to balance spe
ed\, stealth\, and adaptability under real-world constraints.\n\nThis sess
ion reveals the tactics that worked\, the detections that failed\, and a c
omparison of leading commercial and open-source IDS along with the code\,
recorded live data\, and detection rules you can use to strengthen your ow
n defenses.
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:StealthCup: Red Team Evasion Attempts vs. Modern EDR/IDS/SIEM in a
Multi-Stage IT/OT CTF - Manuel Kern
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/YX33SP/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-3QNUWE@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T113000
DTEND;TZID=Europe/Vienna:20251122T120000
DESCRIPTION:Over the past one to two years\, we have observed a growing int
erest in security assessments within the physical domain. This interest ex
tends beyond traditional social engineering engagements and increasingly f
ocuses on evaluating how well physical security measures withstand convent
ional break-in attempts. In this talk\, we will outline our approach to co
nducting physical security assessments\, highlighting the methodologies we
apply to simulate realistic attack scenarios. Additionally\, we will disc
uss common pitfalls encountered during such engagements and share practica
l insights on how to avoid them.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:Physical security assesments�- what could possibly go wrong? - Gabo
r Szivos\, Darius Beckert
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/3QNUWE/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-E9KQW8@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T130500
DTEND;TZID=Europe/Vienna:20251122T150500
DESCRIPTION:After visiting the talk about lock picking\, you want to try it
?\nOf course\, if you didn't visit the talk\, you can participant on the w
orkshop\, too.\n\nWe provide some lock picking tools and some locks.\nWith
this tools\, it should be possible for everybody\, to open some of these
locks.
DTSTAMP:20260514T111848Z
LOCATION:Workshop Room
SUMMARY:I want to open a lock. - deac\, Ben
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/E9KQW8/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-9ZRUAL@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T130500
DTEND;TZID=Europe/Vienna:20251122T140500
DESCRIPTION:The perpetual cat-and-mouse game between attackers and defender
s has\npushed offensive security operators to innovate. While enterprise s
ecurity\nteams have become adept at identifying and blocking malicious Off
ice\ndocuments\, suspicious executables\, and known phishing URLs\, a sign
ificant\nblind spot often remains: the gray area of "benign" file formats
that are\nimplicitly trusted by both users and security tools. This talk w
ill arm\nattendees with the knowledge to identify and leverage these blind
spots in\nred team engagements.\n\nWe will begin by exploring the strateg
ic shift from noisy\, high-volume\nattacks to stealthy\, low-profile techn
iques designed to circumvent modern\nEDR\, email gateways\, and web proxie
s. We'll discuss why certain file types\nand delivery mechanisms succeed w
here others fail\, focusing on the\ntechnical elements that make them effe
ctive. This includes exploiting the\nbrowser's rendering engine and abusin
g features in file formats that were\nnever intended for malicious use. Th
e mainpart of the presentation is a\ndetailed\, step-by-step walkthrough o
f an attackchain using a weaponized\nSVG image\, infecting a user with mal
ware and spreading laterally with\nintune.\n\nWe will demonstrate the enti
re attack chain:\n\n-) Crafting the Lure: Creating a malicious SVG that\,
when opened\, executes\nthe malicious content.\n-) Delivery & Execution: D
iscussing methods for delivering the payload and\ngiving alternatives to S
VG images.\n-) Infection & Lateral Movement: Showcasing how the malware ge
ts executed\nand how Microsoft Intune can be used afterwards to move later
ally through\nthe network.\n\nBeyond the SVG case study\, we will briefly
cover other unconventional\nvectors to broaden the audience's perspective.
\nAttendees will leave this session with a new arsenal of TTPs. Red teamer
s\nwill learn how to build more sophisticated and evasive initial access\n
campaigns. Blue teamers and defenders will gain insights into these\nemerg
ing threats\, learning what artifacts to hunt for.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:How To Breach: From Unconventional Initial Access Vectors To Modern
Lateral Movement - Benjamin Floriani\, P'atrick Pong
atz
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/9ZRUAL/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-V8FYY7@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T134000
DTEND;TZID=Europe/Vienna:20251122T135500
DESCRIPTION:Secure coding challenges in CTFs typically ask participants to
patch vulnerabilities in (web-) application code. But what happens when th
e validation system itself is vulnerable and not so ... secure?\n\nThis ta
lk examines the irony of breaking security challenges by attacking the inf
rastructure and demonstrates the exploitation techniques against os.popen(
).
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:how malicious code pwned a secure coding CTF - Markus
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/V8FYY7/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-JFE9UX@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T141000
DTEND;TZID=Europe/Vienna:20251122T151000
DESCRIPTION:This is a true story about how an application penetration test
ordered by a bank ended in a successful robbery. This presentation will sh
ow anyone who has ever wondered what kind of damage can be done through a
payment terminal. As usual\, a collection of seemingly innocent little fin
dings that\, when put together like a puzzle\, become dangerous.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:How to rob a bank using a payment terminal - Marcin Ochab
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/JFE9UX/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-FYN3TX@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T141000
DTEND;TZID=Europe/Vienna:20251122T151000
DESCRIPTION:Cybersecurity professionals operate in high-pressure\, fast-pac
ed environments\, making mental health challenges such as imposter syndrom
e\, burnout\, stress\, and anxiety common yet often overlooked. This sessi
on explores each of these challenges\, providing insights into how they ma
nifest and impact both personal well-being and professional performance. A
ttendees will learn practical coping strategies and tools tailored to each
issue\, helping them build resilience\, maintain balance\, and thrive in
their cybersecurity careers. The talk also highlights resources and approa
ches for ongoing support\, empowering participants to take proactive steps
toward better mental health.
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:Self Pwning - Sam Macdonald
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/FYN3TX/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-7SNWWX@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T151000
DTEND;TZID=Europe/Vienna:20251122T171000
DESCRIPTION:In this hands-on workshop\, participants will dive into fundame
ntal security configurations that form the backbone of enterprise defenses
. We will cover key topics such as SMB signing\, client hardening\, and th
e secure use of common network protocols. Attendees will not only gain a s
olid understanding of why these settings matter\, but also see how misconf
igurations can be abused in real-world attack scenarios.\n\nIn our dedicat
ed lab environment\, we will work together to apply and test effective rem
ediations\, ensuring that every highlighted vulnerability is paired with a
practical and reliable solution. By the end of the session\, attendees wi
ll walk away with skills to both recognize and securely configure these es
sential controls in their own environments.
DTSTAMP:20260514T111848Z
LOCATION:Workshop Room
SUMMARY:Essential Security Configurations and How To Exploit Them - Benjami
n Floriani\, P'atrick Pong
atz
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/7SNWWX/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-VCQATE@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T151500
DTEND;TZID=Europe/Vienna:20251122T160000
DESCRIPTION:Command and Control (C2) frameworks are indispensable in modern
red teaming and penetration testing. They enable operators to execute pos
t-exploitation tooling\, maintain access to compromised systems\, all whil
e keeping track of executed commands and their outputs. For the past coupl
e of months\, I have been working on developing a C2 framework from scratc
h using the Nim programming language\, and have since implemented core fea
tures\, such as secure C2 traffic encryption\, a malleable C2 profile syst
em\, sleep obfuscation and many more.
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:How I built a C2 framework from scratch and why you should(n't) do
the same. - Jakob Friedl
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/VCQATE/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-GZGG9U@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T151500
DTEND;TZID=Europe/Vienna:20251122T160000
DESCRIPTION:Open source software powers the modern internet\, but our suppl
y chain is increasingly under siege. Recent npm incidents—including the
Shai-Hulud worm—highlight how easily malicious code can spread through t
rusted ecosystems. This talk explores the latest attacks\, key lessons fro
m the trenches\, and practical strategies every developer\, security engin
eer\, and maintainer can adopt today.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:Sandworms in the Supply Chain: Surviving Shai-Hulud and Other Open-
Source Nightmares - Ondrej Fitzek
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/GZGG9U/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-3URMQS@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T160500
DTEND;TZID=Europe/Vienna:20251122T170500
DESCRIPTION:This talk looks at operations on Linux targets beneath commands
and programs and frames them as executing a series of system calls withou
t fussing about too much with higher-level details\, then employs that per
spective to rejigger the meat and potatoes of Linux operations just enough
to make detection that much harder.
DTSTAMP:20260514T111848Z
LOCATION:Track 2
SUMMARY:Living Under the Land on Linux - Stuart McMurray
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/3URMQS/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-EEEHHR@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T160500
DTEND;TZID=Europe/Vienna:20251122T170500
DESCRIPTION:Discover the critical role of mainframe computing in today's di
gital landscape. This talk delves into the enduring relevance of mainframe
s\, exploring how they underpin many of the world's most essential systems
. We will address a series of emerging challenges that\, if left unchecked
\, could converge into a perfect storm\, threatening the stability and sec
urity of these vital infrastructures. The session culminates with a live d
emonstration\, showcasing a real-time hack of a mainframe\, to highlight v
ulnerabilities and the importance of robust security measures.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:z/OS for GenZ - Hack the Mainframe - Jonathan Prince
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/EEEHHR/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-NELYW3@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T171000
DTEND;TZID=Europe/Vienna:20251122T181000
DESCRIPTION:DEF CON CTF is equal parts research sprint\, incident response
drill\, and controlled chaos. In this talk\, we recount how the Austrian t
eam KuK Hofhackerei navigated the road from online qualifiers to the Las V
egas finals.\nWe’ll demystify the game formats (attack-defense\, king of
the hill\, livectf)\, show how we structured roles and handoffs under pre
ssure (triage\, exploit\, patch\, ops)\, and share the infrastructure that
kept us moving. Beyond the technicals\, we cover comms discipline\, fatig
ue management\, and how to turn failures into momentum mid-game.
DTSTAMP:20260514T111848Z
LOCATION:Track 1
SUMMARY:From Vienna to Vegas: Lessons from DEF CON CTF with KuK Hofhackerei
- Manuel Reinsperger\, Jonas Konrad
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/NELYW3/
END:VEVENT
END:VCALENDAR