{"schedule": {"version": "0.4", "base_url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/schedule/", "conference": {"acronym": "bsidesvienna-0x7e9-2025", "title": "BSidesVienna 0x7E9", "start": "2025-11-22", "end": "2025-11-22", "daysCount": 1, "timeslot_duration": "00:05", "rooms": [{"name": "Track 1", "guid": null, "description": null, "capacity": 200}, {"name": "Track 2", "guid": null, "description": null, "capacity": 50}, {"name": "Workshop Room", "guid": null, "description": null, "capacity": 25}], "days": [{"index": 1, "date": "2025-11-22", "day_start": "2025-11-22T04:00:00+01:00", "day_end": "2025-11-23T03:59:00+01:00", "rooms": {"Track 1": [{"id": 597, "guid": "6c736a30-d5f5-566b-b9ba-d4227875a56e", "logo": "", "date": "2025-11-22T09:35:00+01:00", "start": "09:35", "duration": "01:00", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-597-the-great-train-robbery-hacking-like-it-s-1855", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/RPTFZ7/", "title": "The Great Train Robbery - Hacking Like It's 1855", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "In his book \u201cThe Great Train Robbery\u201d Michael Crichton details the events of a Victorian era train robbery involving an underage prostitute and a child scaling buildings. Although these methods are unlikely to be included in a modern letter of engagement, the case of the most famous train robbery of its time has some interesting parallels to modern day physical security. It will remind us that core principals rarely change, humans always play a key role in security systems, and will hopefully rekindle your joy for heist stories.\r\n\r\nAs a result, this talk shares the story of The Great Train Robbery, enriched by my adventures and research into replicating multiple hacks. We will explore duplicating keys, cracking safes, physical recon and many more fun hacks that still today have a surprising resemblance to their Victorian era counterparts.", "description": "This talk is first and foremost an excuse for me to retell the story of The Great Train Robbery and to share my love for Michael Crichton\u2019s book. But because I work in security, I could not stop myself from reading this book and asking myself: \u201cHow would this work?\u201d, \u201cDoes this apply to today\u2019s environments?\u201d and most importantly, \u201cI want to try this myself!\u201d. \r\n\r\nAs a result, this talk shares the story of The Great Train Robbery, enriched by my adventures and research into replicating multiple hacks. We will explore duplicating keys, cracking safes, physical recon and many more fun hacks that still today have a surprising resemblance to their Victorian era counterparts.", "recording_license": "", "do_not_record": false, "persons": [{"id": 584, "code": "MJ3KNB", "public_name": "Paul Zenker", "biography": "Paul is a security consultant for KPMG. His training is largely in pentesting, Red Teaming and threat intelligence, but physical security has always been near and dear to his heart. He consults customers in the areas of cybersecurity, physical security and AI security.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 615, "guid": "f98f554c-81ad-5f2b-8247-e12ea07333cf", "logo": "", "date": "2025-11-22T10:40:00+01:00", "start": "10:40", "duration": "00:45", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-615-the-tpm-and-you-how-and-why-to-actually-make-use-of-your-tpm", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/BRVR3G/", "title": "The TPM and You - How (and why) to actually make use of your TPM", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "There is a common saying that \"every problem in cryptography can be reduced to key management problem\". What if we could make life easier for us in this area?\r\nTPMs (Trusted Platform Modules) have been a fixed part of every standard PC for many years, providing all users with a \"free\" hardware that can be used for all kinds of cryptography. \r\nThey are already widely in use by most operating systems and firmwares, but haven't really found usage for userspace applications yet.\r\n\r\nThis talk elaborates why this is the case and how to change this fact. We are going to discuss the capabilities of a TPM and demonstrate with a sample application, a TOTP client which stores its secrets securely.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 581, "code": "X8LEMP", "public_name": "Mathias Tausig", "biography": "Old man yelling at clouds & LLMs\r\n\r\nGraduated in mathematics\r\n\r\nHolistic perspective on computers: former developer, sysadmin, security officer, university teacher and even computer salesman\r\n\r\nNow a security consultant specializing in application security\r\n\r\nOpen source lover", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 596, "guid": "b45e67d9-b552-5a2d-9304-930b0d4f735f", "logo": "", "date": "2025-11-22T11:30:00+01:00", "start": "11:30", "duration": "00:30", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-596-physical-security-assesments-what-could-possibly-go-wrong-", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/3QNUWE/", "title": "Physical security assesments\u000b- what could possibly go wrong?", "subtitle": "", "track": "Main Track", "type": "Short Talk", "language": "en", "abstract": "Over the past one to two years, we have observed a growing interest in security assessments within the physical domain. This interest extends beyond traditional social engineering engagements and increasingly focuses on evaluating how well physical security measures withstand conventional break-in attempts. In this talk, we will outline our approach to conducting physical security assessments, highlighting the methodologies we apply to simulate realistic attack scenarios. Additionally, we will discuss common pitfalls encountered during such engagements and share practical insights on how to avoid them.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 639, "code": "MKEBDP", "public_name": "Gabor Szivos", "biography": "I'm a red teamer at slashsec since 2022 and my main focus is social engineering (especially in case of physically breaking into places), malware development and Windows security in general.", "answers": []}, {"id": 640, "code": "JYSE3Z", "public_name": "Darius Beckert", "biography": "Caffeine-based red teamer specializing in Active Directory, Windows security, and physical intrusion testing.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 590, "guid": "bdfd19bb-56df-520c-b191-165b8aa4f4dc", "logo": "/media/bsidesvienna-0x7e9-2025/submissions/9ZRUAL/PoC_Weaponized_2JCO8SU.svg", "date": "2025-11-22T13:05:00+01:00", "start": "13:05", "duration": "01:00", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-590-how-to-breach-from-unconventional-initial-access-vectors-to-modern-lateral-movement", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/9ZRUAL/", "title": "How To Breach: From Unconventional Initial Access Vectors To Modern Lateral Movement", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "The perpetual cat-and-mouse game between attackers and defenders has\r\npushed offensive security operators to innovate. While enterprise security\r\nteams have become adept at identifying and blocking malicious Office\r\ndocuments, suspicious executables, and known phishing URLs, a significant\r\nblind spot often remains: the gray area of \"benign\" file formats that are\r\nimplicitly trusted by both users and security tools. This talk will arm\r\nattendees with the knowledge to identify and leverage these blind spots in\r\nred team engagements.\r\n\r\nWe will begin by exploring the strategic shift from noisy, high-volume\r\nattacks to stealthy, low-profile techniques designed to circumvent modern\r\nEDR, email gateways, and web proxies. We'll discuss why certain file types\r\nand delivery mechanisms succeed where others fail, focusing on the\r\ntechnical elements that make them effective. This includes exploiting the\r\nbrowser's rendering engine and abusing features in file formats that were\r\nnever intended for malicious use. The mainpart of the presentation is a\r\ndetailed, step-by-step walkthrough of an attackchain using a weaponized\r\nSVG image, infecting a user with malware and spreading laterally with\r\nintune.\r\n\r\nWe will demonstrate the entire attack chain:\r\n\r\n-) Crafting the Lure: Creating a malicious SVG that, when opened, executes\r\nthe malicious content.\r\n-) Delivery & Execution: Discussing methods for delivering the payload and\r\ngiving alternatives to SVG images.\r\n-) Infection & Lateral Movement: Showcasing how the malware gets executed\r\nand how Microsoft Intune can be used afterwards to move laterally through\r\nthe network.\r\n\r\nBeyond the SVG case study, we will briefly cover other unconventional\r\nvectors to broaden the audience's perspective.\r\nAttendees will leave this session with a new arsenal of TTPs. Red teamers\r\nwill learn how to build more sophisticated and evasive initial access\r\ncampaigns. Blue teamers and defenders will gain insights into these\r\nemerging threats, learning what artifacts to hunt for.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 635, "code": "L8NEN9", "public_name": "Benjamin Floriani", "biography": "My fascination about complex systems began early on - with hacking computer games. While studying computer science at the University of Innsbruck, I discovered the Austrian Cyber Security Challenge, a capture-the-flag competition that promotes IT security talents in Austria.\r\n\r\nMy successful participation in this competition opened my way into professional IT security at the end of 2017. Since then, I have been pursuing my passion as a penetration tester. I have specialized in the field of red teaming and attack simulations through numerous further education and training courses - a field that continues to fascinate me.\r\n\r\nI am currently deepening my knowledge in the areas of internal infrastructures and malware development. This enables me not only to increase the precision of our penetration tests, but also to implement techniques such as lateral movement, local privilege escalation and full domain compromise in red team engagements even more effectively.", "answers": []}, {"id": 636, "code": "PGCB8K", "public_name": "P'atrick Pong<br>atz", "biography": "i love javascript, for example i love running javascript in image tags like <img src=\"https://leberkas.club/favicon.ico\" onerror=\"javascript:alert(1)\" onload=\"javascript:alert(1)\"></img> or svgs like <svg onload=alert('XSS')><svg><p><style><img src=\"data:,\" onerror=\"alert(1)\">\r\n\r\n<scr<script>ipt>alert(1)</scr<script>ipt>", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 616, "guid": "954af212-b575-5c16-8e22-c64a34f8ac05", "logo": "", "date": "2025-11-22T14:10:00+01:00", "start": "14:10", "duration": "01:00", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-616-how-to-rob-a-bank-using-a-payment-terminal", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/JFE9UX/", "title": "How to rob a bank using a payment terminal", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "This is a true story about how an application penetration test ordered by a bank ended in a successful robbery. This presentation will show anyone who has ever wondered what kind of damage can be done through a payment terminal. As usual, a collection of seemingly innocent little findings that, when put together like a puzzle, become dangerous.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 650, "code": "QUUAP8", "public_name": "Marcin Ochab", "biography": "I am a researcher, penetration tester, red team operator, and security consultant at Trustwave SpiderLabs. I am also a cybersecurity lecturer at the University of Rzesz\u00f3w in Poland and the discoverer of several CVEs mostly on leading ERP systems. I have a Ph.D. in computer science from the AGH University of Science and Technology and am an automation and robotics engineer.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 600, "guid": "0cbb99cb-87d1-5455-937a-e06284bb173e", "logo": "/media/bsidesvienna-0x7e9-2025/submissions/GZGG9U/Bsides-sandworm-in-the-supplychain_hfMeOlu.png", "date": "2025-11-22T15:15:00+01:00", "start": "15:15", "duration": "00:45", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-600-sandworms-in-the-supply-chain-surviving-shai-hulud-and-other-open-source-nightmares", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/GZGG9U/", "title": "Sandworms in the Supply Chain: Surviving Shai-Hulud and Other Open-Source Nightmares", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Open source software powers the modern internet, but our supply chain is increasingly under siege. Recent npm incidents\u2014including the Shai-Hulud worm\u2014highlight how easily malicious code can spread through trusted ecosystems. This talk explores the latest attacks, key lessons from the trenches, and practical strategies every developer, security engineer, and maintainer can adopt today.", "description": "The open source supply chain is both our greatest strength and our weakest link. In the past year, npm has faced a series of high-impact malware campaigns, culminating in the discovery of Shai-Hulud\u2014a worm that exploited package trust to propagate at scale. This session provides a deep dive into how these attacks unfold, why traditional defenses often fail, and what actionable steps teams can take to secure their dependencies. Attendees will leave with a clear understanding of current threat trends, detection techniques, and a practical roadmap for hardening their own pipelines, from package validation to runtime safeguards and incident response planning.", "recording_license": "", "do_not_record": false, "persons": [{"id": 643, "code": "W9Z9UX", "public_name": "Ondrej Fitzek", "biography": "Security researcher, long-time developer, and AppSec engineer with a focus on web security, supply chain, and AI. Passionate about IoT, electronics, and RF security.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 601, "guid": "123aaea4-d25e-5f31-a589-4caa1918ef35", "logo": "/media/bsidesvienna-0x7e9-2025/submissions/EEEHHR/zOS4genZ_wTIdVFQ.jpg", "date": "2025-11-22T16:05:00+01:00", "start": "16:05", "duration": "01:00", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-601-z-os-for-genz-hack-the-mainframe", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/EEEHHR/", "title": "z/OS for GenZ - Hack the Mainframe", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "Discover the critical role of mainframe computing in today's digital landscape. This talk delves into the enduring relevance of mainframes, exploring how they underpin many of the world's most essential systems. We will address a series of emerging challenges that, if left unchecked, could converge into a perfect storm, threatening the stability and security of these vital infrastructures. The session culminates with a live demonstration, showcasing a real-time hack of a mainframe, to highlight vulnerabilities and the importance of robust security measures.", "description": "For over 60 years, mainframes have been the backbone of mission-critical systems, yet they face significant challenges today. A growing skill gap is emerging as experienced system programmers retire, compounded by the high barrier to entry and domain-specific knowledge required. New talent is scarce due to limited and expensive learning resources, and knowledge sharing is often restricted.\r\n\r\nSecurity testing is critical concern. There is a lack of objective-based penetration testing a knowledge deficit among security professionals adequately assess the vulnerabilities, leaving these essential systems exposed to potential threats.\r\n\r\nThis talk will address these issues, emphasizing the need for bridging the skill gap, promoting knowledge sharing, and enhancing security measures. The session will conclude with a live hacking demonstration, showcasing real-time vulnerabilities and underscoring the importance of robust security practices. Join us to explore the future of mainframe computing and its indispensable role in our digital infrastructure.", "recording_license": "", "do_not_record": false, "persons": [{"id": 644, "code": "JXAT7V", "public_name": "Jonathan Prince", "biography": "Jonathan is a penetration tester at NVISO GmbH driven by curiousity who spends a lot of time digging into systems most people forgot still exist. From mainframes to IBM i, Jonathan looks for creative ways attackers can move through complex environments \u2014 and how to stop them. When not breaking things for fun (and work), he's often building out his growing homelab of classic enterprise gear to test attacks the safe way.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 619, "guid": "a2753632-de78-58ef-8d3e-6bd86b329d8c", "logo": "/media/bsidesvienna-0x7e9-2025/submissions/NELYW3/image_ygagd02.jpeg", "date": "2025-11-22T17:10:00+01:00", "start": "17:10", "duration": "01:00", "room": "Track 1", "slug": "bsidesvienna-0x7e9-2025-619-from-vienna-to-vegas-lessons-from-def-con-ctf-with-kuk-hofhackerei", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/NELYW3/", "title": "From Vienna to Vegas: Lessons from DEF CON CTF with KuK Hofhackerei", "subtitle": "", "track": "Main Track", "type": "Talk", "language": "en", "abstract": "DEF CON CTF is equal parts research sprint, incident response drill, and controlled chaos. In this talk, we recount how the Austrian team KuK Hofhackerei navigated the road from online qualifiers to the Las Vegas finals.\r\nWe\u2019ll demystify the game formats (attack-defense, king of the hill, livectf), show how we structured roles and handoffs under pressure (triage, exploit, patch, ops), and share the infrastructure that kept us moving. Beyond the technicals, we cover comms discipline, fatigue management, and how to turn failures into momentum mid-game.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 642, "code": "PNURSE", "public_name": "Manuel Reinsperger", "biography": "Manuel is a pentester, programmer and researcher for how bad those darn AI systems actually are by now. He is also part of the KuK Hofhackerei and has made sure that everybody got to this year's DefCon and back home safely.", "answers": []}, {"id": 654, "code": "V7FPNE", "public_name": "Jonas Konrad", "biography": "I am a master\u2019s student at TU Wien specializing in cybersecurity. I enjoy playing CTFs and learning through hands-on challenges in web exploitation, cryptography, reverse engineering, and forensics. My interests include secure system design, vulnerability research, and cloud computing.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Track 2": [{"id": 618, "guid": "5e8edcc5-84a2-5868-ae8d-ffd9d8082b58", "logo": "", "date": "2025-11-22T09:35:00+01:00", "start": "09:35", "duration": "00:30", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-618-the-owasp-top-10-looks-different-from-the-trenches", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/ALANTS/", "title": "The OWASP Top 10 Looks Different From the Trenches", "subtitle": "", "track": "Second Track", "type": "Short Talk", "language": "en", "abstract": "Top software vulnerability lists like OWASP Top 10 or CWE Top 25 are well-known and used broadly across the industry. They shape how we talk about software vulnerabilities and guide us to focus on certain vulnerabilities over others.  But how well do they hold up in the real world?  Are there any blind spots that are not covered by the most prominent lists?  \r\nTo answer this question, I aggregate results from over 400 web application penetration tests in the last four years.\r\n\r\nIn this talk, I will walk through how these \u201ctop vulnerability\u201d lists are created, what trade-offs they make, and where they fall short.  \r\nFinally, we will compare their priorities against real-world data from a mid-sized penetration testing team and see which issues actually show up again and again in practice.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 652, "code": "ZZLRRS", "public_name": "Fabian Funder", "biography": "Fabian is a Security Consultant at SBA Research, focusing on application security from a technical and software development perspective. He is also part of the SBA's CVE Team, which discloses vulnerabilities to the public. Fabian is finishing up his Master\u2019s degree in Logic and Artificial Intelligence at TU Wien.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 605, "guid": "f9b3540b-afcd-520f-a498-89020a8fd08b", "logo": "", "date": "2025-11-22T10:10:00+01:00", "start": "10:10", "duration": "00:30", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-605-hunting-bad-snakes", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/HT3LTA/", "title": "Hunting Bad Snakes", "subtitle": "", "track": "Second Track", "type": "Short Talk", "language": "en", "abstract": "NPM recently made headlines in the history of supply chain security. Malware in package registries is, of course, a broader problem. Unlike mobile app stores, popular package registries often do not have enough resources for reviews, and so do not require any prior approval for publication. The Python Package Index is another major player who relies on external reports to detect and remove malicious packages. In this talk, I will present how existing tools can be used for the static and dynamic analysis of Python packages. I will also provide a brief recap of my almost two-year nighttime hunting for malicious packages in PyPI, and offer my subjective view on what has changed and what remains challenging in securing the Python packaging environment.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 618, "code": "8FZCTR", "public_name": "Kamil Ma\u0144kowski", "biography": "Software Developer & Architect at CERT.at - Austrian National Computer Emergency Response Team. During the day, I work on notifying you about security events in Austrian Internet, and at night I experiment with honeypots and recognizing malicious Python packages. Occasionally, I even manage to go to sleep.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 592, "guid": "af8d093a-bad4-5f95-8cd3-ebeb7d698a4a", "logo": "", "date": "2025-11-22T10:45:00+01:00", "start": "10:45", "duration": "00:30", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-592-how-to-open-nondestructive-a-lock-with-some-handy-tools-", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/WCHVWJ/", "title": "How to open nondestructive a lock with some handy tools?", "subtitle": "", "track": "Second Track", "type": "Short Talk", "language": "en", "abstract": "You already know, what we talking about, right? ;)\r\nIf not, this is named lock picking and it is for fun.\r\nOf course, we also talk about the locks itself.\r\nSo, if you want to know, how locks work or how to open them nondestructive with lock picks, than, you are welcome.", "description": "First, we have also a workshop and some locks, for more fun. To visit the talk is not mandatory for the workshop.\r\n\r\nOpenLocks is an austrian association for improving physical security since 2010.\r\nWe are lock pickers and do it for sports and hold yearly lock picking competitions.\r\n\r\nIn this talk, we talk about the locks, the pins, the tools and some preventions made by manufacturers.\r\nSo, after this talk, you will know, how the most locks work and how you could pick them.\r\n\r\nThere are also other methods to open a lock, but this could damage the lock and/or isn't unsportsmanlike.", "recording_license": "", "do_not_record": true, "persons": [{"id": 637, "code": "NGKZMV", "public_name": "deac", "biography": "Hardware, software, network, design, security. There is nothing, I do not do.\r\nOh, Windows, MacOS I will never use.", "answers": []}, {"id": 659, "code": "NXBFDH", "public_name": "Ben", "biography": "I am a Service and Application Engineer responsible for configuring user software and establishing data connections to LIS systems via the ASTM and HL7 protocols. Furthermore, I configure firewall appliances and migrate existing user PC systems from Windows 10 to Windows 11.\r\n\r\nThis time, I\u2019m here to introduce lock-picking, one of my favorite hobbies. I have been a member of the OpenLocks association for more than seven years and have participated in several championships.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 613, "guid": "8705ddfc-3f8c-55ac-82bf-119fe268dee2", "logo": "", "date": "2025-11-22T11:20:00+01:00", "start": "11:20", "duration": "00:30", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-613-stealthcup-red-team-evasion-attempts-vs-modern-edr-ids-siem-in-a-multi-stage-it-ot-ctf", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/YX33SP/", "title": "StealthCup: Red Team Evasion Attempts vs. Modern EDR/IDS/SIEM in a Multi-Stage IT/OT CTF", "subtitle": "", "track": "Second Track", "type": "Short Talk", "language": "en", "abstract": "Most benchmarks make your EDR, IDS, or SIEM look great - until a human attacker shows up. \r\n\r\nIn a 9-hour live challenge, 60 specialists from leading security companies and universities, all with deep expertise in offensive cyber operations, formed 12 international red teams from the UAE to Ireland. Their mission: infiltrate and evade detection in a multi-layer, multi-stage IT/OT environment built for realism, featuring multiple Active Directories, segmented networks, and digital twins of PLCs.\r\n\r\nThe testbed, implemented entirely via Infrastructure-as-Code and validated by Austrian critical infrastructure providers, hosted two high-stakes objectives: (1) take over the Enterprise IT network of Plumetech, a fictitious company serving as the scenario base, and (2) manipulate the OT control network to leak chemicals by taking over a PLC.\r\n\r\nThe twist: achieve both objectives without being detected by a layered stack of open-source and leading commercial EDR, IDS, and SIEM solutions. Each team operated in its own isolated infrastructure, had access to live detection logs, and could reset their environment at will, forcing them to balance speed, stealth, and adaptability under real-world constraints.\r\n\r\nThis session reveals the tactics that worked, the detections that failed, and a comparison of leading commercial and open-source IDS along with the code, recorded live data, and detection rules you can use to strengthen your own defenses.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"id": 612, "code": "7CBLZJ", "public_name": "Manuel Kern", "biography": "Manuel Kern is a researcher and security consultant who started his career as a server admin and soon shifted his focus solely to IT security. During his time as a professional pentester at the Austrian Institute of Technology, he explored ways to improve detection methods and decided to write his Master\u2019s thesis on efficiently detecting adversaries in computer networks. This research led him to continue his academic path, currently working on his PhD in threat detection. In his free time he is NIS and ISO27001 auditor, travels the world, is an amateur DJ and enjoys scuba diving.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 604, "guid": "15d4b6b9-5337-50c7-9d35-b1511214f5b2", "logo": "", "date": "2025-11-22T13:40:00+01:00", "start": "13:40", "duration": "00:15", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-604-how-malicious-code-pwned-a-secure-coding-ctf", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/V8FYY7/", "title": "how malicious code pwned a secure coding CTF", "subtitle": "", "track": "Second Track", "type": "Short Talk", "language": "en", "abstract": "Secure coding challenges in CTFs typically ask participants to patch vulnerabilities in (web-) application code. But what happens when the validation system itself is vulnerable and not so ... secure?\r\n\r\nThis talk examines the irony of breaking security challenges by attacking the infrastructure and demonstrates the exploitation techniques against os.popen().", "description": "The Amazon AppSec CTF 2025 featured three secure coding challenges where 30 finalists were tasked with patching vulnerabilities like path traversal and command injections in different systems. A backend validation system would test submitted fixes and award flags for properly secured code. This presentation will walk through the Capture The Flag structure, demonstrate the specific exploitation techniques which were used, and discuss the broader implications. We'll examine why validation systems in security competitions need the same scrutiny as the challenges themselves, explore the ethical boundaries of exploiting competition infrastructure, and reveal why Amazon paused the finals mid-competition (oops).", "recording_license": "", "do_not_record": true, "persons": [{"id": 645, "code": "3QWGVB", "public_name": "Markus", "biography": "Lead Penetration Tester & Cybercrime Podcast Host.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 607, "guid": "a10e141c-cfbe-574e-97e5-0c352a6063c1", "logo": "", "date": "2025-11-22T14:10:00+01:00", "start": "14:10", "duration": "01:00", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-607-self-pwning", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/FYN3TX/", "title": "Self Pwning", "subtitle": "", "track": "Second Track", "type": "Talk", "language": "en", "abstract": "Cybersecurity professionals operate in high-pressure, fast-paced environments, making mental health challenges such as imposter syndrome, burnout, stress, and anxiety common yet often overlooked. This session explores each of these challenges, providing insights into how they manifest and impact both personal well-being and professional performance. Attendees will learn practical coping strategies and tools tailored to each issue, helping them build resilience, maintain balance, and thrive in their cybersecurity careers. The talk also highlights resources and approaches for ongoing support, empowering participants to take proactive steps toward better mental health.", "description": "Mental health challenges are increasingly recognized as critical issues in the cybersecurity community, yet they are often overlooked and under-discussed. This session explores imposter syndrome, burnout, stress, and anxiety, examining how these challenges manifest in high-pressure technical environments and affect both personal well-being and professional performance. Attendees will gain practical coping strategies and tools for managing each challenge, along with actionable techniques to build resilience, maintain balance, and reduce stress. The session also highlights resources, support systems, and ongoing strategies to foster a healthier work environment. Through real-world examples, research insights, and evidence-based approaches, participants will leave equipped to cultivate sustainable careers and thrive in cybersecurity.", "recording_license": "", "do_not_record": false, "persons": [{"id": 647, "code": "SPWEKW", "public_name": "Sam Macdonald", "biography": "A cybersecurity consultant who challenges audiences to explore the ethical, moral, and mental health dimensions of cyber work, sparking reflection on the human choices shaping our digital world.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 593, "guid": "c3a0718c-a525-5bbb-b0dd-464cab6fe674", "logo": "/media/bsidesvienna-0x7e9-2025/submissions/VCQATE/ConquestUI_KTm85Y9.png", "date": "2025-11-22T15:15:00+01:00", "start": "15:15", "duration": "00:45", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-593-how-i-built-a-c2-framework-from-scratch-and-why-you-should-n-t-do-the-same-", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/VCQATE/", "title": "How I built a C2 framework from scratch and why you should(n't) do the same.", "subtitle": "", "track": "Second Track", "type": "Short Talk", "language": "en", "abstract": "Command and Control (C2) frameworks are indispensable in modern red teaming and penetration testing. They enable operators to execute post-exploitation tooling, maintain access to compromised systems, all while keeping track of executed commands and their outputs. For the past couple of months, I have been working on developing a C2 framework from scratch using the Nim programming language, and have since implemented core features, such as secure C2 traffic encryption, a malleable C2 profile system, sleep obfuscation and many more.", "description": "C2 frameworks are highly complex pieces of software, consisting of multiple architectural layers, components and features. At the bare minimum, modern C2s have at least a client and server component, as well as some sort of agent/implant/payload. The server handles connections and requests from agents that are executed on target systems, allowing operators to - as the name suggests - *command* and *control* them remotely from a client user interface. \r\n\r\nIn addition to front- and backend development, data management and a lot of difficult design decisions, C2 developers are required to balance functionality with operational security and configurability, so that their programs can be easily customized or extended to slip past security controls or the watchful eyes of blue teamers. \r\n\r\nIn this talk, I want to take you on a journey of how I turned the idea and vision of building a custom command and control framework into reality. I will cover the up\u2019s and down\u2019s, the successes and failures, the reality checks and the rewarding lessons learned that come with such a project, all with the goal of answering the question: Should or should you not try to build your own C2? \r\n\r\nAgenda: \r\n- What are Command & Control frameworks? How do they work?\r\n- Design choices: Language, Architecture, Communication\r\n- Framework features and how to implement them (Beaconing, C2 profiles, Sleep obfuscation, Modules, Evasion and more)\r\n- Risk, Reward & Lessons Learned: Why should(n\u2019t) you build a C2?\r\n\r\nConquest: https://github.com/jakobfriedl/conquest/", "recording_license": "", "do_not_record": false, "persons": [{"id": 630, "code": "3AY9BB", "public_name": "Jakob Friedl", "biography": "Jakob is a penetration tester and security professional from Austria. He is particularly passionate about offensive security, including network penetration testing and Windows malware development. By day he works in an internal penetration testing team, conducting and leading engagements, while at night he keeps up-to-date with new attack techniques or works on his security-focused blog.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 611, "guid": "087aafe9-f974-5cd3-8705-4a2c7f8a7eb8", "logo": "", "date": "2025-11-22T16:05:00+01:00", "start": "16:05", "duration": "01:00", "room": "Track 2", "slug": "bsidesvienna-0x7e9-2025-611-living-under-the-land-on-linux", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/3URMQS/", "title": "Living Under the Land on Linux", "subtitle": "", "track": "Second Track", "type": "Talk", "language": "en", "abstract": "This talk looks at operations on Linux targets beneath commands and programs and frames them as executing a series of system calls without fussing about too much with higher-level details, then employs that perspective to rejigger the meat and potatoes of Linux operations just enough to make detection that much harder.", "description": "In a sense, Linux ops are just a series of commands sent to some shell we've got calling back to us.  That all just boils down to running a bunch of programs (except when it doesn't), but under the hood we're just running a bunch of code to do things which turns out to be just a convenient way to make system calls which themselves are just a handy way to ask the Linux kernel to do things for us.\r\n\r\nUnjust application of layers of abstraction has, in one Red Teamer's opinion, made Linux seem way more complicated than necessary.  In this talk we'll distill Linux operations down to a handful of system calls and a bit of syntax to make them happen and build on that to give ourselves flexibility to operate with ease in the somewhat unpredictable modern landscape of minimal containers, hardened distributions, and so on.\r\n\r\nThe slides can be found at https://t.co/hiZ2Ddj5c0", "recording_license": "", "do_not_record": false, "persons": [{"id": 554, "code": "X7LML9", "public_name": "Stuart McMurray", "biography": "Stuart is a Principal Offensive Security Engineer, focusing on Red Teaming, Unix, and general Swiss Army knifery.  He's been on the offensive side of public and private sector security for upwards a decade, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop Room": [{"id": 599, "guid": "a2491370-0056-53df-9cf1-dd6b197bf1f3", "logo": "", "date": "2025-11-22T09:35:00+01:00", "start": "09:35", "duration": "02:00", "room": "Workshop Room", "slug": "bsidesvienna-0x7e9-2025-599-hacking-with-ai-how-to-have-some-fun", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/TQTFXR/", "title": "Hacking with AI, how to have some fun", "subtitle": "", "track": "Workshop Track", "type": "Workshop", "language": "en", "abstract": "A lot of companies are bragging with their \"AI enabled Security Testing Solutions\", and a lot of them are not very good. Learn how you can build your own that is less bad, more fun and best of all, understand what is actually possible at the moment and what most definitely is not (no matter what certain marketing departments claim).", "description": "In this workshop, we will go through the general notions of using LLMs for automation, with a focus on offensive security tasks.\r\n\r\nGiven current scientific evaluations and building from personal experience, we will walk through several techniques, starting from simple text completion and building up to a full multi-agent framework (including information on what will still not work with the current iterations of those).\r\n\r\nIn the end, the goal is to understand what something like this can be used for, how you can build it yourself and why we don't need to fear the terminator coming just now.\r\n\r\nPlease bring:\r\n- Laptop with Python installed and an internet connection (venue has WIFI)\r\n\r\nOptional but good:\r\n- Your own API key for an LLM Provider (recommendation is to use OpenRouter, especially since there are some free models available via that)\r\n- A problem you want to apply the experiments to (the more difficult the problem, the less help I will be able to give you when something goes wrong, but you can directly apply your newfound skills)", "recording_license": "", "do_not_record": false, "persons": [{"id": 642, "code": "PNURSE", "public_name": "Manuel Reinsperger", "biography": "Manuel is a pentester, programmer and researcher for how bad those darn AI systems actually are by now. He is also part of the KuK Hofhackerei and has made sure that everybody got to this year's DefCon and back home safely.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 595, "guid": "bddfd910-3e65-53e5-80eb-118edfb7a26a", "logo": "", "date": "2025-11-22T13:05:00+01:00", "start": "13:05", "duration": "02:00", "room": "Workshop Room", "slug": "bsidesvienna-0x7e9-2025-595-i-want-to-open-a-lock-", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/E9KQW8/", "title": "I want to open a lock.", "subtitle": "", "track": "Workshop Track", "type": "Workshop", "language": "en", "abstract": "After visiting the talk about lock picking, you want to try it?\r\nOf course, if you didn't visit the talk, you can participant on the workshop, too.\r\n\r\nWe provide some lock picking tools and some locks.\r\nWith this tools, it should be possible for everybody, to open some of these locks.", "description": "OpenLocks is an Austrian association for improving physical security since 2010.\r\nWe are lock pickers and do it for sports and hold yearly lock picking competitions.\r\n\r\nWe will explain how to rake and pick locks with our provided tools.\r\nIf you have already tools, of course you can use them.\r\nAnd if you have already a lock, which you cannot open, you can ask us about it.  But we cannot guaranty, that we are able to open it or could explain, how to open it.\r\n\r\nThere are also other methods to open a lock, but this could damage the lock and/or isn't unsportsmanlike.", "recording_license": "", "do_not_record": true, "persons": [{"id": 637, "code": "NGKZMV", "public_name": "deac", "biography": "Hardware, software, network, design, security. There is nothing, I do not do.\r\nOh, Windows, MacOS I will never use.", "answers": []}, {"id": 659, "code": "NXBFDH", "public_name": "Ben", "biography": "I am a Service and Application Engineer responsible for configuring user software and establishing data connections to LIS systems via the ASTM and HL7 protocols. Furthermore, I configure firewall appliances and migrate existing user PC systems from Windows 10 to Windows 11.\r\n\r\nThis time, I\u2019m here to introduce lock-picking, one of my favorite hobbies. I have been a member of the OpenLocks association for more than seven years and have participated in several championships.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 591, "guid": "33954fa2-768e-50e1-8c7b-a85a3cd19af4", "logo": "", "date": "2025-11-22T15:10:00+01:00", "start": "15:10", "duration": "02:00", "room": "Workshop Room", "slug": "bsidesvienna-0x7e9-2025-591-essential-security-configurations-and-how-to-exploit-them", "url": "https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/7SNWWX/", "title": "Essential Security Configurations and How To Exploit Them", "subtitle": "", "track": "Workshop Track", "type": "Workshop", "language": "en", "abstract": "In this hands-on workshop, participants will dive into fundamental security configurations that form the backbone of enterprise defenses. We will cover key topics such as SMB signing, client hardening, and the secure use of common network protocols. Attendees will not only gain a solid understanding of why these settings matter, but also see how misconfigurations can be abused in real-world attack scenarios.\r\n\r\nIn our dedicated lab environment, we will work together to apply and test effective remediations, ensuring that every highlighted vulnerability is paired with a practical and reliable solution. By the end of the session, attendees will walk away with skills to both recognize and securely configure these essential controls in their own environments.", "description": "Attendees need to bring their own laptop (BYOL) with a modern internet browser in order to participate in this interactive workshop. No prior knowledge is required.\r\n\r\nIn this hands-on workshop, participants will dive into fundamental security configurations that form the backbone of enterprise defenses. We will cover key topics such as SMB signing, client hardening, and the secure use of common network protocols. Attendees will not only gain a solid understanding of why these settings matter, but also see how misconfigurations can be abused in real-world attack scenarios.\r\n\r\nIn our dedicated lab environment, we will work together to apply and test effective remediations, ensuring that every highlighted vulnerability is paired with a practical and reliable solution. By the end of the session, attendees will walk away with skills to both recognize and securely configure these essential controls in their own environments.", "recording_license": "", "do_not_record": false, "persons": [{"id": 635, "code": "L8NEN9", "public_name": "Benjamin Floriani", "biography": "My fascination about complex systems began early on - with hacking computer games. While studying computer science at the University of Innsbruck, I discovered the Austrian Cyber Security Challenge, a capture-the-flag competition that promotes IT security talents in Austria.\r\n\r\nMy successful participation in this competition opened my way into professional IT security at the end of 2017. Since then, I have been pursuing my passion as a penetration tester. I have specialized in the field of red teaming and attack simulations through numerous further education and training courses - a field that continues to fascinate me.\r\n\r\nI am currently deepening my knowledge in the areas of internal infrastructures and malware development. This enables me not only to increase the precision of our penetration tests, but also to implement techniques such as lateral movement, local privilege escalation and full domain compromise in red team engagements even more effectively.", "answers": []}, {"id": 636, "code": "PGCB8K", "public_name": "P'atrick Pong<br>atz", "biography": "i love javascript, for example i love running javascript in image tags like <img src=\"https://leberkas.club/favicon.ico\" onerror=\"javascript:alert(1)\" onload=\"javascript:alert(1)\"></img> or svgs like <svg onload=alert('XSS')><svg><p><style><img src=\"data:,\" onerror=\"alert(1)\">\r\n\r\n<scr<script>ipt>alert(1)</scr<script>ipt>", "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}