Events for tag "Security"

Apple Wireless Direct Leaks
3 min

Apple Wireless Direct Leaks

Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network
60 min

Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network

First Sednit UEFI Rootkit Unveiled
40 min

First Sednit UEFI Rootkit Unveiled

Ghidra - An Open Source Reverse Engineering Tool
60 min

Ghidra - An Open Source Reverse Engineering Tool

How the NSA open-sourced all software in 2019

Truly cardless: Jackpotting an ATM using auxiliary devices.
35 min

Truly cardless: Jackpotting an ATM using auxiliary devices.

Thunderstrike 2
43 min

Thunderstrike 2

Bitcoin
64 min

Bitcoin

Open Sourcing Money

PoC: Implementing evil maid attack on encrypted /boot
33 min

PoC: Implementing evil maid attack on encrypted /boot

Finding Vulnerabilities in Internet-Connected Devices
47 min

Finding Vulnerabilities in Internet-Connected Devices

A Beginner’s Guide

15 Jahre deutsche Telematikinfrastruktur (TI)
41 min

15 Jahre deutsche Telematikinfrastruktur (TI)

Die Realität beim Arztbesuch nach 15 Jahren Entwicklung…

How do we know our PRNGs work properly?
58 min

How do we know our PRNGs work properly?

Mit dem Getränkeautomaten in die Cloud
30 min

Mit dem Getränkeautomaten in die Cloud

Über die (Un-)Sicherheit eines Bezahlsystems

PostgreSQL Security
41 min

PostgreSQL Security

Circumventing video identification using augmented reality
30 min

Circumventing video identification using augmented reality

CloudABI
57 min

CloudABI

Cloud computing meets fine-grained capabilities

A Practical Introduction to using sq, Sequoia PGP's CLI
52 min

A Practical Introduction to using sq, Sequoia PGP's CLI

Messenger Hacking: Remotely Compromising an iPhone through iMessage
61 min

Messenger Hacking: Remotely Compromising an iPhone through iMessage

Nintendo Hacking 2016
61 min

Nintendo Hacking 2016

Game Over

Beyond the Checkbox: Breaking out of Testing Frameworks
30 min

Beyond the Checkbox: Breaking out of Testing Frameworks

What The Fax?!
46 min

What The Fax?!

Hacking your network likes it's 1980 again

APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for
60 min

APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for

How advanced threat actors learn and change with innovation…

Competitive hacking as team sport: An introduction to Capture the Flag
28 min

Competitive hacking as team sport: An introduction to Capture the Flag

What the flag is CTF?
41 min

What the flag is CTF?

Back in the Driver's Seat
41 min

Back in the Driver's Seat

Recovering Critical Data from Tesla Autopilot Using Voltage…

Tales of old: untethering iOS 11
39 min

Tales of old: untethering iOS 11

Spoiler: Apple is bad at patching

Doping your Fitbit
22 min

Doping your Fitbit

On Fitbit Firmware Modifications and Data Extraction

Smartphone Security - how to prevent audio surveillance
29 min

Smartphone Security - how to prevent audio surveillance

KTRW: The journey to build a debuggable iPhone
54 min

KTRW: The journey to build a debuggable iPhone

How election software can fail
57 min

How election software can fail

Nintendo hacking 2023: 2008
42 min

Nintendo hacking 2023: 2008

Finishing off the Nintendo DSi

radare demystified
62 min

radare demystified

after 1.0

DG50: ZigBee
93 min

DG50: ZigBee

Hirne Hacken
43 min

Hirne Hacken

Menschliche Faktoren der IT-Sicherheit

Talking Behind Your Back
59 min

Talking Behind Your Back

On the Privacy & Security of the Ultrasound Tracking…

Do as I Say not as I Do: Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack
60 min

Do as I Say not as I Do: Stealth Modification of Programmable Logic Controllers I/O by…

Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015
49 min

Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015

SiliVaccine: North Korea's Weapon of Mass Detection
52 min

SiliVaccine: North Korea's Weapon of Mass Detection

How I Learned to Stop Worrying and Love the Backdoor

wallet.fail
61 min

wallet.fail

Hacking the most popular cryptocurrency hardware wallets

Browsers biggest TLS mistake
5 min

Browsers biggest TLS mistake

CloudABI
62 min

CloudABI

Pure capability-based security for UNIX

God does not play dice!
56 min

God does not play dice!

an introduction to quantum cryptography for sysadmins and…

Shopshifting
60 min

Shopshifting

The potential for payment system abuse

avatar²
55 min

avatar²

Towards an open source binary firmware analysis framework

Hacking the RP2350
57 min

Hacking the RP2350

Microsofts Windows 10 Botnet
60 min

Microsofts Windows 10 Botnet

Beyond your cable modem
60 min

Beyond your cable modem

How not to do DOCSIS networks

Das nützlich-unbedenklich Spektrum
63 min

Das nützlich-unbedenklich Spektrum

Können wir Software bauen, die nützlich /und/ unbedenklich…

KRACKing WPA2 by Forcing Nonce Reuse
61 min

KRACKing WPA2 by Forcing Nonce Reuse

No source, no problem! High speed binary fuzzing
59 min

No source, no problem! High speed binary fuzzing

Introduction to modern fuzzing
65 min

Introduction to modern fuzzing

Find and fix vulnerabilities before they reach production.

Vom buffer overflow zur shell
29 min

Vom buffer overflow zur shell

ZombieLoad Attack
55 min

ZombieLoad Attack

Leaking Your Recent Memory Operations on Intel CPUs

Resilienced Kryptographie
59 min

Resilienced Kryptographie

Dialing into the Past: RCE via the Fax Machine – Because Why Not?
38 min

Dialing into the Past: RCE via the Fax Machine – Because Why Not?

Why IT security needs to innovate!!!
44 min

Why IT security needs to innovate!!!

From Simulation to Tenant Takeover
29 min

From Simulation to Tenant Takeover

A Dozen Years of Shellphish
57 min

A Dozen Years of Shellphish

From DEFCON to the DARPA Cyber Grand Challenge

How not to use OAuth
56 min

How not to use OAuth

New security recommendations for OAuth

High-assurance crypto software
61 min

High-assurance crypto software

Common Mistakes <> Different Customers - Warum Ransomware-Angriffe so einfach sind
53 min

Common Mistakes <> Different Customers - Warum Ransomware-Angriffe so einfach sind

Erfolgreiche Phishing Awareness Projekte mit Gophish
61 min

Erfolgreiche Phishing Awareness Projekte mit Gophish

Decentralized energy production: green future or cybersecurity nightmare?
39 min

Decentralized energy production: green future or cybersecurity nightmare?

The cybersecurity dark side of solar energy when clouds are…

Container for Desktops
61 min

Container for Desktops

Security und Privacy mit LXC et.al. - auch auf…

Automating Cookie Consent and GDPR Violation Detection
58 min

Automating Cookie Consent and GDPR Violation Detection

Apple&#39;s iPhone 15: Under the C
36 min

Apple's iPhone 15: Under the C

Hardware hacking tooling for the new iPhone generation

Security in open source projects
50 min

Security in open source projects

Decoding Contactless (Card) Payments
58 min

Decoding Contactless (Card) Payments

An Exploration of NFC Transactions and Explanation How…

All wireless communication stacks are equally broken
38 min

All wireless communication stacks are equally broken

Tapping into the core
31 min

Tapping into the core

Everything-as-Code – Anything Secure?
47 min

Everything-as-Code – Anything Secure?

Container - Alles sicher oder was?
34 min

Container - Alles sicher oder was?

Console Security - Switch
56 min

Console Security - Switch

Homebrew on the Horizon

Recount 2016: An Uninvited Security Audit of the U.S. Presidential Election
60 min

Recount 2016: An Uninvited Security Audit of the U.S. Presidential Election

GPS Spoofing und Jamming - Techniken, Risiken und Detektion
55 min

GPS Spoofing und Jamming - Techniken, Risiken und Detektion

Gone in 60 Milliseconds
33 min

Gone in 60 Milliseconds

Intrusion and Exfiltration in Server-less Architectures

Fast Global Internet Scanning - Challenges and new Approaches
42 min

Fast Global Internet Scanning - Challenges and new Approaches

Or how to become your own ISP

Defeating (Not)Petya&#39;s Cryptography
54 min

Defeating (Not)Petya's Cryptography

Memsad
61 min

Memsad

why clearing memory is hard.

Introduction to Mix Networks and Katzenpost
47 min

Introduction to Mix Networks and Katzenpost

a new anonymity movement

Exploring fraud in telephony networks
62 min

Exploring fraud in telephony networks

Perimeter security is dead, get over it.
45 min

Perimeter security is dead, get over it.

The Layman&#39;s Guide to Zero-Day Engineering
57 min

The Layman's Guide to Zero-Day Engineering

A demystification of the exploit development lifecycle

From Pegasus to Predator - The evolution of Commercial Spyware on iOS
59 min

From Pegasus to Predator - The evolution of Commercial Spyware on iOS

Linux secure boot
56 min

Linux secure boot

DDoS kommt aus dem Internet und schmeckt AUA!
47 min

DDoS kommt aus dem Internet und schmeckt AUA!

Intel Management Engine deep dive
60 min

Intel Management Engine deep dive

Understanding the ME at the OS and hardware level

Rowhammer.js: Root privileges for web apps?
30 min

Rowhammer.js: Root privileges for web apps?

A tale of fault attacks on DRAM and attacks on CPU caches

Reversing UEFI by execution
60 min

Reversing UEFI by execution

(Un)Sicherheit von App-basierten TAN-Verfahren im Onlinebanking
60 min

(Un)Sicherheit von App-basierten TAN-Verfahren im Onlinebanking

Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit
52 min

Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit

Warum das Laden eines Elektroautos unsicher ist

Purple Dome - Kein Schwein greift mich an
33 min

Purple Dome - Kein Schwein greift mich an

IT-Sicherheit in mittelständischen Unternehmen
127 min

IT-Sicherheit in mittelständischen Unternehmen

Current status on post-quantum cryptography and ongoing standardization and implementations/protocols
5 min

Current status on post-quantum cryptography and ongoing standardization and…

Find My * 101
40 min

Find My * 101

Festplattenverschlüsselung mithilfe vom TPM 2.0
55 min

Festplattenverschlüsselung mithilfe vom TPM 2.0

PLC-Blaster
58 min

PLC-Blaster

Ein Computerwurm für PLCs

Automated security testing for Software Developers who dont know security!
49 min

Automated security testing for Software Developers who dont know security!

secure your apps and servers through continuous integration

Einführung in Smartphone Malware Forensik
62 min

Einführung in Smartphone Malware Forensik

Wie man Stalkerware und Staatstrojaner auf Smartphones…

Mobile Data Interception from the Interconnection Link
48 min

Mobile Data Interception from the Interconnection Link

Attacking Chrome IPC
54 min

Attacking Chrome IPC

Reliably finding bugs to escape the Chrome sandbox

Wrapping entire Kubernetes clusters into a confidential-computing envelope with Constellation
48 min

Wrapping entire Kubernetes clusters into a confidential-computing envelope with…

P4wnP1 A.L.O.A. - kleine Schweinereien mit dem Raspberry Pi Zero W
61 min

P4wnP1 A.L.O.A. - kleine Schweinereien mit dem Raspberry Pi Zero W

RFC 9420 or how to scale end-to-end encryption with Messaging Layer Security
40 min

RFC 9420 or how to scale end-to-end encryption with Messaging Layer Security

Untrusting the CPU
61 min

Untrusting the CPU

A proposal for secure computing in an age where we cannot…

SageMath Examples from the CrypTool Book
57 min

SageMath Examples from the CrypTool Book

50% Talk 50% Live-Session to try out some code yourself

It&#39;s not safe on the streets... especially for your 3DS!
46 min

It's not safe on the streets... especially for your 3DS!

Exploring a new attack surface on the 3DS

Everything you want to know about x86 microcode, but might have been afraid to ask
57 min

Everything you want to know about x86 microcode, but might have been afraid to ask

An introduction into reverse-engineering x86 microcode and…

Hacking an NFC toy with the ChameleonMini
13 min

Hacking an NFC toy with the ChameleonMini

Cloud Storage Encryption with Cryptomator
57 min

Cloud Storage Encryption with Cryptomator

Cryptomator is a multi-platform, client-side encryption…

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale
36 min

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

Sneaking In Network Security
60 min

Sneaking In Network Security

Enforcing strong network segmentation, without anyone…

Physical Unclonable Functions: The Future Technology for Physical Security Enclosures?
47 min

Physical Unclonable Functions: The Future Technology for Physical Security Enclosures?

Windows drivers attack surface
60 min

Windows drivers attack surface

some 'new' insights

Common Code &lt;&gt; Different Backdoors
61 min

Common Code <> Different Backdoors

Air France-KLM 6-char short code
5 min

Air France-KLM 6-char short code

Develop Secure Software - The DevGuard Project
59 min

Develop Secure Software - The DevGuard Project

OSS Security von Entwicklern für Entwickler

Delegate authentication and a lot more to Keycloak with OpenID Connect
55 min

Delegate authentication and a lot more to Keycloak with OpenID Connect

Where in the World Is Carmen Sandiego?
59 min

Where in the World Is Carmen Sandiego?

Becoming a secret travel agent

Don&#39;t Ruck Us Too Hard - Owning Ruckus AP Devices
48 min

Don't Ruck Us Too Hard - Owning Ruckus AP Devices

3 different RCE vulnerabilities on Ruckus Wireless access…

&quot;Hacker hin oder her&quot;: Die elektronische Patientenakte kommt!
60 min

"Hacker hin oder her": Die elektronische Patientenakte kommt!

On Smart Cities, Smart Energy, And Dumb Security
45 min

On Smart Cities, Smart Energy, And Dumb Security

Intercoms Hacking
40 min

Intercoms Hacking

Call the frontdoor to install your backdoors

Integration einer FIDO U2F basierten Zwei-Faktor-Authentifizierung mit LinOTP
55 min

Integration einer FIDO U2F basierten Zwei-Faktor-Authentifizierung mit LinOTP

Predicting and Abusing WPA2/802.11 Group Keys
60 min

Predicting and Abusing WPA2/802.11 Group Keys

Log4Shell - Bug oder Feature
59 min

Log4Shell - Bug oder Feature

Unikernel Security Analysis
55 min

Unikernel Security Analysis

Hacking Sony PlayStation Blu-ray Drives
49 min

Hacking Sony PlayStation Blu-ray Drives

Domain Name System
42 min

Domain Name System

Hierarchical decentralized naming system used since 30 years

Unpatchable
60 min

Unpatchable

Living with a vulnerable implanted device

TAPS Transport Services API
44 min

TAPS Transport Services API

Retiring the BSD Socket API

Praktische Einführung in HashiCorp Vault
56 min

Praktische Einführung in HashiCorp Vault

TrustZone is not enough
31 min

TrustZone is not enough

Hijacking debug components for embedded security

From fault injection to RCE: Analyzing a Bluetooth tracker
31 min

From fault injection to RCE: Analyzing a Bluetooth tracker

DPRK Consumer Technology
31 min

DPRK Consumer Technology

Facts to fight lore

Web-App-Encryption
63 min

Web-App-Encryption

Is your data secure by default? How Django can be used to…

&quot;Früher oder später erwisch ich euch alle!&quot; Über Digitalforesnik und ihre Möglichkeiten
59 min

"Früher oder später erwisch ich euch alle!" Über Digitalforesnik und ihre Möglichkeiten

Automatisierung im Cyberspace
51 min

Automatisierung im Cyberspace

Wie wir die Asymmetrien überwinden können

Venenerkennung hacken
39 min

Venenerkennung hacken

Vom Fall der letzten Bastion biometrischer Systeme

A Christmas Carol - The Spectres of the Past, Present, and Future
61 min

A Christmas Carol - The Spectres of the Past, Present, and Future

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones
56 min

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones

A journey on how to fix broken proprietary hardware by…

Uncover, Understand, Own - Regaining Control Over Your AMD CPU
56 min

Uncover, Understand, Own - Regaining Control Over Your AMD CPU

BootStomp: On the Security of Bootloaders in Mobile Devices
28 min

BootStomp: On the Security of Bootloaders in Mobile Devices

Skalierbares Auditing
54 min

Skalierbares Auditing

Tief im Kaninchenbau der Seitenkanalanalyse der SHAKE-Funktion in CRYSTALS-Dilithium
33 min

Tief im Kaninchenbau der Seitenkanalanalyse der SHAKE-Funktion in CRYSTALS-Dilithium

Harry Potter and the Not-So-Smart Proxy War
35 min

Harry Potter and the Not-So-Smart Proxy War

Taking a look at a covert CIA virtual fencing solution

Introduction to (home) network security.
41 min

Introduction to (home) network security.

A beginner-friendly guide to network segmentation for…

Finding Bugs in Closed-source Software: An Open-source Static Binary Analysis Tool (written in Rust)
55 min

Finding Bugs in Closed-source Software: An Open-source Static Binary Analysis Tool…

Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure
59 min

Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure

The Great Escape of ESXi
40 min

The Great Escape of ESXi

Breaking Out of a Sandboxed Virtual Machine

The long road to reproducible builds
41 min

The long road to reproducible builds

why+how to create bit by bit identical binary packages

Breaking the black-box security coprocessor in the Nintendo Switch
39 min

Breaking the black-box security coprocessor in the Nintendo Switch

a story of vulnerability after vulnerability

What the PHUZZ?!
60 min

What the PHUZZ?!

Finding 0-days in Web Applications with Coverage-guided…

BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses
59 min

BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

Breaking and fixing the Bluetooth standard. One More Time.

Kernel Tracing With eBPF
54 min

Kernel Tracing With eBPF

Unlocking God Mode on Linux

EU&#39;s Digital Identity Systems - Reality Check and Techniques for Better Privacy
41 min

EU's Digital Identity Systems - Reality Check and Techniques for Better Privacy

Tor onion services: more useful than you think
60 min

Tor onion services: more useful than you think

SELECT code_execution FROM * USING SQLite;
46 min

SELECT code_execution FROM * USING SQLite;

--Gaining code execution using a malicious SQLite database

Breaking Microsoft Edge Extensions Security Policies
30 min

Breaking Microsoft Edge Extensions Security Policies

Gibberish Detection 102
58 min

Gibberish Detection 102

ASLR on the line
44 min

ASLR on the line

Practical cache attacks on the MMU

Lattice Attacks on Ethereum, Bitcoin, and HTTPS
31 min

Lattice Attacks on Ethereum, Bitcoin, and HTTPS

The Perl Jam 2
60 min

The Perl Jam 2

The Camel Strikes Back

Vehicle immobilization revisited
55 min

Vehicle immobilization revisited

Uncovering and assessing a second authentication mechanism…

Sichere Softwareentwicklung
54 min

Sichere Softwareentwicklung

Ein praktischer Einstieg

Wir wissen wo dein Auto steht
38 min

Wir wissen wo dein Auto steht

Volksdaten von Volkswagen

MFA, OTP, SMS, U2F, WTF?! - Multifaktor-Authentifizierung ist sehr gut!
63 min

MFA, OTP, SMS, U2F, WTF?! - Multifaktor-Authentifizierung ist sehr gut!

Viva la Vita Vida
56 min

Viva la Vita Vida

Hacking the most secure handheld console

Type confusion: discovery, abuse, and protection
56 min

Type confusion: discovery, abuse, and protection

SMTP Smuggling – Spoofing E-Mails Worldwide
31 min

SMTP Smuggling – Spoofing E-Mails Worldwide

Architecture of secure IoT devices
48 min

Architecture of secure IoT devices

Security by design

What you see is not what you get - when homographs attack
29 min

What you see is not what you get - when homographs attack

Alles meins!
59 min

Alles meins!

Zugänge und Daten mit privacyIDEA absichern

Unlocking Hardware Security: Red Team, Blue Team, and Trojan Tales
60 min

Unlocking Hardware Security: Red Team, Blue Team, and Trojan Tales

Down the Parcel Hole
59 min

Down the Parcel Hole

Email authentication for penetration testers
61 min

Email authentication for penetration testers

When SPF is not enough

Unlocking the Road Ahead: Automotive Digital Forensics
36 min

Unlocking the Road Ahead: Automotive Digital Forensics

A deep dive into an underrepresented research area

Attack Mining: How to use distributed sensors to identify and take down adversaries
61 min

Attack Mining: How to use distributed sensors to identify and take down adversaries

Why Railway Is Safe But Not Secure
41 min

Why Railway Is Safe But Not Secure

Security Of Railway Communication Protocols

Uncovering vulnerabilities in Hoermann BiSecur
51 min

Uncovering vulnerabilities in Hoermann BiSecur

An AES encrypted radio system

Crowdsec
65 min

Crowdsec

Outnumbering cybercriminals might be an option

Fearsome File Formats
45 min

Fearsome File Formats

Electromagnetic Threats for Information Security
49 min

Electromagnetic Threats for Information Security

Ways to Chaos in Digital and Analogue Electronics

DoH or Don&#39;t
43 min

DoH or Don't

The dilemma of DNS privacy protocols

Das Privoxy-Ökosystem
69 min

Das Privoxy-Ökosystem

Linux Security Monitoring mit Audit Events: Schmerzen reduzieren
44 min

Linux Security Monitoring mit Audit Events: Schmerzen reduzieren

Hacking (with) a TPM
37 min

Hacking (with) a TPM

Don't ask what you can do for TPMs, Ask what TPMs can do…

Einführung zu Blockchains
61 min

Einführung zu Blockchains

io_uring, eBPF, XDP and AF_XDP
56 min

io_uring, eBPF, XDP and AF_XDP

What your phone won’t tell you
38 min

What your phone won’t tell you

Uncovering fake base stations on iOS devices

Opencanary, eine Alarmanlage gegen Einbrecher im Netzwerk
62 min

Opencanary, eine Alarmanlage gegen Einbrecher im Netzwerk

Projekt Bucketchallenge
40 min

Projekt Bucketchallenge

Beyond Anti Evil Maid
60 min

Beyond Anti Evil Maid

Making it easier to avoid low-level compromise, and why…

GDPR and ePrivacy: Compliance Nightmares for Open-Source Projects?
45 min

GDPR and ePrivacy: Compliance Nightmares for Open-Source Projects?

Hacking Containers and Kubernetes
43 min

Hacking Containers and Kubernetes

Exploiting and protecting containers with a few lines of…

Auracast: Breaking Broadcast LE Audio Before It Hits the Shelves
41 min

Auracast: Breaking Broadcast LE Audio Before It Hits the Shelves

Anykernels meet fuzzing
43 min

Anykernels meet fuzzing

how to make NetBSD a better software for you and me

New memory corruption attacks: why can&#39;t we have nice things?
54 min

New memory corruption attacks: why can't we have nice things?

Ultrawide archaeology on Android native libraries
39 min

Ultrawide archaeology on Android native libraries

Jailbreaking iOS
47 min

Jailbreaking iOS

From past to present

Modern Security Model for Embedded Linux Distributions
64 min

Modern Security Model for Embedded Linux Distributions

From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11
40 min

From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11

DANEn lügen nicht
61 min

DANEn lügen nicht

SSL/TLS Zertifikate mit DNSSEC absichern

Die DSGVO als Chance nutzen
59 min

Die DSGVO als Chance nutzen

Ein Fahrplan für ein mehr an Informationssicherheit in…

LO! An LLVM Obfuscator
45 min

LO! An LLVM Obfuscator

Dissecting modern (3G/4G) cellular modems
58 min

Dissecting modern (3G/4G) cellular modems

Cybersicherheit in der Gesellschaft
60 min

Cybersicherheit in der Gesellschaft

Die Rolle des CRA für Freie Software

1-day exploit development for Cisco IOS
45 min

1-day exploit development for Cisco IOS

Check your privileges!
60 min

Check your privileges!

How to drop more of your privileges to reduce attack…

What’s new in Keycloak, the open source IAM?
60 min

What’s new in Keycloak, the open source IAM?

Unlocked: PICing a wireless door access system
38 min

Unlocked: PICing a wireless door access system

Inside Android’s SafetyNet Attestation: Attack and Defense
59 min

Inside Android’s SafetyNet Attestation: Attack and Defense

Sicherheit von 125kHz Transpondern am Beispiel Hitag S
60 min

Sicherheit von 125kHz Transpondern am Beispiel Hitag S

Kerberos und OTP
49 min

Kerberos und OTP

Nur einmal authentisiert - aber stark!

Taking a scalpel to QNX
46 min

Taking a scalpel to QNX

Analyzing & Breaking Exploit Mitigations and Secure Random…

All cops are broadcasting
63 min

All cops are broadcasting

TETRA unlocked after decades in the shadows

Cyber Resilience Act - Compliance Risk oder Consumer Respect Act?
60 min

Cyber Resilience Act - Compliance Risk oder Consumer Respect Act?

BlinkenCity: Radio-Controlling Street Lamps and Power Plants
61 min

BlinkenCity: Radio-Controlling Street Lamps and Power Plants

We should share our secrets
59 min

We should share our secrets

Shamir secret sharing: How it works and how to implement it

Modern Windows Userspace Exploitation
50 min

Modern Windows Userspace Exploitation

A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs
62 min

A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs

You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet
46 min

You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet

Finding interesting targets in 128bit of entropy

PQCHacks
60 min

PQCHacks

A gentle introduction to post-quantum cryptography

Implementing an LLVM based Dynamic Binary Instrumentation framework
60 min

Implementing an LLVM based Dynamic Binary Instrumentation framework

Preach it don´t breach it -Cyber Security and Data Protection as partner in crime
44 min

Preach it don´t breach it -Cyber Security and Data Protection as partner in crime

From Zero to Zero Day
48 min

From Zero to Zero Day

IoT Cybersecurity - EU Normenupdate
58 min

IoT Cybersecurity - EU Normenupdate

Die fabelhafte Welt des Mobilebankings
33 min

Die fabelhafte Welt des Mobilebankings

Sanitizing PCAPs
43 min

Sanitizing PCAPs

Fun and games until someone uses IPv6 or TCP

Microarchitectural Attacks on Trusted Execution Environments
55 min

Microarchitectural Attacks on Trusted Execution Environments

LinOTP und Single Sign On
53 min

LinOTP und Single Sign On

Zwei-Faktor Authentisierung in der Praxis

Towards (reasonably) trustworthy x86 laptops
62 min

Towards (reasonably) trustworthy x86 laptops

Exploiting PHP7 unserialize
44 min

Exploiting PHP7 unserialize

teaching a new dog old tricks

Provable Security
59 min

Provable Security

How I learned to stop worrying and love the backdoor

Fuzz Everything, Everywhere, All at Once
40 min

Fuzz Everything, Everywhere, All at Once

Advanced QEMU-based fuzzing

A deep dive into the world of DOS viruses
38 min

A deep dive into the world of DOS viruses

Explaining in detail just how those little COM files…

Memory Deduplication: The Curse that Keeps on Giving
59 min

Memory Deduplication: The Curse that Keeps on Giving

A tale of 3 different memory deduplication based…

Fighting back against Libra - Decentralizing Facebook Connect
41 min

Fighting back against Libra - Decentralizing Facebook Connect

Nym Anonymous Authentication Credentials

Enclosure-PUF
61 min

Enclosure-PUF

Tamper Proofing Commodity Hardware and other Applications

What&#39;s left for private messaging?
60 min

What's left for private messaging?

Web-based Cryptojacking in the Wild
39 min

Web-based Cryptojacking in the Wild

When your browser is mining coins for other people

Plundervolt: Flipping Bits from Software without Rowhammer
49 min

Plundervolt: Flipping Bits from Software without Rowhammer

Boot2root
62 min

Boot2root

Auditing Boot Loaders by Example

NEW IMPORTANT INSTRUCTIONS
42 min

NEW IMPORTANT INSTRUCTIONS

Real-world exploits and mitigations in Large Language Model…

Squeezing a key through a carry bit
50 min

Squeezing a key through a carry bit

Turris: secure open source router
52 min

Turris: secure open source router

Who is the root on your router?

Leaving legacy behind
52 min

Leaving legacy behind

Reducing carbon footprint of network services with MirageOS…

MacOS Location Privacy Red Pill: A Rabbit Hole Resulting in 24 CVEs
58 min

MacOS Location Privacy Red Pill: A Rabbit Hole Resulting in 24 CVEs

The One Weird Trick SecureROM Hates
38 min

The One Weird Trick SecureROM Hates

De-anonymizing Programmers
59 min

De-anonymizing Programmers

Large Scale Authorship Attribution from Executable Binaries…

The master key
51 min

The master key

Life of a Key
49 min

Life of a Key

Fuzzing the TCP/IP stack
39 min

Fuzzing the TCP/IP stack

beyond the trivial

Linux Host Security
58 min

Linux Host Security

Lessons Learned & Praxistipps

Pegasus internals
29 min

Pegasus internals

Technical Teardown of the Pegasus malware and Trident…

Self-encrypting deception
58 min

Self-encrypting deception

weaknesses in the encryption of solid state drives (SSDs)

Dissecting Broadcom Bluetooth
43 min

Dissecting Broadcom Bluetooth

Wheel of Fortune
36 min

Wheel of Fortune

Analyzing Embedded OS Random Number Generators

In Soviet Russia Smart Card Hacks You
38 min

In Soviet Russia Smart Card Hacks You

Docker Container und Security
79 min

Docker Container und Security

Dude, Where&#39;s My Crypto? - Real World Impact of Weak Cryptocurrency Keys
39 min

Dude, Where's My Crypto? - Real World Impact of Weak Cryptocurrency Keys

OpenVPN im Unternehmenseinsatz
37 min

OpenVPN im Unternehmenseinsatz

Realisierung einer Hochverfügbarkeitslösung mit dynamischem…

Dissecting VoLTE
49 min

Dissecting VoLTE

Exploiting Free Data Channels and Security Problems

Everything you always wanted to know about Certificate Transparency
60 min

Everything you always wanted to know about Certificate Transparency

(but were afraid to ask)

Decoding the LoRa PHY
64 min

Decoding the LoRa PHY

Dissecting a Modern Wireless Network for the Internet of…

Enterprise Mail-Security mit Open-Source?
47 min

Enterprise Mail-Security mit Open-Source?

Rspamd - Mail-Security-Framework

TamaGo - bare metal Go framework for ARM SoCs.
59 min

TamaGo - bare metal Go framework for ARM SoCs.

Reducing the attack surface with pure embedded Go.

Writing secure software
46 min

Writing secure software

using my blog as example

Operation Triangulation
58 min

Operation Triangulation

What You Get When Attack iPhones of Researchers

Improving Security Posture of Critical FOSS Projects with Security Audits
47 min

Improving Security Posture of Critical FOSS Projects with Security Audits

(Post-Quantum) Isogeny Cryptography
52 min

(Post-Quantum) Isogeny Cryptography

The sustainability of safety, security and privacy
43 min

The sustainability of safety, security and privacy

What could possibly go wrong with &lt;insert x86 instruction here&gt;?
55 min

What could possibly go wrong with <insert x86 instruction here>?

Side effects include side-channel attacks and bypassing…

ATMs how to break them to stop the fraud
54 min

ATMs how to break them to stop the fraud

Tales from Hardware Security Research
45 min

Tales from Hardware Security Research

From Research over Vulnerability Discovery to Public…

On the insecure nature of turbine control systems in power generation
60 min

On the insecure nature of turbine control systems in power generation

A security study of turbine control systems in power…

seccomp — Your Next Layer of Defense
44 min

seccomp — Your Next Layer of Defense

Practical Cache Attacks from the Network and Bad Cat Puns
42 min

Practical Cache Attacks from the Network and Bad Cat Puns

Building and Breaking Wireless Security
29 min

Building and Breaking Wireless Security

Wireless Physical Layer Security & More...

500.000 Recalled Pacemakers, 2 Billion $ Stock Value Loss
44 min

500.000 Recalled Pacemakers, 2 Billion $ Stock Value Loss

The Story Behind

Sichere Webanwendungen mit Clojure
46 min

Sichere Webanwendungen mit Clojure

Predator Files: How European spyware threatens civil society around the world
41 min

Predator Files: How European spyware threatens civil society around the world

Domain computers have accounts, too!
40 min

Domain computers have accounts, too!

Owning machines through relaying and delegation

Privacy leaks in smart devices: Extracting data from used smart home devices
51 min

Privacy leaks in smart devices: Extracting data from used smart home devices

Code BROWN in the Air
37 min

Code BROWN in the Air

A systemic update of sensitive information that you sniff…

A look into the Mobile Messaging Black Box
63 min

A look into the Mobile Messaging Black Box

A gentle introduction to mobile messaging and subsequent…

The Great Train Cyber Robbery
54 min

The Great Train Cyber Robbery

Compromising online accounts by cracking voicemail systems
42 min

Compromising online accounts by cracking voicemail systems

State of Surveillance: A year of digital threats to civil society
59 min

State of Surveillance: A year of digital threats to civil society

sectpmctl für LUKS Full Disk Encryption (FDE)
63 min

sectpmctl für LUKS Full Disk Encryption (FDE)

Secure Boot und TPM gestützte LUKS…

Taking Bluetooth lockpicking to the next level
46 min

Taking Bluetooth lockpicking to the next level

...or the 37th floor of a Hotel

On the Security and Privacy of Modern Single Sign-On in the Web
64 min

On the Security and Privacy of Modern Single Sign-On in the Web

(Not Only) Attacks on OAuth and OpenID Connect

IoT-Security nach ETSI/EN303645
30 min

IoT-Security nach ETSI/EN303645

Attacking IoT Telemetry
70 min

Attacking IoT Telemetry

A study of weaknesses in the pipeline of rapidly advancing…

Sicher Programmieren mit Ruby on Rails
53 min

Sicher Programmieren mit Ruby on Rails

Sucking dust and cutting grass: reversing robots and bypassing security
71 min

Sucking dust and cutting grass: reversing robots and bypassing security

Rust Binary Analysis, Feature by Feature
42 min

Rust Binary Analysis, Feature by Feature

How to Break PDFs
58 min

How to Break PDFs

Breaking PDF Encryption and PDF Signatures

Breaking Honeypots for Fun and Profit
54 min

Breaking Honeypots for Fun and Profit

The DROWN Attack
55 min

The DROWN Attack

Breaking TLS using SSLv2

Inside the AMD Microcode ROM
37 min

Inside the AMD Microcode ROM

(Ab)Using AMD Microcode for fun and security

AI Meets Git: Unmasking Security Flaws in Qodo Merge
40 min

AI Meets Git: Unmasking Security Flaws in Qodo Merge

ACE up the sleeve:
40 min

ACE up the sleeve:

Hacking into Apple's new USB-C Controller

Ten Years of Rowhammer:
41 min

Ten Years of Rowhammer:

A Retrospect (and Path to the Future)

Supply Chain Security with Go
43 min

Supply Chain Security with Go

A Christmas Carol - The Spectres of the Past, Present, and Future
47 min

A Christmas Carol - The Spectres of the Past, Present, and Future

Hardware-Trojaner in Security-Chips
60 min

Hardware-Trojaner in Security-Chips

Eine Reise auf die dunkle Seite

Lets break modern binary code obfuscation
60 min

Lets break modern binary code obfuscation

A semantics based approach

Analyse von Gesundheits-Apps der gesetzlichen Krankenkassen
52 min

Analyse von Gesundheits-Apps der gesetzlichen Krankenkassen

Math Protected Social Interactions
38 min

Math Protected Social Interactions

Logjam: Diffie-Hellman, discrete logs, the NSA, and you
61 min

Logjam: Diffie-Hellman, discrete logs, the NSA, and you

Privacy to go
62 min

Privacy to go

The plain simple reality of entropy
60 min

The plain simple reality of entropy

Or how I learned to stop worrying and love urandom

Deploying TLS 1.3: the great, the good and the bad
61 min

Deploying TLS 1.3: the great, the good and the bad

Improving the encrypted the web, one round-trip at a time

Cryptography demystified
53 min

Cryptography demystified

An introduction without maths

Wallet Security
35 min

Wallet Security

How (not) to protect private keys

Beyond the Pile of Knobs
46 min

Beyond the Pile of Knobs

Redesigning NoScript’s UX

To Make Hearts Bleed
57 min

To Make Hearts Bleed

A Native Developer's Account On SSL

AppArmor Crashkurs
45 min

AppArmor Crashkurs

Lerne in unter einer Stunde, AppArmor-Profile zu erstellen…

Oh no: KUNO - Gesperrte Girocards entsperren
54 min

Oh no: KUNO - Gesperrte Girocards entsperren

Über „Girodays“ & anderen Kuriositäten

Fuzion — Eine neue Programmiersprache für Sicherheit
64 min

Fuzion — Eine neue Programmiersprache für Sicherheit

Visiting The Bear Den
59 min

Visiting The Bear Den

A Journey in the Land of (Cyber-)Espionage

Are all BSDs created equally?
58 min

Are all BSDs created equally?

A survey of BSD kernel vulnerabilities.

Breaking NATO Radio Encryption
59 min

Breaking NATO Radio Encryption

Google Cloud’s insecure default configurations
3 min

Google Cloud’s insecure default configurations

Virtual Secure Boot
51 min

Virtual Secure Boot

Secure Boot support in qemu, kvm and ovmf.

&quot;Früher oder später erwisch ich euch alle!&quot;
67 min

"Früher oder später erwisch ich euch alle!"

Eine Einführung in die digitale Forensik und ihre…

How to drift with any car
51 min

How to drift with any car

(without your mom yelling at you)

Attacking end-to-end email encryption
60 min

Attacking end-to-end email encryption

Efail, other attacks and lessons learned.

Self-Authenticating TLS Certificates for Tor Onion Services
20 min

Self-Authenticating TLS Certificates for Tor Onion Services

IT-Sicherheit in vernetzten Gebäuden
46 min

IT-Sicherheit in vernetzten Gebäuden

Was kann man noch retten, wenn langlebigen Strukturen…

The Freenet Project
47 min

The Freenet Project

Anonymes Netzwerk basierend auf dem Kleine-Welt-Phänomen

DNSSEC
45 min

DNSSEC

Running your own 3G/3.5G network
56 min

Running your own 3G/3.5G network

OpenBSC reloaded

The Rocky Road to TLS 1.3 and better Internet Encryption
60 min

The Rocky Road to TLS 1.3 and better Internet Encryption

SigOver + alpha
55 min

SigOver + alpha

Signal overshadowing attack on LTE and its applications

Who is attacking you?
55 min

Who is attacking you?

Open source router that catches the attackers

Console Hacking
72 min

Console Hacking

Breaking the 3DS

ARMore: Pushing Love Back Into Binaries
38 min

ARMore: Pushing Love Back Into Binaries

Aarch64 binary rewriting adventures but mostly pains

Unlocked! Recovering files taken hostage by ransomware
40 min

Unlocked! Recovering files taken hostage by ransomware

Decrypting files hijacked by the "second most used…

(In)Security of Embedded Devices&#39; Firmware - Fast and Furious at Large Scale
59 min

(In)Security of Embedded Devices' Firmware - Fast and Furious at Large Scale

All Your Gesundheitsakten Are Belong To Us
61 min

All Your Gesundheitsakten Are Belong To Us

"So sicher wie beim Online-Banking": Die elektronische…

Shut Up and Take My Money!
30 min

Shut Up and Take My Money!

The Red Pill of N26 Security

iOS kernel exploitation archaeology
54 min

iOS kernel exploitation archaeology

Internet of Dongs
32 min

Internet of Dongs

A long way to a vibrant future

Mehr-Faktor-Authentifizierung am Puls der Zeit
59 min

Mehr-Faktor-Authentifizierung am Puls der Zeit

Was ist neu in privacyIDEA

Key-logger, Video, Mouse
49 min

Key-logger, Video, Mouse

How to turn your KVM into a raging key-logging monster

Intel ME: Myths and reality
62 min

Intel ME: Myths and reality

SCADA - Gateway to (s)hell
45 min

SCADA - Gateway to (s)hell

Hacking industrial control gateways

How hackers grind an MMORPG: by taking it apart!
54 min

How hackers grind an MMORPG: by taking it apart!

An introduction to reverse engineering network protocols

Fake-Shops von der Stange: BogusBazaar
63 min

Fake-Shops von der Stange: BogusBazaar

Wie man mit Mathematik ein API übernehmen kann
25 min

Wie man mit Mathematik ein API übernehmen kann

(und wie gute Architektur das verhindert)

Console Hacking 2016
53 min

Console Hacking 2016

PS4: PC Master Race

LatticeHacks
65 min

LatticeHacks

Fun with lattices in cryptography and cryptanalysis

„Konnte bisher noch nie gehackt werden“: Die elektronische Patientenakte kommt - jetzt für alle!
59 min

„Konnte bisher noch nie gehackt werden“: Die elektronische Patientenakte kommt - jetzt…

A systematic evaluation of OpenBSD&#39;s mitigations
53 min

A systematic evaluation of OpenBSD's mitigations

Sichere Netzwerke mit pfSense
61 min

Sichere Netzwerke mit pfSense

Bifröst: Apple&#39;s Rainbow Bridge for Satellite Communication
40 min

Bifröst: Apple's Rainbow Bridge for Satellite Communication

SD-WAN a New Hop
49 min

SD-WAN a New Hop

How to hack software defined network and keep your sanity?

Updates from the Onion
43 min

Updates from the Onion

The Road to Mobile Tor and Improved Censorship Circumvention

Inside Intel Management Engine
51 min

Inside Intel Management Engine

Passkeys – Login ohne Passwort (?)
61 min

Passkeys – Login ohne Passwort (?)

TETRA Algorithm set B - Can glue mend the burst?
40 min

TETRA Algorithm set B - Can glue mend the burst?

Bootstraping a slightly more secure laptop
47 min

Bootstraping a slightly more secure laptop

Modchips of the State
36 min

Modchips of the State

Hardware implants in the supply-chain

Du kannst alles hacken – du darfst dich nur nicht erwischen lassen.
57 min

Du kannst alles hacken – du darfst dich nur nicht erwischen lassen.

OpSec für Datenreisende

IT-Unsicherheit in der Gebäudeautomation
58 min

IT-Unsicherheit in der Gebäudeautomation

Eine Bestandsaufnahme

Smart Home - Smart Hack
51 min

Smart Home - Smart Hack

Wie der Weg ins digitale Zuhause zum Spaziergang wird

KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)
58 min

KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)

How Do I Crack Satellite and Cable Pay TV?
62 min

How Do I Crack Satellite and Cable Pay TV?

The Noise Protocol Framework
32 min

The Noise Protocol Framework

Build your own NSA
60 min

Build your own NSA

How private companies leak your personal data into the…

The new old: Supply Chain Security
33 min

The new old: Supply Chain Security

(with Kubernetes this time)

Freedom of Forking
58 min

Freedom of Forking

Multi Faktor Authentifizierung mit eduMFA

The year in post-quantum crypto
70 min

The year in post-quantum crypto

Downgrading iOS: From past to present
52 min

Downgrading iOS: From past to present