BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.bsidesvienna.at// BEGIN:VTIMEZONE TZID:Europe/Vienna BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T020000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-bsv19-7SLXUG@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T100000 DTEND;TZID=Europe/Vienna:20191130T103000 DESCRIPTION:In January\, 2019\, SophosLabs discovered a new family of crede ntial stealing malware that called itself Baldr was being marketed on mess age boards used to advertise malware. In a short period of time\, the deve loper of Baldr made a significant number of improvements and updates\, inc luding two major releases. Baldr enjoyed a rapid growth in sales and withi n a few months\, had more than 200 criminal customers who were using it to steal valuable credentials\, mainly from video game players\, who were th e most frequently targeted victims. In this talk\, we will discuss the mec hanism by which Baldr performs its tasks\, how the malware markets and pro motes itself\, and some of the vulnerabilities in its command-and-control panel\, which has allowed other criminals to take over its C2 servers. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:The rise and fall of Baldr: Frankeinstein's malware enjoys a wild r ide - Albert Zsigovits URL:https://cfp.bsidesvienna.at/bsv19/talk/7SLXUG/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-RHQGV7@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T103500 DTEND;TZID=Europe/Vienna:20191130T110500 DESCRIPTION:We all know and love it and would like to have it available all over the world - Wireless LAN. A technology that is used in many places t o provide free Internet access\, enable networking for various components or to move freely in offices and at home. But how secure is the wireless n etwork that connects so many devices?\nThis talk will explore this questio n and try to give a brief overview of the functionality of the encryption standards WPA2 and WPA3 and explain known attacks on these two standards. The talk will also demonstrate the use of the well-known Krackattack. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:A handshake for vulnerabilities - A short dive into Krack and Drago nblood - Christoph Rottermanner\, Philip Madelmayer URL:https://cfp.bsidesvienna.at/bsv19/talk/RHQGV7/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-C8S7CE@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T111000 DTEND;TZID=Europe/Vienna:20191130T115500 DESCRIPTION:PHP Object Injection is a well known web vulnerability that cou ld allow an attacker to perform different kinds of attacks by reusing and chaining existing code of the application(gadgets). Sometimes it is easier to find the vulnerability than discovering a proper chain for a remote co de execution. This talk illustrates the long road of searching for various "POP chains" by disclosing details of a vulnerability for Okay-CMS. The c ode of the application will be analyzed and possible payloads will be disc ussed. A working unauthenticated remote code execution exploit will finall y proof the concept. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:Code diving for pop chains - Wolfgang Hotwagner URL:https://cfp.bsidesvienna.at/bsv19/talk/C8S7CE/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-HFYJGR@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T120000 DTEND;TZID=Europe/Vienna:20191130T123000 DESCRIPTION:* MAL2 project employs AI for malware and fake websites detecti on and comprises two parts: \n** 1. Neural Network-Based Technique for And roid Smartphone Applications Classification\n** 2. Automating Fake e-Comme rce Website Detection through Machine Learning\nIn our talk we will speak about AI applications for different domains of Cyber Security and demonstr ate advantages of AI approach compared to previous solutions. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:AI Application for Detection of Android Malware APKs and Fake e-Com merce Websites - Roman Graf\, Olivia Dinica\, Aaron URL:https://cfp.bsidesvienna.at/bsv19/talk/HFYJGR/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-7TCLST@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T133000 DTEND;TZID=Europe/Vienna:20191130T140000 DESCRIPTION:Why should you allow all possible system calls from your applic ation when you know that you only need some? If you have ever wondered the same then this is the right talk for you. We are covering:\n\n* What is s eccomp in a nutshell and where could you use it.\n* Practical example with Elasticsearch and Beats.\n* How to collect seccomp violations with Auditd .\n\nBecause your security approach can always use an additional layer of protection. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:seccomp — Your Next Layer of Defense - Philipp Krenn URL:https://cfp.bsidesvienna.at/bsv19/talk/7TCLST/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-E8GCJX@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T140500 DTEND;TZID=Europe/Vienna:20191130T144500 DESCRIPTION:Existing signature-based intrusion detection systems are based on manually-defined patterns that are known to correspond to particular at tacks and are therefore unable to disclose any previously unknown threats\ , such as zero day exploits. ÆCID (Automatic Event Correlation for Incide nt Detection) alleviates this problem by employing self-learning anomaly d etection. ÆCID is capable of automatically learning the complex syntax of log files\, classify events\, and extract relevant parameters for advance d analysis. This includes the derivation of rules regarding the correlatio n of events as well as occurrences of parameter values. In addition\, ÆCI D carries out statistical analyses on the observed values and reports all significant changes of system behavior to security analysts. ÆCID’s ope n-source log sensor\, the AMiner that enables efficient log parsing\, allo ws to build log analysis pipelines using a number of modules. The AMiner i s designed as a light-weight component that fits seamlessly into any syste m and has minimal requirements regarding processing power and required mem ory. Finally\, the AMiner in combination with ÆCID supports connection to existing security solutions\, such as SIEMs\, by providing interfaces to standard message queue technologies\, such as Kafka. \n\nOur talk will con sist of two parts: First\, we will discuss some basic considerations when it comes to log data analysis and outline our strategies of tackling the e ncompassed challenges\, including the parsing of logs from heterogeneous s ources and design of anomaly detection methods. Then\, we will present som e selected features of ÆCID in a practical demonstration. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:ÆCID: A self-learning Anomaly Detection Approach Based on Light-we ight Log Analytics - Max Landauer\, Markus Wurzenberger URL:https://cfp.bsidesvienna.at/bsv19/talk/E8GCJX/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-G7GJHF@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T150500 DTEND;TZID=Europe/Vienna:20191130T153500 DESCRIPTION:It is an irony in organizational security: Although so much cap ital is invested in the protection of the organizational assets against ex ternal threats\, some of the largest compromises have occurred as a result of insider threats\, sometimes resulting in irrecoverable damage\, reputa tion risk\, and liability. This type of threat is more important for organ izations that are part of the critical infrastructure and industries where intellectual property and the protection of sensitive information are cri tical elements for their operations.\nEmployees in security-focused enviro nments learn to treat outsiders with suspicion and to maintain trust bound aries. However\, it is often the case that once an “outsider” enters t he payroll of an organization they are given a "carte blanche" in terms of trust and disclosure of information. They are now treated as the "insider s" that they are- members of the same tribe\, fighting and working towards the same goals and using their skills to benefit their organization. Empl oyees do not always realize that some “colleagues” consider the exploi tation of organizational weaknesses a high-reward activity that serves the ir personal interests better than loyalty to the employer. \n\nThis presen tation aims to shed light on the challenging topic of insider threats. It will discuss the motives that lead employees to unauthorized disclosure of sensitive information\, process corruption\, electronic sabotage\, and/or the facilitation of third-party access to organizational assets. Research has repeatedly found a clear link between insider activity taking place a nd exploitable weaknesses in an organization’s security and management p rocesses. Therefore\, this talk will go on discussing the organizational f actors enabling insider threat operations as well as countermeasures again st them\, by combining the lessons learned on insider activity prevention from the fields of counterintelligence\, psychology\, and cyber-security. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:When Your Biggest Threat is on Your Payroll: Drivers & Enablers of Insider Threat Activity - Christina Lekati URL:https://cfp.bsidesvienna.at/bsv19/talk/G7GJHF/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-JFSZRC@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T154000 DTEND;TZID=Europe/Vienna:20191130T161000 DESCRIPTION:###### **The question which have been always asked\, do we real ly need an offensive security team in our organisation?** \n\nIn this pres entation I'm going to talk about my journey of building-up the offensive s ecurity team at one of the biggest Dutch banks. What are the takeaways\, approach\, achievement and mistakes done during that journey. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:Building a Red Team in a complex environment - Ahmed Sherif (@_ahma dsherif) URL:https://cfp.bsidesvienna.at/bsv19/talk/JFSZRC/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-RNZD3W@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T161500 DTEND;TZID=Europe/Vienna:20191130T164500 DESCRIPTION:Security features for network functions are not commonly deploy ed on\ntypical installations. This allows attackers to freely move around in a\nnetwork once a single point was compromised. Weak network security\n enables Lateral movement of an adversary and can also be exploited by\nRed Teams.\n\nThe Talk starts with a brief discussion of network functions on Layer 2\nand 3 and gives a brief history of famous malware families and c ampaigns\nwhich were used in the past. Also we will define the goal of net work\nattacks.\n\nThen we discuss several techniques like ARP/ND spoofing/ poisoning\, MAC\nflooding\, attacks on FHRP like VRRP or HSRP\, UPNP\, rou te injection and\nIP source route and more. We will show how these attacks are conducted\,\nwhat we can achieve and also how to deploy countermeasur es for mitigation. DTSTAMP:20260315T181055Z LOCATION:Dachsaal SUMMARY:Network Attacks for Red Teams and Blue Teams - Michael Kafka URL:https://cfp.bsidesvienna.at/bsv19/talk/RNZD3W/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsv19-B3GGCG@cfp.bsidesvienna.at DTSTART;TZID=Europe/Vienna:20191130T170000 DTEND;TZID=Europe/Vienna:20191201T000000 DESCRIPTION:Open Bar: first come first serve as long as the Sponsors budget lasts\, afterwards you'll have to pay for drinks. We'll try keep going as long as there are people around\, latest closing time: 0200.\n\nBe consid ered and nice to everyone you meet\, if you're not able to handle your dri nk\, leave. Our code of conduct can be viewed over here: https://bsidesvie nna.at/code_of_conduct/ DTSTAMP:20260315T181055Z LOCATION:Bar SUMMARY:Drinks and Discussion - attendees and crew URL:https://cfp.bsidesvienna.at/bsv19/talk/B3GGCG/ END:VEVENT END:VCALENDAR