BSidesVienna 0x7EA

Jakob Pachmann

Originally from Germany, Jakob is a penetration tester and security consultant based in Vienna, currently completing a Master's in Information Security at the University of Applied Sciences St. Pölten. He spent over two years at SBA Research conducting penetration tests of web applications, fat clients, and corporate networks, alongside source-code audits and social engineering assessments. Most recently, he worked as a penetration tester at Raiffeisen Informatik, where his work spanned penetration testing, CERT activities, and security incident management. He holds the OSCP and BSCP certification. His current research, part of his Master's thesis, examines divergences and security-relevant behavior across CBOR parser implementations.

The speaker's profile picture

Sessions

06-27
17:15
30min
Parsing CBOR is a Minefield: A Study of CBOR Parser behavior
Jakob Pachmann

CBOR (RFC 8949) is a binary serialization format used in constrained security-critical systems like FIDO2/WebAuthn and COSE. Despite a precise specification, implementations diverge across languages and systems, leading to different behavior when confronted with the same input. In this talk, 11 CBOR parsers across seven languages are compared to identify security-relevant behavior, such as unexpected acceptance/rejection of input, hangs and crashes.

Kreativraum 3.1 (Track 3 - 50 pax - Women4Cyber/Rookie)
Kreativraum 3.1 (Track 3 - Women4Cyber/Rookie)