Events for tag "Security"

SigOver + alpha
55 min

SigOver + alpha

Signal overshadowing attack on LTE and its applications

Decoding Contactless (Card) Payments
58 min

Decoding Contactless (Card) Payments

An Exploration of NFC Transactions and Explanation How…

The new old: Supply Chain Security
33 min

The new old: Supply Chain Security

(with Kubernetes this time)

Deploying TLS 1.3: the great, the good and the bad
61 min

Deploying TLS 1.3: the great, the good and the bad

Improving the encrypted the web, one round-trip at a time

Internet of Dongs
32 min

Internet of Dongs

A long way to a vibrant future

Attacking IoT Telemetry
70 min

Attacking IoT Telemetry

A study of weaknesses in the pipeline of rapidly advancing…

PLC-Blaster
58 min

PLC-Blaster

Ein Computerwurm für PLCs

Das nützlich-unbedenklich Spektrum
63 min

Das nützlich-unbedenklich Spektrum

Können wir Software bauen, die nützlich /und/ unbedenklich…

CloudABI
62 min

CloudABI

Pure capability-based security for UNIX

Writing secure software
46 min

Writing secure software

using my blog as example

All Your Gesundheitsakten Are Belong To Us
61 min

All Your Gesundheitsakten Are Belong To Us

"So sicher wie beim Online-Banking": Die elektronische…

ARMore: Pushing Love Back Into Binaries
38 min

ARMore: Pushing Love Back Into Binaries

Aarch64 binary rewriting adventures but mostly pains

sectpmctl für LUKS Full Disk Encryption (FDE)
63 min

sectpmctl für LUKS Full Disk Encryption (FDE)

Secure Boot und TPM gestützte LUKS…

OpenVPN im Unternehmenseinsatz
37 min

OpenVPN im Unternehmenseinsatz

Realisierung einer Hochverfügbarkeitslösung mit dynamischem…

Enclosure-PUF
61 min

Enclosure-PUF

Tamper Proofing Commodity Hardware and other Applications

Inside the AMD Microcode ROM
37 min

Inside the AMD Microcode ROM

(Ab)Using AMD Microcode for fun and security

Sneaking In Network Security
60 min

Sneaking In Network Security

Enforcing strong network segmentation, without anyone…

DANEn lügen nicht
61 min

DANEn lügen nicht

SSL/TLS Zertifikate mit DNSSEC absichern

How to Break PDFs
58 min

How to Break PDFs

Breaking PDF Encryption and PDF Signatures

Building and Breaking Wireless Security
29 min

Building and Breaking Wireless Security

Wireless Physical Layer Security & More...

"Früher oder später erwisch ich euch alle!"
67 min

"Früher oder später erwisch ich euch alle!"

Eine Einführung in die digitale Forensik und ihre…

Are all BSDs created equally?
58 min

Are all BSDs created equally?

A survey of BSD kernel vulnerabilities.

Cryptography demystified
53 min

Cryptography demystified

An introduction without maths

A Dozen Years of Shellphish
57 min

A Dozen Years of Shellphish

From DEFCON to the DARPA Cyber Grand Challenge

TAPS Transport Services API
44 min

TAPS Transport Services API

Retiring the BSD Socket API

Domain Name System
42 min

Domain Name System

Hierarchical decentralized naming system used since 30 years

Console Hacking 2016
53 min

Console Hacking 2016

PS4: PC Master Race

Doping your Fitbit
22 min

Doping your Fitbit

On Fitbit Firmware Modifications and Data Extraction

Wallet Security
35 min

Wallet Security

How (not) to protect private keys

Unlocking the Road Ahead: Automotive Digital Forensics
36 min

Unlocking the Road Ahead: Automotive Digital Forensics

A deep dive into an underrepresented research area

The Great Escape of ESXi
40 min

The Great Escape of ESXi

Breaking Out of a Sandboxed Virtual Machine

Mit dem Getränkeautomaten in die Cloud
30 min

Mit dem Getränkeautomaten in die Cloud

Über die (Un-)Sicherheit eines Bezahlsystems

AppArmor Crashkurs
45 min

AppArmor Crashkurs

Lerne in unter einer Stunde, AppArmor-Profile zu erstellen…

Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit
52 min

Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit

Warum das Laden eines Elektroautos unsicher ist

Self-encrypting deception
58 min

Self-encrypting deception

weaknesses in the encryption of solid state drives (SSDs)

Hirne Hacken
43 min

Hirne Hacken

Menschliche Faktoren der IT-Sicherheit

Einführung in Smartphone Malware Forensik
62 min

Einführung in Smartphone Malware Forensik

Wie man Stalkerware und Staatstrojaner auf Smartphones…

Memsad
61 min

Memsad

why clearing memory is hard.

Web-based Cryptojacking in the Wild
39 min

Web-based Cryptojacking in the Wild

When your browser is mining coins for other people

Console Security - Switch
56 min

Console Security - Switch

Homebrew on the Horizon

wallet.fail
61 min

wallet.fail

Hacking the most popular cryptocurrency hardware wallets

Apple's iPhone 15: Under the C
36 min

Apple's iPhone 15: Under the C

Hardware hacking tooling for the new iPhone generation

Back in the Driver's Seat
41 min

Back in the Driver's Seat

Recovering Critical Data from Tesla Autopilot Using Voltage…

DPRK Consumer Technology
31 min

DPRK Consumer Technology

Facts to fight lore

Operation Triangulation
58 min

Operation Triangulation

What You Get When Attack iPhones of Researchers

Console Hacking
72 min

Console Hacking

Breaking the 3DS

Why Railway Is Safe But Not Secure
41 min

Why Railway Is Safe But Not Secure

Security Of Railway Communication Protocols

LinOTP und Single Sign On
53 min

LinOTP und Single Sign On

Zwei-Faktor Authentisierung in der Praxis

To Make Hearts Bleed
57 min

To Make Hearts Bleed

A Native Developer's Account On SSL

Automatisierung im Cyberspace
51 min

Automatisierung im Cyberspace

Wie wir die Asymmetrien überwinden können

NEW IMPORTANT INSTRUCTIONS
42 min

NEW IMPORTANT INSTRUCTIONS

Real-world exploits and mitigations in Large Language Model…

Leaving legacy behind
52 min

Leaving legacy behind

Reducing carbon footprint of network services with MirageOS…

Vehicle immobilization revisited
55 min

Vehicle immobilization revisited

Uncovering and assessing a second authentication mechanism…

LatticeHacks
65 min

LatticeHacks

Fun with lattices in cryptography and cryptanalysis

Decentralized energy production: green future or cybersecurity nightmare?
39 min

Decentralized energy production: green future or cybersecurity nightmare?

The cybersecurity dark side of solar energy when clouds are…

PQCHacks
60 min

PQCHacks

A gentle introduction to post-quantum cryptography

ZombieLoad Attack
55 min

ZombieLoad Attack

Leaking Your Recent Memory Operations on Intel CPUs

Turris: secure open source router
52 min

Turris: secure open source router

Who is the root on your router?

Viva la Vita Vida
56 min

Viva la Vita Vida

Hacking the most secure handheld console

Intercoms Hacking
40 min

Intercoms Hacking

Call the frontdoor to install your backdoors

Dissecting VoLTE
49 min

Dissecting VoLTE

Exploiting Free Data Channels and Security Problems

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones
56 min

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones

A journey on how to fix broken proprietary hardware by…

15 Jahre deutsche Telematikinfrastruktur (TI)
41 min

15 Jahre deutsche Telematikinfrastruktur (TI)

Die Realität beim Arztbesuch nach 15 Jahren Entwicklung…

Nintendo hacking 2023: 2008
42 min

Nintendo hacking 2023: 2008

Finishing off the Nintendo DSi

The DROWN Attack
55 min

The DROWN Attack

Breaking TLS using SSLv2

Harry Potter and the Not-So-Smart Proxy War
35 min

Harry Potter and the Not-So-Smart Proxy War

Taking a look at a covert CIA virtual fencing solution

Boot2root
62 min

Boot2root

Auditing Boot Loaders by Example

Alles meins!
59 min

Alles meins!

Zugänge und Daten mit privacyIDEA absichern

Build your own NSA
60 min

Build your own NSA

How private companies leak your personal data into the…

The Freenet Project
47 min

The Freenet Project

Anonymes Netzwerk basierend auf dem Kleine-Welt-Phänomen

Everything you want to know about x86 microcode, but might have been afraid to ask
57 min

Everything you want to know about x86 microcode, but might have been afraid to ask

An introduction into reverse-engineering x86 microcode and…

Intel Management Engine deep dive
60 min

Intel Management Engine deep dive

Understanding the ME at the OS and hardware level

Linux Host Security
58 min

Linux Host Security

Lessons Learned & Praxistipps

How not to use OAuth
56 min

How not to use OAuth

New security recommendations for OAuth

IT-Sicherheit in vernetzten Gebäuden
46 min

IT-Sicherheit in vernetzten Gebäuden

Was kann man noch retten, wenn langlebigen Strukturen…

Crowdsec
65 min

Crowdsec

Outnumbering cybercriminals might be an option

A look into the Mobile Messaging Black Box
63 min

A look into the Mobile Messaging Black Box

A gentle introduction to mobile messaging and subsequent…

Updates from the Onion
43 min

Updates from the Onion

The Road to Mobile Tor and Improved Censorship Circumvention

Pegasus internals
29 min

Pegasus internals

Technical Teardown of the Pegasus malware and Trident…

Key-logger, Video, Mouse
49 min

Key-logger, Video, Mouse

How to turn your KVM into a raging key-logging monster

Container for Desktops
61 min

Container for Desktops

Security und Privacy mit LXC et.al. - auch auf…

A deep dive into the world of DOS viruses
38 min

A deep dive into the world of DOS viruses

Explaining in detail just how those little COM files…

SCADA - Gateway to (s)hell
45 min

SCADA - Gateway to (s)hell

Hacking industrial control gateways

Kerberos und OTP
49 min

Kerberos und OTP

Nur einmal authentisiert - aber stark!

Don't Ruck Us Too Hard - Owning Ruckus AP Devices
48 min

Don't Ruck Us Too Hard - Owning Ruckus AP Devices

3 different RCE vulnerabilities on Ruckus Wireless access…

Taking a scalpel to QNX
46 min

Taking a scalpel to QNX

Analyzing & Breaking Exploit Mitigations and Secure Random…

Cloud Storage Encryption with Cryptomator
57 min

Cloud Storage Encryption with Cryptomator

Cryptomator is a multi-platform, client-side encryption…

Unpatchable
60 min

Unpatchable

Living with a vulnerable implanted device

Wheel of Fortune
36 min

Wheel of Fortune

Analyzing Embedded OS Random Number Generators

Decoding the LoRa PHY
64 min

Decoding the LoRa PHY

Dissecting a Modern Wireless Network for the Internet of…

ASLR on the line
44 min

ASLR on the line

Practical cache attacks on the MMU

God does not play dice!
56 min

God does not play dice!

an introduction to quantum cryptography for sysadmins and…

TamaGo - bare metal Go framework for ARM SoCs.
59 min

TamaGo - bare metal Go framework for ARM SoCs.

Reducing the attack surface with pure embedded Go.

The long road to reproducible builds
41 min

The long road to reproducible builds

why+how to create bit by bit identical binary packages

Attacking Chrome IPC
54 min

Attacking Chrome IPC

Reliably finding bugs to escape the Chrome sandbox

DoH or Don't
43 min

DoH or Don't

The dilemma of DNS privacy protocols

Jailbreaking iOS
47 min

Jailbreaking iOS

From past to present

Domain computers have accounts, too!
40 min

Domain computers have accounts, too!

Owning machines through relaying and delegation

All cops are broadcasting
63 min

All cops are broadcasting

TETRA unlocked after decades in the shadows

The Perl Jam 2
60 min

The Perl Jam 2

The Camel Strikes Back

How hackers grind an MMORPG: by taking it apart!
54 min

How hackers grind an MMORPG: by taking it apart!

An introduction to reverse engineering network protocols

Unlocked! Recovering files taken hostage by ransomware
40 min

Unlocked! Recovering files taken hostage by ransomware

Decrypting files hijacked by the "second most used…

SD-WAN a New Hop
49 min

SD-WAN a New Hop

How to hack software defined network and keep your sanity?

avatar²
55 min

avatar²

Towards an open source binary firmware analysis framework

The Layman's Guide to Zero-Day Engineering
57 min

The Layman's Guide to Zero-Day Engineering

A demystification of the exploit development lifecycle

Virtual Secure Boot
51 min

Virtual Secure Boot

Secure Boot support in qemu, kvm and ovmf.

Hacking (with) a TPM
37 min

Hacking (with) a TPM

Don't ask what you can do for TPMs, Ask what TPMs can do…

Introduction to (home) network security.
41 min

Introduction to (home) network security.

A beginner-friendly guide to network segmentation for…

Web-App-Encryption
63 min

Web-App-Encryption

Is your data secure by default? How Django can be used to…

Die DSGVO als Chance nutzen
59 min

Die DSGVO als Chance nutzen

Ein Fahrplan für ein mehr an Informationssicherheit in…

TrustZone is not enough
31 min

TrustZone is not enough

Hijacking debug components for embedded security

Provable Security
59 min

Provable Security

How I learned to stop worrying and love the backdoor

Smart Home - Smart Hack
51 min

Smart Home - Smart Hack

Wie der Weg ins digitale Zuhause zum Spaziergang wird

Venenerkennung hacken
39 min

Venenerkennung hacken

Vom Fall der letzten Bastion biometrischer Systeme

Shopshifting
60 min

Shopshifting

The potential for payment system abuse

Tales from Hardware Security Research
45 min

Tales from Hardware Security Research

From Research over Vulnerability Discovery to Public…

How to drift with any car
51 min

How to drift with any car

(without your mom yelling at you)

What The Fax?!
46 min

What The Fax?!

Hacking your network likes it's 1980 again

SELECT code_execution FROM * USING SQLite;
46 min

SELECT code_execution FROM * USING SQLite;

--Gaining code execution using a malicious SQLite database

Visiting The Bear Den
59 min

Visiting The Bear Den

A Journey in the Land of (Cyber-)Espionage

Code BROWN in the Air
37 min

Code BROWN in the Air

A systemic update of sensitive information that you sniff…

Introduction to modern fuzzing
65 min

Introduction to modern fuzzing

Find and fix vulnerabilities before they reach production.

What could possibly go wrong with <insert x86 instruction here>?
55 min

What could possibly go wrong with <insert x86 instruction here>?

Side effects include side-channel attacks and bypassing…

Ghidra - An Open Source Reverse Engineering Tool
60 min

Ghidra - An Open Source Reverse Engineering Tool

How the NSA open-sourced all software in 2019

Hacking Containers and Kubernetes
43 min

Hacking Containers and Kubernetes

Exploiting and protecting containers with a few lines of…

Untrusting the CPU
61 min

Untrusting the CPU

A proposal for secure computing in an age where we cannot…

Exploiting PHP7 unserialize
44 min

Exploiting PHP7 unserialize

teaching a new dog old tricks

BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses
59 min

BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

Breaking and fixing the Bluetooth standard. One More Time.

Check your privileges!
60 min

Check your privileges!

How to drop more of your privileges to reduce attack…

Rowhammer.js: Root privileges for web apps?
30 min

Rowhammer.js: Root privileges for web apps?

A tale of fault attacks on DRAM and attacks on CPU caches

SageMath Examples from the CrypTool Book
57 min

SageMath Examples from the CrypTool Book

50% Talk 50% Live-Session to try out some code yourself

De-anonymizing Programmers
59 min

De-anonymizing Programmers

Large Scale Authorship Attribution from Executable Binaries…

Automated security testing for Software Developers who dont know security!
49 min

Automated security testing for Software Developers who dont know security!

secure your apps and servers through continuous integration

CloudABI
57 min

CloudABI

Cloud computing meets fine-grained capabilities

Shut Up and Take My Money!
30 min

Shut Up and Take My Money!

The Red Pill of N26 Security

What your phone won’t tell you
38 min

What your phone won’t tell you

Uncovering fake base stations on iOS devices

Anykernels meet fuzzing
43 min

Anykernels meet fuzzing

how to make NetBSD a better software for you and me

Bitcoin
64 min

Bitcoin

Open Sourcing Money

Attacking end-to-end email encryption
60 min

Attacking end-to-end email encryption

Efail, other attacks and lessons learned.

Kernel Tracing With eBPF
54 min

Kernel Tracing With eBPF

Unlocking God Mode on Linux

Electromagnetic Threats for Information Security
49 min

Electromagnetic Threats for Information Security

Ways to Chaos in Digital and Analogue Electronics

SiliVaccine: North Korea&#39;s Weapon of Mass Detection
52 min

SiliVaccine: North Korea's Weapon of Mass Detection

How I Learned to Stop Worrying and Love the Backdoor

Beyond your cable modem
60 min

Beyond your cable modem

How not to do DOCSIS networks

Talking Behind Your Back
59 min

Talking Behind Your Back

On the Privacy & Security of the Ultrasound Tracking…

Sichere Softwareentwicklung
54 min

Sichere Softwareentwicklung

Ein praktischer Einstieg

The plain simple reality of entropy
60 min

The plain simple reality of entropy

Or how I learned to stop worrying and love urandom

Beyond Anti Evil Maid
60 min

Beyond Anti Evil Maid

Making it easier to avoid low-level compromise, and why…

Sanitizing PCAPs
43 min

Sanitizing PCAPs

Fun and games until someone uses IPv6 or TCP

We should share our secrets
59 min

We should share our secrets

Shamir secret sharing: How it works and how to implement it

Modchips of the State
36 min

Modchips of the State

Hardware implants in the supply-chain

Gone in 60 Milliseconds
33 min

Gone in 60 Milliseconds

Intrusion and Exfiltration in Server-less Architectures