Review | Rückblick

Click on the buttons below to review a year.Schaltflächen klicken um auf ein Jahr rückzublicken.

20222023

AI & Hacking

by Bruce Schneier in Personvon Bruce Schneier in Person

AI & Hacking

Experts Talk on 1 June 2023 in Block 0 (~08:30)Experts Talk am 1. Juni 2023 im Block 0 (~08:30)
by Bruce Schneier in Personvon Bruce Schneier in Person

Description | Beschreibung

The Coming AI Hackers... Hacking is inherently a creative process. It's finding a vulnerability in a system: something the system allows, but is unintended and unanticipated by the system's creators -- something that follows the rules of the system but subverts its intent. Normally, we think of hacking as something done to computer systems, but we can extend this conceptualization to any system of rules. The tax code can be hacked; vulnerabilities are called loopholes and exploits are called tax avoidance strategies. Financial markets can be hacked. So can any system of laws, or democracy itself. This is a human endeavor, but we can imagine a world where AIs can be hackers. AIs are already finding new vulnerabilities in computer code and loopholes in contracts. We need to consider a world where hacks or our social, economic, and political systems are discovered computer speeds, and then exploited at computer scale. Right now, our systems of "patching" these systems operate at human speeds, which won't nearly be enough.

Speaker | Sprecher

Name: Bruce Schneier in Person
Affiliation | Affiliation: Harvard University
Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of over one dozen books–including his latest, We Have Root–as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation and AccessNow; and an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc.

Close DescriptionBeschreibung Schließen

Where do Internet Standards come from?

by Christian Amsüssvon Christian Amsüss

Where do Internet Standards come from?

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Christian Amsüssvon Christian Amsüss

Description | Beschreibung

By the example of OSCORE & co[^1], we follow a family of documents from their genesis as Internet Drafts to their publication as a Proposed Standard in the form of an RFC – and tackle questions such as: Can I write an Internet Standard? Who reviews these documents? Can I trust that mechanisms published in RFCs are secure? How do documents that are set in stone adjust to new threats and broken algorithms? [^1]: OSCORE (RFC8613, Object Security for Constrained RESTful Environments), and related documents such as EDHOC (draft-ietf- lake-edhoc, Ephemeral Diffie-Hellman Over COSE) and Group OSCORE (draft-ietf-core-oscore-groupcomm, Group OSCORE – Secure Group Communication for OSCORE)

Speaker | Sprecher

Name: Christian Amsüss
Affiliation | Affiliation: independent
Christian Amsüss has been an active member of different Free Software communities since 2005, and working independently in the areas of software development, network architecture and IoT consulting since 2011. Implementing the work of the CoRE group got him involved in the IETF, where he found like-minded people to collaborate with on an Internet of Things were interoperability can be expected, the user is in control, and which is secure by default

Close DescriptionBeschreibung Schließen

Ascon - The new NIST standard for lightweight authenticated encryption and hashing

by Martin Schläffervon Martin Schläffer

Ascon - The new NIST standard for lightweight authenticated encryption and hashing

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Martin Schläffervon Martin Schläffer

Description | Beschreibung

Driven by the demand for cryptographic protection in resource-constrained devices, NIST has initiated a lightweight cryptography competition between 2019 and 2023. Among 57 submissions, the Austrian algorithm Ascon has been selected as the new standard for authenticated encryption and hashing. In this talk, we present the design and advantages of Ascon compared to other standards which include security, performance, and footprint. Especially, since ciphers are not used in an ideal world, we show how Ascon’s authenticated encryption also provides robustness against certain implementation attacks and mistakes.

Speaker | Sprecher

Name: Martin Schläffer
Affiliation | Affiliation: Infineon Technologies
Martin Schläffer is a principal engineer and security architect at Infineon Technologies. He received his PhD in cryptography from the Graz University of Technology. Martin co-designed several symmetric cryptographic algorithms, including the new NIST lightweight cryptography standard Ascon. At Infineon, he is responsible for the application and implementation security of cryptographic algorithms in hardware and software.

Close DescriptionBeschreibung Schließen

ITSN!23 - Christoph Amsüss - Copyright ITSN!23/Dessy ascon-1_itsn23_dessy_wm

ITSN!23 - Christoph Amsüss - Copyright ITSN!23/Dessy ascon-2_itsn23_dessy_wm

Analyzing and Understanding the Internet of Insecure Things

by Martina Lindorfervon Martina Lindorfer

Analyzing and Understanding the Internet of Insecure Things

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Martina Lindorfervon Martina Lindorfer

Description | Beschreibung

Consumer devices, from door locks, over TVs, to light bulbs, are becoming increasingly smart. They are linked with other devices as part of smart homes and offices, and often Internet-connected for convenience. The corresponding security and privacy implications have yet to be explored in depth, and their analysis is complicated by device type and architecture diversity. Prior work focused on case studies of specific device types, or analyzed devices' firmware in isolation, requiring substantial manual effort. In contrast, the automatic analysis of devices' interaction with their environment and other devices could uncover new vulnerability types and privacy violations. In this talk, we will present our ongoing work on developing scalable techniques to analyze smart devices at scale for potential vulnerabilities based on how they are collecting, processing, and sharing data by interacting with their mobile companion app. We will also cover new (and application-specific) network protocols used by these devices and discuss their security and privacy impact.

Speaker | Sprecher

Name: Martina Lindorfer
Affiliation | Affiliation: TU Wien
Martina Lindorfer is a tenure-track assistant professor at TU Wien, which she joined at the end of 2018, and a key researcher at SBA Research, the largest research center in Austria which exclusively addresses information security. She received her PhD from TU Wien in 2016 and spent two years as a postdoc at the University of California, Santa Barbara. Her research and outreach activities have been recognized with the ERCIM Cor Baayen Young Researcher Award, the ACM CyberW Early Career Award for Women in Cybersecurity Research, as well as the Hedy Lamarr Award from the City of Vienna. Her research focuses on applied systems security and privacy, with a special interest in automated static and dynamic analysis techniques for the large-scale analysis of applications for malicious behavior, security vulnerabilities, and privacy leaks. Building on her background on malware analysis, she currently focuses on the analysis of mobile apps to enable transparency and accountability in the way they process and share private information. The resulting tools help uncover new and unexpected ways in which apps are violating users' privacy expectations.

Close DescriptionBeschreibung Schließen

You wouldn't STEAL a CAR? - security in automotive control units

by Reinhard Kuglervon Reinhard Kugler

You wouldn't STEAL a CAR? - security in automotive control units

Experts Talk on 1 June 2023 in Block 1 (~09:30)Experts Talk am 1. Juni 2023 im Block 1 (~09:30)
by Reinhard Kuglervon Reinhard Kugler

Description | Beschreibung

Modern cars and tractors are not only bare metal, a motor and wheels, but a complex system, controlled by software within electronic control units (ECU). Safety and usability play a big role in the development of those systems. Since those devices have to be adapted to more than one car type and in field and have to be operational for several decades. Robustness and flexibility is important - the car should work in harsh environments, the car repair shop should be able to troubleshoot the car and the original equipment manifacturer (OEM) needs to be able to adapt and update the software. The ECUs are connected via common communication protocols and offer several interfaces to other ECUs, diagnostics systems or troubleshooters. Security is also a concern, but with focus on threat scenarios, that may not be obvious to the end users. Since the ECUs contain intellectual property, sensitive information and should not be tamped with, the developers implemented security features and use cryptographic protocols. But are those measures and protocols State-of-the-Art and can withstand attacks even several years after the manufacture? This demonstration shows the implementation security features in diagnostics protocols of automotive electronic control units. It shows on real devices how a security tester approaches the analysis and how the devices defend against attacks.

Speaker | Sprecher

Name: Reinhard Kugler
Affiliation | Affiliation: SBA Research
Reinhard Kugler is responsible for Automotive Security at SBA Research. He has experience in Cyber Defense, Incident Response and Penetration Testing of IT and industrial OT/IOT networks. He supports customers in the development of secure IT/IOT products. Reinhard developed commercial hands-on security trainings and is external lecturer on Cyber Security and Cyber Crime Defense ILV at FH Campus Wien. His main focus is to transfer the security know into engineering within the automotive domain to bring safety and security closer together.

Close DescriptionBeschreibung Schließen

10$ for a cookie : A modern view on the threat detection landscape

by Michel de Crevoisiervon Michel de Crevoisier

10$ for a cookie : A modern view on the threat detection landscape

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Michel de Crevoisiervon Michel de Crevoisier

Description | Beschreibung

Defenders mindset and detection technologies are bound to always evolve as attackers arsenal is continuously growing. During this session we will provide a modern view on the threat detection landscape by highlighting and analyzing top threats from the last recent breaches. With an approach based on different perspectives, we will dive into the modern defender mindset and assess some challenges they face. One of them remains the SIEM solutions which, despite of being a master piece in Security Operation Center (SOC), still represent a challenge when it comes to onboard data sources, specially Windows operating systems. Therefore, we will take the opportunity to introduce a complete new toolset aiming to simplify auditing requirements, group policy configuration and data collection via the Splunk Universal Forwarder agent. That said, another key player for detection and response started to raise in the last years: EDR. But due to its popularity and also due to a matter of trust, we will see that several evasion techniques can make it vulnerable, leading us in a direction of a combined approach between EDR and SIEM, together with complementary detection tools for Linux and Windows.

Speaker | Sprecher

Name: Michel de Crevoisier
Affiliation | Affiliation: K-BusinessCom (ex KAPSCH)
Michel is a Detection lead and Senior Security Analyst in the Cyber Defense Center of K-BusinessCom since 2022. Formerly, he worked during 5 years as a Security Analyst, developing threat detection solutions and investigating modern attacks. During his professional career, he handled several positions as a system and network administrator as well as a security architect in France, Spain and Austria. In addition to his practice, Michel contributes to the SOC Prime platform as a Threat Bounty Developer and regularly participates as a speaker on security conferences, especially Bsides. He is also a guest contributor at Red Canary and the author of several detection projects in regards of the Microsoft solutions.

Close DescriptionBeschreibung Schließen

Pitfalls in Embedded Security

by Niklas Grimm von Niklas Grimm

Pitfalls in Embedded Security

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Niklas Grimm von Niklas Grimm

Description | Beschreibung

Embedded systems are an essential part of a variety of products, such as IoT gadgets, medical devices, or cars, and have become an integral part of everyday life. In some cases, these systems also play security-critical roles, and their proper functioning – and thus also protection against cyber attacks – should be ensured. However, due to the high degree of specialization of such embedded systems, in some cases no standardized security measures are implemented, but individual solutions that often contain s ecurity gaps unnoticed. In this presentation, examples of vulnerabilities that occur in the context of embedded systems will be highlighted and approaches to their avoidance will be presented.

Speaker | Sprecher

Name: Niklas Grimm
Affiliation | Affiliation: ITK Engineering
Niklas Grimm is a Cybersecurity Architect at ITK Engineering in Vienna. In this role, he conducts security analyses and creates security concepts, with a focus on embedded systems. He also heads the Austrian part of ITK Engineering's cybersecurity team. Before joining ITK Engineering, Niklas studied computer science in Germany and then received his doctorate in cybersecurity from the Vienna University of Technology.

Close DescriptionBeschreibung Schließen

Turning Container security up to 11 with Capabilities

by Mathias Tausig von Mathias Tausig

Turning Container security up to 11 with Capabilities

Experts Talk on 1 June 2023 in Block 1 (~09:30)Experts Talk am 1. Juni 2023 im Block 1 (~09:30)
by Mathias Tausig von Mathias Tausig

Description | Beschreibung

Container technologies, as popularized first by Docker, already offer a lot of security benefits out of the box the developers and DevOps professionals have come to rely upon. While this has proven to be valuable for increasing the security of many application deployments, it still leaves some room for improvement. Firstly, a lack of deep understanding what protections Docker is offering out of the box can be observed commonly, leading to a dangerous overreliance on the container engine. Secondly, the attack surface of your application can be significantly reduced by leveraging the *capabilities* functionality of the Linux kernel. Using it, one can greatly reduce the system function a running container has access to, thus limiting the exploitation consequences of a vulnerability in an application. This talk explains the possibilities of limiting *capabilites* in a container runtime and shows the benefits in a live demonstration.

Speaker | Sprecher

Name: Mathias Tausig
Affiliation | Affiliation: SBA Research
Graduated in mathematics Holistic perspective on computers: former developer, sysadmin, security officer, university teacher and even computer salesman Now a security consultant specializing in application security Open source lover

Close DescriptionBeschreibung Schließen

Project presentation: JavaScript Pentest Powerhouse

by Valentin Kogard, Timothy Nicholson von Valentin Kogard, Timothy Nicholson

Project presentation: JavaScript Pentest Powerhouse

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Valentin Kogard, Timothy Nicholson von Valentin Kogard, Timothy Nicholson

Description | Beschreibung

The objective of this project is to create an automated penetration testing platform for various attack methods. All these attacks rely on the principle of a machine-in-the-middle attack, which can be used to target the HTTP protocol. The intention is to inject malicious JavaScript code into legitimate HTTP responses. Normally, running these attacks can be a cumbersome task, requiring the user to enter many different parameters. However, this program automates these tasks, only requiring the user to enter a few environment variables into a text file. This project is currently in development, and the team will continue working on it beyond this semester.

Speaker | Sprecher

Name: Valentin Kogard, Timothy Nicholson
Affiliation | Affiliation: FH Campus Wien
Students at FH Campus Wien, Computer Science and Digital Communication.

Close DescriptionBeschreibung Schließen

Nimm zwei, Privacy & Security – wichtige Zutaten für eine resiliente Bank

by Carina Kloibhofer, Nenad Milanovic von Carina Kloibhofer, Nenad Milanovic

Nimm zwei, Privacy & Security – wichtige Zutaten für eine resiliente Bank

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Carina Kloibhofer, Nenad Milanovic von Carina Kloibhofer, Nenad Milanovic

Description | Beschreibung

Man nehme zwei Zutaten mit Ursprüngen in unterschiedlichen Disziplinen, die aber dieselben Ziele verfolgen: Privacy und Security. Daraus machen wir ein für Anwender:innen und Verantwortliche verständliches Konzept. Was sehr komplex klingt ist für die Erste Bank schon Realität. In dieser interaktiven Session wird erklärt welche Komponenten sich perfekt ergänzen, welche Skillsets und Rollen benötigt werden um die Herausforderungen zu bewältigen und welche Differenzen bei aller Synergie bestehen bleiben.

Speaker | Sprecher

Name: Carina Kloibhofer, Nenad Milanovic
Affiliation | Affiliation: Erste Group Bank AG
Head of Data Privacy Security Management, CISO Erste Group Bank AG and lecturer at FH Campus Vienna IT-Security

Close DescriptionBeschreibung Schließen

Cyber Security for industry (Cybersicherheit für die Industrie)

by Wolfgang Mödritsch, Stefan Pfeiffer von Wolfgang Mödritsch, Stefan Pfeiffer

Cyber Security for industry (Cybersicherheit für die Industrie)

Experts Talk on 2 June 2023 in Block 1 (~09:30)Experts Talk am 2. Juni 2023 im Block 1 (~09:30)
by Wolfgang Mödritsch, Stefan Pfeiffer von Wolfgang Mödritsch, Stefan Pfeiffer

Description | Beschreibung

The current industry, also Industry 4.0 ( "Industry X") has to add digital capabilities to its deep engineering and manufacturing expertise. The presentation focuses on cyber security challenges that emerge in this process, especially for industrials. We will showcase what interrogation cyber security poses to companies operating in the IoT/OT area - and show limitations of current methodologies.

Speaker | Sprecher

Name: Wolfgang Mödritsch, Stefan Pfeiffer
Affiliation | Affiliation: Mitarbeiter in der Cybersicherheit (DACH-Raum), Accenture GmbH
Wolfgang has 25+ years of industry expierence working as Developer, Security Professional and Project Manager. He is now working for Industrial and Public Service companies in international projects, focusing on Application Security and Managed Security, distributed development and delivery. Stefan is our key security professional in the domain of Cyber Resilience - Detection & Response. Stefan focuses on Threat Detection and SIEM implementation and has gathered experience in the financial Sector.

Close DescriptionBeschreibung Schließen

Betreutes Hacken - Senior und die Juniorcrew

by Petar "Hetti" Kosicvon Petar "Hetti" Kosic

Betreutes Hacken - Senior und die Juniorcrew

Experts Workshop on 2 June 2023 in Block 1 (~10:00)Experts Workshop am 2. Juni 2023 im Block 1 (~10:00)
by Petar "Hetti" Kosicvon Petar "Hetti" Kosic

Description | Beschreibung

Gemeinsam eine Box Challenge meistern. Tools, Taktiken und Prozeduren kennenlernen und anwenden beim Analysieren einer vulnerablen Box. Maximale Teilnehmerzahl je Workshop: 12 Personen Eine nicht aufgezeichnete Workshop Session in der wir gemeinsam eine interaktive TryHackMe (THM) Challenge lösen. Das Ziel ist es eine gemeinsame Hacking Session, in welcher Ihr sowohl etwas Lernt als auch das gelernte direkt praktisch umsetzen könnt. Im Rahmen des Workshops sollt ihr aktiv mitmachen.

Speaker | Sprecher

Name: Petar "Hetti" Kosic
Affiliation | Affiliation: Chaos Computer Club Vienna (C3W), CTF Team: We_0wn_Y0u
Hetti ist ein IT-Security Experte aus Wien und Teil des feinsten Wiener Hackspaces Metalab. In seiner Freizeit fährt er sehr gerne auf community basierte IT (Security) Konferenzen und Camps. Die Wiener Cryptoparty ist von ihm organisiert, bei der er auch Vorträge und Workshops zu verschiedenen Themen der IT-Security & Privatssphäre hält. Man findet ihn auch beim Chaos Computer Club Vienna (C3W) und an manchen Wochenenden ist er auf Flaggenjagd mit dem erfolgreichen akademischen CTF Team We_0wn_Y0u.

Close DescriptionBeschreibung Schließen

Die Macht des OSINT: Wie man öffentliche Daten effektiv nutzt

by Fabio Birnegger, Fatih Varlivon Fabio Birnegger, Fatih Varli

Die Macht des OSINT: Wie man öffentliche Daten effektiv nutzt

Experts Workshop on 2 June 2023 in Block 1 (~10:00)Experts Workshop am 2. Juni 2023 im Block 1 (~10:00)
by Fabio Birnegger, Fatih Varlivon Fabio Birnegger, Fatih Varli

Description | Beschreibung

Open Source Intelligence (OSINT) beschreibt die Sammlung und Analyse von frei verfügbaren und öffentlichen Daten. Dazu gehören Webseiten, Social Media, Foren, öffentliche Datenbanken und vieles mehr. In dem Workshop wird zum einen gezeigt, wie ein Angreifer sich aus diesen Daten einen Nutzen ziehen kann. Des Weiteren wird Bewusstsein dafür geschaffen, dass im Internet nicht alles geteilt werden sollte. Es werden verschiedene Tools und Techniken vorgestellt. Am Ende der Session wird es eine Challenge geben, bei der die Teilnehmer das gelernte praktisch anwenden werden.

Speaker | Sprecher

Name: Fabio Birnegger, Fatih Varli
Affiliation | Affiliation: TÜV TRUST IT, Deutsche Telekom Cyber Security Austria, FH Campus Wien - IT-Security
Fabio Birnegger ist Penetration Tester bei der TÜV TRUST IT und studiert IT-Security (MSc) an der FH Campus Wien. Er ist sehr interessiert an unterschiedlichen Themen aus der offensiven IT-Security, besonders aber an Web- und Cloud Security. Fatih Varli ist Security Analyst bei der Deutschen Telekom und studiert IT-Security (MSc) an der FH Campus Wien. Er ist sehr interessiert in verschiedenen IT-Security Bereichen, in der Vergangenheit hat er sich häufig mit IT-Forensik Themen beschäftigt.

Close DescriptionBeschreibung Schließen

Unpacking firmware

by Florian Lukavsky, Marton Illesvon Florian Lukavsky, Marton Illes

Unpacking firmware

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
by Florian Lukavsky, Marton Illesvon Florian Lukavsky, Marton Illes

Description | Beschreibung

One of the major challenges of embedded security analysis is the sound and safe extraction of arbitrary firmware. Specialized tools that can extract information from those firmwares already exists, but we wanted something smarter that could identify both start offset of a specific chunk (e.g. filesystem, compression stream, archive) and end offset. We stick to the format standard as much as possible when deriving these offsets, and we clearly define what we want out of identified chunks (e.g., not extracting meta-data to disk, padding removal). This strategy helps us feed known valid data to extractors and precisely identify unidentified chunks, turning unknown unknowns into known unknowns. Given the modular design of unblob and the ever expanding repository of supported formats, unblob could be used in areas outside of embedded security such as data recovery, memory forensics, or malware analysis.

Speaker | Sprecher

Name: Florian Lukavsky, Marton Illes
Affiliation | Affiliation: CTO ONEKEY, Head of Development and Product Management at ONEKEY
Florian Lukavsky started his hacker career in early ages, bypassing parental control systems. Since then, he has reported numerous zero-day vulnerabilities responsibly to software vendors and has conducted hundreds of pentests and security reviews of IoT devices as a CREST certified, ethical hacker. Today, Florian Lukavsky aids organizations with IoT security automation as CTO of ONEKEY (formerly known as IoT Inspector), the leading European platform for automated security analyses of IoT firmware. Marton worked at various different security companies in the last 20+ years (BalaBit/OneIdentity, Offensive Security, ONEKEY). He is currently working at ONEKEY as the head of the engineering & research team, where he is focusing on automated analysis & vulnerability research of embedded devices.

Close DescriptionBeschreibung Schließen

Web Security CTF für Anfänger

by Alexander Ressl, Florentina Paschinger, Lukas Pühringer, Lukas Putzvon Alexander Ressl, Florentina Paschinger, Lukas Pühringer, Lukas Putz

Web Security CTF für Anfänger

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
by Alexander Ressl, Florentina Paschinger, Lukas Pühringer, Lukas Putzvon Alexander Ressl, Florentina Paschinger, Lukas Pühringer, Lukas Putz

Description | Beschreibung

Anhand eines zur Verfügung gestellten Routers könnt ihr Pentesting kennenlernen und vielleicht vorhandene Kenntnisse nutzen und verfeifern. Innerhalb des CTFs sind einige Flags versteckt, welche ihr für den Sieg finden müsst. Es gibt zu Beginn eine kurze Vorstellung, sowie Tipps und Tricks während des Workshops. Happy Hacking!

Speaker | Sprecher

Name: Alexander Ressl, Florentina Paschinger, Lukas Pühringer, Lukas Putz
Affiliation | Affiliation: CTO ONEKEY, Head of Development and Product Management at ONEKEY
Alexander Ressl war schon immer an Cyber Security interssiert, deswegen ging er auf die HTL Rennweg mit Hauptzweig Netzwerktechnik und studiert nun “Computer Science and Digital Communications” an der FH Campus Wien. Florentina Paschinger ist Studentin des Studiengangs “Computer Science and Digital Communications” an der FH Campus Wien. Beruflich ist sie als Cyber Security Engineer bei der Bosch Engineering GmbH angestellt, sowie als studentische Mitarbeiterin für das Penetration Testing and Embedded Security in Depth Projekt tätig. Lukas Pühringer ist Programmier und Pentesting interessiert, aufgrunddessen schloss er die HTL Rennweg ab und studiert nun “Computer Science and Digital Communications” an der FH Campus Wien. Lukas Putz ist Student des Studiengangs “Computer Science and Digital Communications” an der FH Campus Wien. Aufgrund seines Interesses an IT-Security ist er an der FH Campus Wien in diesem Bereich als studentischer Mitarbeiter tätig.

Close DescriptionBeschreibung Schließen

Bleibt im Kopf: Wirkungsvolle Methoden der Mitarbeitersensibilisierung

by Sandra Wiesbeck und Klaudia Zotzmann-Kochvon Sandra Wiesbeck und Klaudia Zotzmann-Koch

Bleibt im Kopf: Wirkungsvolle Methoden der Mitarbeitersensibilisierung

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
by Sandra Wiesbeck und Klaudia Zotzmann-Kochvon Sandra Wiesbeck und Klaudia Zotzmann-Koch

Description | Beschreibung

Wirkungsvolle Methoden der Mitarbeitersensibilisierung Kurzbeschreibung des Vortrags/Workshops: Wenn in Ihrer Organisation die Sprache auf IT-Sicherheit kommt, winken alle nur genervt ab? Dann wird es Zeit dafür, die obligatorische PowerPoint Präsentation in den Mülleimer zu werfen, und Methoden auszuprobieren, mit denen die Inhalte nicht nur im Kopf bleiben, sondern auch noch Spaß machen. Im Workshop stellen wir verschiedene Möglichkeiten der Sensibilisierung vor und tauschen uns über best practice Beispiele aus. Denn am Ende sind gut geschulte Mitarbeitende einer der wichtigsten Faktoren für die Verhinderung von Cyerberattacken und die letzte Verteidigungslinie zwischen Ihnen und den Kriminellen.

Speaker | Sprecher

Name: Alexander Ressl, Florentina Paschinger, Lukas Pühringer, Lukas Putz
Affiliation | Affiliation: IT-Sicherheitscluster e. V.
Coming Soon.

Close DescriptionBeschreibung Schließen

Day 2 (June 2) | Tag 2 (2. Juni)

The importance of Security-Leadership in a multinational company

by Roland Suppervon Roland Supper

The importance of Security-Leadership in a multinational company

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)by Roland Suppervon Roland Supper

Description | Beschreibung

Roland Supper is Group Chief Security Officer (CSO) of Erste Group Bank AG and reports directly to the Holding board. In his group function he's responsible for the areas Business Continuity & Crisis Managemt, (Cyber)Physical Security and Cyber Information Security. A heterogene systems landscape, high sensitive data and different cultures across the operating countries of Erste demand a strong governance concept and certain leadership skills, to ensure the confidentiality, integrity and availability of our customers data.

Speaker | Sprecher

Name: Roland Supperh
Affiliation | Affiliation: Erste Group Bank AG
CSO Erste Group Bank AG and lecturer at FH Campus Vienna IT-Security

Close DescriptionBeschreibung Schließen

Panel Discussion: Usable Security

Participants: Bruce Schneier, Katharina Krombholz, Mathias Tausig, Silvie Schmidt and Nenad Milanovic Hosted by Manuel KoschuchParticipants: Bruce Schneier, Katharina Krombholz, Mathias Tausig, Silvie Schmidt and Nenad Milanovic Hosted by Manuel Koschuch

Panel Discussion: Usable Security

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
Participants: Bruce Schneier, Katharina Krombholz, Mathias Tausig, Silvie Schmidt and Nenad Milanovic Hosted by Manuel KoschuchParticipants: Bruce Schneier, Katharina Krombholz, Mathias Tausig, Silvie Schmidt and Nenad Milanovic Hosted by Manuel Koschuch

Description | Beschreibung

Join us for an exciting panel discussion on Usable Security featuring top experts, including Bruce Schneier and Katharina Krombholz. Together with other distinguished scholars and practitioners, they will share their latest research findings and experiences in the field. The discussion will focus on the challenges of designing security solutions that are not only secure but also user-friendly. The panelists will explore the latest trends and developments in the field and discuss the role of human behavior and psychological factors in designing user-friendly security solutions. This interactive session will provide ample opportunity for participants to engage with the experts, ask questions, and gain valuable insights into the future of Usable Security. Don't miss out on this exciting opportunity to learn from the best and be a part of shaping the future of security.

Speaker | Sprecher

Name: Participants: Bruce Schneier, Katharina Krombholz, Mathias Tausig, Silvie Schmidt and Nenad Milanovic Hosted by Manuel Koschuch
Affiliation | Affiliation: -
Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. Katharina Krombholz is a tenured faculty at CISPA and head of the research group Usable Security in the Empirical and Behavioral Security research area. Mathias Tausig graduated in mathematics and has a holistic perspective on computers: former developer, sysadmin, security officer, university teacher and even computer salesman. He works now as a security consultant specializing in application security and is always an open source lover. Silvie Schmidt works at the Competence Centre for IT-Security since 2015. She focuses on IoT-Security and is responsible for the ELVIS Lab (Embedded Lab Vienna for IoT & Security). Nenad Milanovic is CISO Erste Group Bank AG and lecturer at FH Campus Vienna IT-Security Manuel Koschuch works at the Competence Centre for IT-Security and is researcher and lecturer in the field of IT-Security at FH-Campus Vienna. He is specialized in Cryptography and Network Security.

Close DescriptionBeschreibung Schließen

ITSN!23panel-discussion-2_fhcw_dujmic_wm

ITSN!23panel-discussion-3_fhcw_dujmic_wm

ITSN!23panel-discussion-4_fhcw_dujmic_wm

ITSN!23panel-discussion-5_fhcw_dujmic_wm

ITSN!23panel-discussion-6_fhcw_dujmic_wm

ITSN!23panel-discussion-7_fhcw_dujmic_wm

ITSN!23panel-discussion-9_fhcw_dujmic_wm

ITSN!23panel-discussion-10_fhcw_dujmic_wm

ITSN!23panel-discussion-11_fhcw_dujmic_wm

ITSN!23panel-duscusiion-1_fhcw_dujmic_wm

Cybercrime – prevention measures, crisis handling and post incident analysis

Axel Anderl und Nino TlapakAxel Anderl und Nino Tlapak

Cybercrime – prevention measures, crisis handling and post incident analysis

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
Axel Anderl und Nino TlapakAxel Anderl und Nino Tlapak

Description | Beschreibung

Since 2020, there has been a massive increase in cyberattacks. The attackers are usually equally invasive, regardless of the industry - from CEO fraud to phishing to ransomware - we regularly support our clients in prevention, in the crisis situation and also in the subsequent post incident analysis. We can therefore not only share anonymized war stories, but also cover all legal and strategic topics directly from our practical experience (including data protection, insurance, involvement of investigating authorities, crisis PR, civil and criminal liability issues).

Speaker | Sprecher

Name: Axel Anderl und Nino Tlapak
Affiliation | Affiliation: Partner at DORDA Rechtsanwälte GmbH
Axel Anderl is Managing Partner at DORDA and head of our IT, IP and Privacy Team as well as our Digital Industries Group. Nino Tlapak is Partner at DORDA, Co-Head of the Privacy Team and focuses in addition on cybercrime as well as outsourcing and cloud contracts in the regulated area. We have extensive expertise in the field of cybersecurity. We have already provided actual support to numerous mandates both in the area of conceptual design, but also support in (cross-border) circumstances in the event of an incident. Accordingly, we can draw on comprehensive market know-how and a corresponding network - as is generally the case in the IT and data protection sector. In this context, we are also happy to refer to our rankings as set out at www.dorda.at. To sum it up: In the area of IT, we are the only law firm in Austria that is ranked as a top tier firm for both Legal500 and Chambers. In data protection, we are also in the First Tier. This makes us the only law firm in Austria that is consistently ranked as first tier in the IT and Privacy areas.

Close DescriptionBeschreibung Schließen

ITSN!23cybercrime-prevention-measures-c_fhcw_dujmic_wm

WiFi und der Unsichtbarkeitszauber

Alexander Ressl, Lukas Putz, Lukas Pühringer Alexander Ressl, Lukas Putz, Lukas Pühringer

WiFi und der Unsichtbarkeitszauber

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
Alexander Ressl, Lukas Putz, Lukas Pühringer Alexander Ressl, Lukas Putz, Lukas Pühringer

Description | Beschreibung

Anhand einer Live-Demonstration wird gezeigt, wie ein*e Einbrecher*in mit IT-Sicherheitskenntnissen in eine mit einer RING Kamera ausgestatteten Wohnung eindringen kann. Es wird gezeigt, wie mit einem WiFi Anschluss eine Deauthentifizierungs-Attacke durchgeführt werden kann, um die Datenübertragung der Kamera lahmzulegen, ohne dass die einbrechenden Personen selbst mit dem WiFi der Wohnung verbunden sein müssen.

Speaker | Sprecher

Name: Alexander Ressl, Lukas Putz, Lukas Pühringer
Affiliation | Affiliation: Campus Cyber Security Team - FH Campus Wien, PETE-S
Lukas Pühringer ist Programmier und Pentesting interessiert, aufgrunddessen schloss er die HTL Rennweg ab und studiert nun “Computer Science and Digital Communications” an der FH Campus Wien. Alexander Ressl war schon immer an Cyber Security interssiert, deswegen ging er auf die HTL Rennweg mit Hauptzweig Netzwerktechnik und studiert nun “Computer Science and Digital Communications” an der FH Campus Wien. Lukas Putz ist Student des Studiengangs “Computer Science and Digital Communications” an der FH Campus Wien. Aufgrund seines Interesses an IT-Security ist er an der FH Campus Wien in diesem Bereich als studentischer Mitarbeiter tätig.

Close DescriptionBeschreibung Schließen

Warum der Osterhase beliebter als Security Awareness ist: Security Gamification bei der Erste Bank

Elisabeth DanielElisabeth Daniel

Warum der Osterhase beliebter als Security Awareness ist: Security Gamification bei der Erste Bank

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
Elisabeth DanielElisabeth Daniel

Description | Beschreibung

Speaker | Sprecher

Name: Elisabeth Daniel
Affiliation | Affiliation: Erste Group Bank AG
Security Awarenses Lead

Close DescriptionBeschreibung Schließen

Umwandlung Desktop-App - Web-App: Was kann schon schiefgehen?

by Simon Schöneggervon Simon Schönegger

Umwandlung Desktop-App - Web-App: Was kann schon schiefgehen?

Experts Workshop on 2 June 2023 in Block 2 (~13:30)Experts Workshop am 2. Juni 2023 im Block 2 (~13:30)
by Simon Schöneggervon Simon Schönegger

Description | Beschreibung

Auswertung und Überwachung sind ein wichtiger Bestandteil der IoT-Welt. In diesem Vortrag gehen wir darauf ein, was passieren kann, wenn eine Software für Reporting, die eigentlich für die Anwendung am Client gedacht war, über eine Webapplikation verfügbar gemacht wird. In einem Penetrationstest hatten wir exakt dieses Szenario. Ein Kunde plante Auswertungen über seine Devices und verwendete dafür einen Report Viewer und Designer von einem externen Zulieferer. Dieser Penetrationstest endete mit vier CVEs mit einem Rating von 5.9 – 10.0. Diese aufgedeckten Schwachstellen werden in diesem Vortrag vorgestellt. Darüber hinaus werden Möglichkeiten diskutiert, wie derartige Schwachstellen verhindert werden können.

Speaker | Sprecher

Name: Simon Schönegger
Affiliation | Affiliation: TÜV TRUST IT TÜV AUSTRIA
Penetration Tester bei TÜV TRUST IT TÜV AUSTRIA Masterstudium IT&Mobile Security an der FH Joanneum

Close DescriptionBeschreibung Schließen

AI that can Save the Day or Hack it Away

by Patrick Fettervon Patrick Fetter

AI that can Save the Day or Hack it Away

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Patrick Fettervon Patrick Fetter

Description | Beschreibung

Due to ChatGPT, OpenAI’s release of the new interface for its Large Language Model (LLM), in the last few months there has been an explosion of interest in General AI in the media and on social networks. This model is used in many applications all over the web and has been praised for its ability to generate well-written code and aid the development process. However, this new technology also brings risks. For instance, lowering the bar for code generation can help less-skilled threat actors effortlessly launch cyber-attacks.

Speaker | Sprecher

Name: Patrick Fetter
Affiliation | Affiliation: Check Point Software Technologies, Security Engineer & Cyber Security Evangelists, Office of the CTO
Patrick Fetter has been supporting many Austrian companies and IT system providers in the creation of security concepts as a Security Consultant for more than 8 years. Working with diverse industries on a variety of projects, he is able to provide insight into corporate security awareness and how the right safeguards can protect a company's crown jewels.

Close DescriptionBeschreibung Schließen

OT Security - das unfassbar Unsichere

by Bernhard Lorenz, Felix Eberstallervon Bernhard Lorenz, Felix Eberstaller

OT Security - das unfassbar Unsichere

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Bernhard Lorenz, Felix Eberstallervon Bernhard Lorenz, Felix Eberstaller

Description | Beschreibung

Statische Superuser Passwörter, wackelige proprietäre Protokolle oder unsichere Netzwerkarchitekturen sind nur einige von unzähligen Schwachstellenkategorien, die in Penetration Tests von Industrie und kritischer Infrastruktur tatsächlich identifiziert werden. Besonders in OT Penetration Tests werden oft exotischere Komponenten, wie PLCs, HMIs oder Leitsysteme verwendet, die sich mit moderner Infrastruktur mischen. Aus dieser Kombination ergeben sich viele interessante Schwachstellen und Angriffsvektoren.Manchmal sind diese so unglaublich, dass man meinen könnte, sie wären frei erfunden. Im Vortrag werden wie bei X-Faktor, tatsächlich vorgefallene mit frei erfundenen Beispielen gemischt. Am Ende des Vortrags darf das Publikum raten welche Geschichten sich tatsächlich so zugetragen haben und welche frei erfunden sind.

Speaker | Sprecher

Name: Bernhard Lorenz, Felix Eberstaller
Affiliation | Affiliation: Limes Security GmbH
Bernhard Lorenz ist einer der erfahrensten OT Security Penetration Tester&Berater der Limes Security, der nicht nur mit technischen Aspekten einer OT-Umgebung, sondern auch mit deren Prozessen und organisatorischen Anforderungen bestens vertraut ist. Seine Schwerpunkte sind Konformität zur NIS, die Umsetzung von Security relevanten Prozessen als auch die Durchführung von Penetration Testsin kritischer Infrastruktur. Felix Eberstaller ist ein erfahrener OT Security Specialist bei Limes Security. Seine Schwerpunkte sind industrielle Sicherheit, IoT-Sicherheit, Embedded Systems Hardening und Penetration Testing. Außerdem unterrichtet er die Lehrveranstaltung Penetration Testing an der Johannes Kepler Universität Linz.

Close DescriptionBeschreibung Schließen

Verstehen, Erkennen und Mitigieren von Angriffsvektoren, unterstützt durch MITRE ATT&CK

by Tom Perkovicvon Tom Perkovic

Verstehen, Erkennen und Mitigieren von Angriffsvektoren, unterstützt durch MITRE ATT&CK

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Tom Perkovicvon Tom Perkovic

Description | Beschreibung

Alle Unternehmen sehen sich immer mehr mit dem Thema Cyber Security konfrontiert. Durch den Mangel sowohl an personellen Ressourcen, als auch an Fachwissen ist es stark erschwert sich entsprechend zu verteidigen. Daraus ergibt sich die Frage, wie Unternehmen bei der Umsetzung von Sicherheitsmaßnahmen unterstützt werden können, auch durch Frameworks wie MITRE ATT&CK.

Speaker | Sprecher

Name: Tom Perkovic
Affiliation | Affiliation: Radar Cyber Security – Chief Security Analyst
Tom Perkovic ist Chief seit knapp 5 Jahren Security Analyst bei Radar Cyber Security. Bildungsweg: HTL Rennweg - Netzwerktechnik, FH St. Pölten – IT Security BSc.

Close DescriptionBeschreibung Schließen

Automating and attacking complex HTTP processes with OWASP Raider

by Daniel Neagaruvon Daniel Neagaru

Automating and attacking complex HTTP processes with OWASP Raider

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Daniel Neagaruvon Daniel Neagaru

Description | Beschreibung

Raider is a novel, LISP-based framework for web application security testing that abstracts the client-server information exchange as a finite state machine. Each step comprises one request with inputs, one response with outputs, arbitrary actions to do on the response, and conditional links to other stages, creating a graph-like structure. This architecture works not only for authentication purposes but can be used for any HTTP process that needs to keep track of states. In this presentation, we'll cover the motivation behind Raider, the key concepts of the framework, and demonstrate how it can automate complex HTTP processess. We'll show how Raider's flexibility enables easy customization of attacks and how its clear text configuration makes reproducing, sharing, and modifying attacks easy.

Speaker | Sprecher

Name: Daniel Neagaru
Affiliation | Affiliation: Akkodis
Daniel is a seasoned pentester with over 5 years of experience in security, 5 more as a sysadmin, and a passion for building tools that solve real-world problems. His experience helping developers build OAuth directly from RFCs highlighted the limitations of existing tools, motivating him to build a more flexible and customizable solution. 2 years ago, he started building Raider, and later the same year it became a part of OWASP, and he's been actively developing and improving raider ever since.

Close DescriptionBeschreibung Schließen

Captcha.eu vs. bots

by Helmut Januschkavon Helmut Januschka

Captcha.eu vs. bots

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Helmut Januschkavon Helmut Januschka

Description | Beschreibung

Defending against bots can be a challenging and ongoing game of cat-and-mouse. However, with Captcha.eu, we offer an innovative solution that provides an invisible captcha to safeguard your website and forms against all types of bot generations. From basic scripts to advanced full-browser bots, our solution is based on the latest research and utilizes a range of cutting-edge technologies, including machine learning and cryptographic challenges, to effectively identify and prevent automated bots. Moreover, our product is fully compliant with GDPR regulations, ensuring that your data is protected with a European-based solution. With Captcha.eu, you can finally say goodbye to the tedious task of identifying traffic lights and other difficult-to-read captchas.

Speaker | Sprecher

Name: Helmut Januschka
Affiliation | Affiliation: Organization
My name is Helmut Januschka and I am the Head of Engineering @krone_at and CEO at Captcha.eu. With over 20 years of experience in the publishing industry, I am passionate about creating innovative solutions that improve the online experience for users.

Close DescriptionBeschreibung Schließen

Dissecting the Unknown - How to Extend Wireshark with Lua

by Gabriel Karl Gegenhuber, Florian Holzbauervon Gabriel Karl Gegenhuber, Florian Holzbauer

Dissecting the Unknown - How to Extend Wireshark with Lua

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Gabriel Karl Gegenhuber, Florian Holzbauervon Gabriel Karl Gegenhuber, Florian Holzbauer

Description | Beschreibung

In this workshop, we will learn how to write Lua scripts to add additional functionality to Wireshark during runtime. This includes writing a packet dissector that allows interpreting traffic of an unknown protocol to investigate data leakage from a malicious host in the network. The participants are provided with a traffic capture. The only requirement for the workshop is a working installation of Wireshark (any OS).

Speaker | Sprecher

Name: Gabriel Karl Gegenhuber, Florian Holzbauer
Affiliation | Affiliation: University of Vienna & SBA Research
Gabriel K. Gegenhuber is a PhD student at the University of Vienna and an IT security researcher at SBA Research. He is currently conducting research in the area of cellular and mobile networks. This includes Internet measurement technologies, traffic classification systems (e.g., deep packet inspection), and measurements around net neutrality and privacy violations. Furthermore, he's working on improving the MobileAtlas (https://www.mobileatlas.eu/) measurement platform for cellular networks. Florian Holzbauer is a PhD student at the University of Vienna and an IT security researcher at SBA Research. His research focuses on network security and network infrastructure analysis. He is currently measuring Internet standard adoption and compliance of email providers around the world. He and his fellow researchers run an open SMTP and DNS testbed ((https://www.email-security-scans.org/). Next to the application layer, he measures standard compliance on the network layer. Relying on a dedicated scan infrastructure, he monitors the Internet´s transition from IPv4 to IPv6.

Close DescriptionBeschreibung Schließen

Designing Secure and Usable Authentication for Smart Homes

by Alexander Ponticello and Katharina Krombholzvon Alexander Ponticello and Katharina Krombholz

Designing Secure and Usable Authentication for Smart Homes

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Alexander Ponticello and Katharina Krombholzvon Alexander Ponticello and Katharina Krombholz

Description | Beschreibung

Join us in this workshop to explore the challenges of designing secure and usable authentication for the smart home. During this workshop, you will learn to consider the users' perspective right throughout the design process of a security mechanism in this context. In this hands-on workshop, we will first discuss existing authentication mechanisms and their limitations. We will also present findings from our research; we studied the design space of smart home assistant authentication and identified challenges to overcome. Based on these findings, we guide you through the design process of a new authentication mechanism. Then, we will perform a design-a-thon and you will then have the opportunity to present and discuss your solutions with the group. By the end of this workshop, you will have gained a better understanding of the importance of designing secure and usable authentication mechanisms and have hands- on experience in designing systems based on user-centered design principles. This workshop is perfect for everyone interested in the usability and security of smart home voice assistants and beyond. No specific skills are required to participate, although a superficial understanding of voice controlled systems will be helpful.

Speaker | Sprecher

Name: Alexander Ponticello and Katharina Krombholz
Affiliation | Affiliation: CISPA Helmholtz Center for Information Security
Katharina Krombholz is a tenured faculty at CISPA Helmholtz Center for Information Security and head of the research group Usable Security in the Empirical and Behavioral Security research area. Alexander Ponticello is PHD student at ISPA Helmholtz Center for Information Security, he published a paper about "Exploring Authentication for Security-Sensitive Tasks on Smart Home Voice Assistants" together with Katharina Krombholz and Matthias Fassl.

Close DescriptionBeschreibung Schließen

Tox CryptoParty - Install a Tox Client and have some fun with it

by Zoffvon Zoff

Tox CryptoParty - Install a Tox Client and have some fun with it

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Zoffvon Zoff

Description | Beschreibung

Bring your laptops and smartphones and learn how to install a Tox Client on your device. We will show you how to improve your privacy with Tox, or make the best use of Tox in your scenario. Now with Push Notifications, Background removal on Videocalls and a revival of the iPhone Client. And IRC like Groupchat features with History sync and Group Images. If you have questions about Tox or a particular Tox client, you can ask them here. About Tox: Tox is a P2P end-to-end encrypted distributed overlay network on UDP/TCP/IP. Here is an introduction Video to Tox that you can watch: https://zoff99.github.io/rC3_2020/ It is used to build distributed applications such as instant messengers, VPNs, and audio/video streaming services. Tox Chat aims to be a fully functional Skype replacement for 1:1 audio/video chats, group chats, and small scale audio group conferences. The Tox core library has a small footprint, running on embedded devices such as Raspberry Pi, phones, as well as on large servers to provide secure services. Tox is built on NaCl, the crypto library by djb.

Speaker | Sprecher

Name: Alexander Ponticello and Katharina Krombholz
Affiliation | Affiliation: -
chaotic developer, and something something metalab vienna

Close DescriptionBeschreibung Schließen

The Cold Boot Attack and other Hot Stuff

by Pol Hölzmervon Pol Hölzmer

The Cold Boot Attack and other Hot Stuff

Public Talk on 2 June 2023 in Block 1 (~10:00)Public Talk am 2. Juni 2023 im Block 1 (~10:00)
by Pol Hölzmervon Pol Hölzmer

Description | Beschreibung

The Cold Boot Attack belongs to the so-called side-channel attacks, in which security measures can be overcome by rather unconventional means. In this workshop, you will learn what can happen when physical access to a computer system is given, either through unattended access or even after disposal. Questions like whether a strong login password can protect the system's confidentiality and data, or if local data encryption solves all problems? There are different ways to gain unauthorized access to generic personal devices, demonstrated during the workshop with hands-on examples. The cold-boot attack is one of those means, which can then be used in given scenarios, in which the hardware is frozen down to subsequently extract encryption keys, bypassing most security measures. This more advanced attack and other introductory examples include modifying the device's firmware and other physical tampering methods

Speaker | Sprecher

Name: Pol Hölzmer
Affiliation | Affiliation: University of Luxembourg
IT-Security and Privacy ethusiast from Lëtzebuerg (Luxembourg). Versatile in humanoid and android languages. Currently, doctoral researcher at the Interdisciplinary Center for Security, Reliability and Trust (SnT) at the University of Luxembourg (UNI.lu), and alumni of the IT-Security Master's degree programme at the FH Campus Wien. Developer of this very webpage (its-now.science), and contributor to the Embedded Lab Vienna for IoT and Security (elvis.science). Join me at the IT-S NOW and Letz make it happen. This workshop has been created under the former affiliation of the FH Campus Wien, Competence Center for IT-Security.

Close DescriptionBeschreibung Schließen