Jakob Pachmann
Originally from Germany, Jakob is a penetration tester and security consultant based in Vienna, currently completing a Master's in Information Security at the University of Applied Sciences St. Pölten. He spent over two years at SBA Research conducting penetration tests of web applications, fat clients, and corporate networks, alongside source-code audits and social engineering assessments. Most recently, he worked as a penetration tester at Raiffeisen Informatik, where his work spanned penetration testing, CERT activities, and security incident management. He holds the OSCP and BSCP certification. His current research, part of his Master's thesis, examines divergences and security-relevant behavior across CBOR parser implementations.
Sessions
CBOR (RFC 8949) is a binary serialization format used in constrained security-critical systems like FIDO2/WebAuthn and COSE. Despite a precise specification, implementations diverge across languages and systems, leading to different behavior when confronted with the same input. In this talk, 11 CBOR parsers across seven languages are compared to identify security-relevant behavior, such as unexpected acceptance/rejection of input, hangs and crashes.