“Code diving for pop chains” Wolfgang Hotwagner · Talk (60 minutes)

PHP Object Injection is a well known web vulnerability that could allow an attacker to perform different kinds of attacks by reusing and chaining existing code of the application(gadgets). Sometimes it is easier to find the vulnerability than discovering a proper chain for a remote code execution. …


“ÆCID: A self-learning Anomaly Detection Approach Based on Light-weight Log Analytics” Max Landauer, Markus Wurzenberger · Talk (30 minutes)

Existing signature-based intrusion detection systems are based on manually-defined patterns that are known to correspond to particular attacks and are therefore unable to disclose any previously unknown threats, such as zero day exploits. ÆCID (Automatic Event Correlation for Incident Detection) al…


“AI Application for Detection of Android Malware APKs and Fake e-Commerce Websites” Roman Graf, Olivia Dinica, Aaron · Talk (30 minutes)

  • MAL2 project employs AI for malware and fake websites detection and comprises two parts:
    1. Neural Network-Based Technique for Android Smartphone Applications Classification
    2. Automating Fake e-Commerce Website Detection through Machine Learning
    In our talk we will speak about AI applications …


“When Your Biggest Threat is on Your Payroll: Drivers & Enablers of Insider Threat Activity” Christina Lekati · Talk (30 minutes)

It is an irony in organizational security: Although so much capital is invested in the protection of the organizational assets against external threats, some of the largest compromises have occurred as a result of insider threats, sometimes resulting in irrecoverable damage, reputation risk, and li…


“seccomp — Your Next Layer of Defense” Philipp Krenn · Talk (30 minutes)

Why should you allow all possible system calls from your application when you know that you only need some? If you have ever wondered the same then this is the right talk for you. We are covering:

  • What is seccomp in a nutshell and where could you use it.
  • Practical example with Elasticsearch and Be…


“The rise and fall of Baldr: Frankeinstein's malware enjoys a wild ride” Albert Zsigovits · Talk (30 minutes)

In January, 2019, SophosLabs discovered a new family of credential stealing malware that called itself Baldr was being marketed on message boards used to advertise malware. In a short period of time, the developer of Baldr made a significant number of improvements and updates, including two major r…


“Building a Red Team in a complex environment” Ahmed Sherif (@_ahmadsherif) · Talk (30 minutes)

The question which have been always asked, do we really need an offensive security team in our organisation?

In this presentation I'm going to talk about my journey of building-up the offensive security team at one of the biggest Dutch banks. What are the takeaways, approach, achievement and mista…


“A handshake for vulnerabilities - A short dive into Krack and Dragonblood” Christoph Rottermanner, Philip Madelmayer · Talk (30 minutes)

We all know and love it and would like to have it available all over the world - Wireless LAN. A technology that is used in many places to provide free Internet access, enable networking for various components or to move freely in offices and at home. But how secure is the wireless network that con…


“Drinks and Discussion” attendees and crew · Socializing (7 hours)

Open Bar: first come first serve as long as the Sponsors budget lasts, afterwards you'll have to pay for drinks. We'll try keep going as long as there are people around, latest closing time: 0200.

Be considered and nice to everyone you meet, if you're not able to handle your drink, leave. Our code …


“Network Attacks for Red Teams and Blue Teams” Michael Kafka · Talk (30 minutes)

Security features for network functions are not commonly deployed on
typical installations. This allows attackers to freely move around in a
network once a single point was compromised. Weak network security
enables Lateral movement of an adversary and can also be exploited by
Red Teams.

The Talk s…