{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://pretalx.com/bsides-munich-2024/schedule/", "version": "1.1", "base_url": "https://pretalx.com", "conference": {"acronym": "bsides-munich-2024", "title": "BSides Munich 2024", "start": "2024-11-09", "end": "2024-11-11", "daysCount": 3, "timeslot_duration": "00:05", "time_zone_name": "Europe/Berlin", "colors": {"primary": "#575614"}, "rooms": [{"name": "Hochschule M\u00fcnchen - R1.006", "slug": "3425-hochschule-munchen-r1006", "guid": "b89c3c58-1af5-5665-a729-adc46053905d", "description": null, "capacity": 50}, {"name": "Hochschule M\u00fcnchen - R1.008", "slug": "3426-hochschule-munchen-r1008", "guid": "e33360c0-0062-5205-a8da-a7a447592347", "description": null, "capacity": 50}, {"name": "Hochschule M\u00fcnchen - R1.007", "slug": "3427-hochschule-munchen-r1007", "guid": "627959fb-9b2a-5024-b05b-3f750feb26a2", "description": null, "capacity": 50}, {"name": "Hochschule M\u00fcnchen - R0.010", "slug": "3428-hochschule-munchen-r0010", "guid": "28c1aead-22d7-50e5-839b-898dab6dce5b", "description": null, "capacity": 50}, {"name": "Hochschule M\u00fcnchen - R0.007", "slug": "3424-hochschule-munchen-r0007", "guid": "644f12b0-eeca-52f0-b67a-0a41739cc24e", "description": null, "capacity": 50}, {"name": "WestIn - Munich", "slug": "3429-westin-munich", "guid": "dce9ad0a-1817-5ef5-81e8-1ca65a84def0", "description": null, "capacity": 350}, {"name": "WestIn - Partenkirchen", "slug": "3430-westin-partenkirchen", "guid": "67eff65c-13c3-5635-a4c0-e666c30db918", "description": null, "capacity": 150}], "tracks": [{"name": "Workshops", "slug": "4470-workshops", "color": "#6A6BFB"}, {"name": "Talks", "slug": "4471-talks", "color": "#040404"}], "days": [{"index": 1, "date": "2024-11-09", "day_start": "2024-11-09T04:00:00+01:00", "day_end": "2024-11-10T03:59:00+01:00", "rooms": {"Hochschule M\u00fcnchen - R0.007": [{"guid": "65d71c2c-8a4e-54eb-81f5-71c5bc4dedb2", "code": "ZSPAG9", "id": 53305, "logo": null, "date": "2024-11-09T09:00:00+01:00", "start": "09:00", "duration": "09:00", "room": "Hochschule M\u00fcnchen - R0.007", "slug": "bsides-munich-2024-53305-iot-device-security", "url": "https://pretalx.com/bsides-munich-2024/talk/ZSPAG9/", "title": "IoT Device Security", "subtitle": "", "track": "Workshops", "type": "Workshop (8h)", "language": "en", "abstract": "IoT devices often lack robust security, making them prime targets for attackers. This workshop offers participants hands-on experience in accessing and analyzing the firmware of a real-world IoT device. Working in small groups, participants will be provided with real-world devices and the necessary hardware to dump the firmware from flash memory chips and analyze other open communication interfaces. Using Ghidra, participants will reverse engineer the firmware to uncover potential vulnerabilities. Additionally, the workshop will cover common vulnerabilities in WiFi and Bluetooth Low Energy communication.", "description": "# Covered Topics\r\n\r\n### Bus Communication\r\n- UART Overview\r\n- Hands-On: Getting access to the UART Communication\r\n### Firmware Analysis\r\n- Overview of different Flash Memory types\r\n- Hands-On: Dumping the firmware of a NOR Flash\r\n### Reversing the Firmware Dump\r\n- Brief Introduction to ARM assembly\r\n- Reversing with Ghidra\r\n  * Struct Creation in Ghidra\r\n  * \u2060Intro to Ghidra Scripting\r\n  * \u2060Using the Ghidra Emulator \r\n  * \u2060Dealing with cases where Ghidra gets it wrong\r\n### Exploiting Communication Protocols\r\n- TLS Security for WiFi communication (Demo: Certmitm)\r\n- BLE Communication Sniffing (Demo: Sniffle)\r\n\r\nTarget Device: Real world Device (e.g. smart camera, doorbell, ...)\r\nHacking Tool: Arduino or ESP32", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZCJEBB", "name": "Daniel Schwendner", "avatar": "https://pretalx.com/media/avatars/ZCJEBB_hPvRU2Q.webp", "biography": "Daniel Schwendner is a DevOps Engineer with a strong passion for Cyber Security. With a background in mobile application security and hardware security, he participates in bug bounty hunting and shares his security knowledge online.", "public_name": "Daniel Schwendner", "guid": "fde189de-13d4-5bcc-b727-e17baadbefb7", "url": "https://pretalx.com/bsides-munich-2024/speaker/ZCJEBB/"}, {"code": "3JGXWS", "name": "Aled Jackson", "avatar": null, "biography": null, "public_name": "Aled Jackson", "guid": "10b614d1-8af4-573a-8f8d-a4cab05efc49", "url": "https://pretalx.com/bsides-munich-2024/speaker/3JGXWS/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/ZSPAG9/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/ZSPAG9/", "attachments": []}], "Hochschule M\u00fcnchen - R1.006": [{"guid": "57452193-1988-547d-b288-64e2bd15c16c", "code": "EZ8ZV9", "id": 53592, "logo": null, "date": "2024-11-09T09:00:00+01:00", "start": "09:00", "duration": "04:00", "room": "Hochschule M\u00fcnchen - R1.006", "slug": "bsides-munich-2024-53592-securing-machine-learning-identifying-and-mitigating-emerging-threats", "url": "https://pretalx.com/bsides-munich-2024/talk/EZ8ZV9/", "title": "Securing Machine Learning: Identifying and Mitigating Emerging Threats", "subtitle": "", "track": "Workshops", "type": "Workshop (4h)", "language": "en", "abstract": "In our workshop, we would like to show you and explain the emerging dangers of machine learning. Together we will develop a threat model to improve the security of your machine learning applications.", "description": "We start with an introduction to the basics of machine learning and explain the typical process from data collection to model deployment. We then look at the specific security aspects of machine learning.\r\n \r\nA central point of the workshop is the OWASP ML Security Top 10, which shows the most common security risks in the field of machine learning. You will learn how these threats can endanger your models and applications and what prevention strategies are available to minimize these risks. We will also look at practical approaches for identifying and eliminating security vulnerabilities in your ML projects at an early stage.\r\n \r\nIn the last part of the workshop, we will introduce you to the concept of threat modeling. Using examples and interactive exercises, we will work together to develop a threat model for an exemplary machine learning system. The aim is to develop a deep understanding of how you can systematically identify and defend against security threats. This workshop offers an ideal combination of theoretical knowledge and practical skills to sustainably improve the security of machine learning applications.\r\n\r\nAgenda:\r\n- Introduction to Machine Learning Fundamentals\r\n- Overview of the Machine Learning Process\r\n- Security in Machine Learning\r\n- Exploration of OWASP ML Security Top 10\r\n- Preventive Strategies for Machine Learning Security\r\n- Concept and Examples of Threat Modeling", "recording_license": "", "do_not_record": false, "persons": [{"code": "VTB8G9", "name": "Michael Helwig", "avatar": "https://pretalx.com/media/avatars/VTB8G9_p4CVsJz.webp", "biography": "Michael is a cybersecurity strategist and expert working on a wide range of product and cybersecurity topics with a background in secure software development. He is the co-founder of a security consulting firm that helps clients across industries implement product security programs, adopt DevSecOps, and achieve compliance with various standards. He believes that people and communication are at least as important and effective in moving organizations forward as tools and technology.", "public_name": "Michael Helwig", "guid": "2e6c36e0-f3ec-5656-8e79-38d75fb2b77e", "url": "https://pretalx.com/bsides-munich-2024/speaker/VTB8G9/"}, {"code": "8HQCQV", "name": "Benjamin Altmiks", "avatar": "https://pretalx.com/media/avatars/8HQCQV_m0lmGLz.webp", "biography": "Initially specializing in cyber security, I have devoted myself more and more to the field of machine learning in recent years. Last year, I combined the two for the first time and conducted research in the field of penetration testing using reinforcement learning. Now I am looking for new ways to integrate machine learning in the most diverse areas of cyber security.", "public_name": "Benjamin Altmiks", "guid": "3c7652dc-7066-5e02-8672-c55cdca4a99f", "url": "https://pretalx.com/bsides-munich-2024/speaker/8HQCQV/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/EZ8ZV9/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/EZ8ZV9/", "attachments": []}, {"guid": "4c689a9f-16f7-5bb0-85a3-d7bd274b7d18", "code": "MCKTHP", "id": 53438, "logo": null, "date": "2024-11-09T14:00:00+01:00", "start": "14:00", "duration": "04:00", "room": "Hochschule M\u00fcnchen - R1.006", "slug": "bsides-munich-2024-53438-introduction-to-velociraptor", "url": "https://pretalx.com/bsides-munich-2024/talk/MCKTHP/", "title": "Introduction to Velociraptor", "subtitle": "", "track": "Workshops", "type": "Workshop (4h)", "language": "en", "abstract": "Velociraptor is an open-source tool developed by Velocidex (now Rapid7) to conduct scalable forensic analyses for large infrastructures. The client-server system allows analysts to distribute forensic queries to many endpoints and provides notebooks for interactive reports. Analysts can use the integrated Velociraptor Query Language to create queries and extend Velociraptor.\r\n\r\nThis workshop provides an introduction to incident response with Velociraptor.", "description": "Cyber attacks are on the rise and affect companies of all sectors and sizes. The damage they cause can put companies in a difficult position. For this reason, security teams must carry out incident response efficiently and effectively to limit the damage and minimize downtime. However, the incident response team must recognize all evidence that could lead to attackers gaining access to the network again. For this purpose, Velocidex (now Rapid7) has developed the open-source tool Veolociaptor to conduct scalable forensic analyses for large infrastructures. \r\n\r\nThe developers initially designed Velociraptor according to the client-server principle. Agents are installed on the systems to be analyzed and establish a permanent connection to a server. An analyst can distribute jobs, so-called hunts, via this connection to all or only some connected agents. Analysts can also use notebooks to carry out analyses and generate interactive reports. The Velociraptor Query Language (VQL), a proprietary query language, can create your queries and adapt existing ones.\r\n\r\nThis workshop is not just about theory. We will dive into the practical aspects of using Velociraptor for incident response. We will start by getting to know the interface, performing simple hunts, and processing them in notebooks. Then, we will move on to the practical application of VQL, where you will learn to create your own queries.\r\n\r\nTo fully participate in this workshop, you will need to be able to run a virtual machine with Windows 10 (x64) provided as OVA on your own system. Please note that Apple Silicon is not supported. The virtual machine will also need an internet connection.", "recording_license": "", "do_not_record": false, "persons": [{"code": "7MUDHP", "name": "Christian Kollee", "avatar": null, "biography": "Christian currently works as a Network Detection Engineer in the German finance sector. Previously, he worked as a forensic analyst and incident handler in international organizations and medium-sized German businesses. With more than ten years of experience in IT security, Christian knows the problems of all IT security types, from medium-sized companies to DAX30 corporations. Shortly, he will join a company doing Incident Response and Managed Detection & Response. Besides learning about new attacker tools and techniques, he tries desperately to reduce his ever-growing stack of articles and books in his spare time.", "public_name": "Christian Kollee", "guid": "aad4f240-c10e-511f-b9d0-2b4497eef967", "url": "https://pretalx.com/bsides-munich-2024/speaker/7MUDHP/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/MCKTHP/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/MCKTHP/", "attachments": []}], "Hochschule M\u00fcnchen - R1.008": [{"guid": "1e7362c6-e844-557a-b277-214110b273f4", "code": "8GXRDV", "id": 52724, "logo": null, "date": "2024-11-09T09:00:00+01:00", "start": "09:00", "duration": "04:00", "room": "Hochschule M\u00fcnchen - R1.008", "slug": "bsides-munich-2024-52724-zeek-and-destroy-with-python-and-machine-learning-workshop", "url": "https://pretalx.com/bsides-munich-2024/talk/8GXRDV/", "title": "Zeek and Destroy with Python and Machine Learning Workshop", "subtitle": "", "track": "Workshops", "type": "Workshop (4h)", "language": "en", "abstract": "Zeek is an open-source network security monitor (NSM) and analytics platform that has been around for quite some time (since the mid-90s). It is used at large university campuses and research labs, but in the past few years, more and more security professionals in the industry have turned their attention to this fantastic tool.\r\n\r\nBut Zeek is so much more than just a NIDS generating alerts (notices) and log files! Zeek's scripting language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions, detecting brute-force attacks, or, most importantly, interfacing with external sources, such as Python! The Zeek Python bindings allow us, the analysts, to use powerful Python libraries such as Numpy, Pandas, and Tensorflow and apply machine learning-based detection on network traffic.\r\n\r\nDuring this two-hour workshop, we will learn about the following topics:\r\n- Super fast introduction to Zeek (architecture, events, logs, signatures, etc.)\r\n- Using machine learning and data science tools on Zeek logs (as an example, we will use Fourier Analysis to detect C2 beaconing)\r\n- Super fast crash course in Zeek scripting (just enough to understand how to create new logs)\r\n- Connecting Zeek and Python via the Zeek Broker Communication Framework\r\n- Using machine learning tools in Python on the data we receive from Zeek for detection (as an example, we will use convolutional neural network and random forest models to compare them, and then use them to find unknown malware in live network traffic)\r\n\r\nRequirements for the workshop:\r\n- A laptop with at least 16 GB of RAM and more than 50 GB of free disk space (VT-x support must be enabled on the host system).\r\n- Application to run Virtual Images (type-2 hypervisor): VMWare Workstation Pro (recommended), VMWare Workstation Player, VMWare Fusion, or VirtualBox.\r\n- Only 64-bit Intel-compatible (Intel or AMD) processors are supported. WARNING: ARM-based (like Apple Silicon, Qualcomm Snapdragon, some Microsoft Surface laptops) devices cannot perform the necessary virtualization and therefore cannot be used for the workshop.", "description": "The Zeek open-source NSM platform is so much more than just the vanilla Zeek log files. With a bit of Zeek scripting and Python bindings, you can connect it via Zeek Broker to your Python programs and libraries like Numpy, Pandas, and Tensorflow. Join us and use Python with machine learning to supercharge your Zeek environment!", "recording_license": "", "do_not_record": false, "persons": [{"code": "PTRYM8", "name": "David Szili", "avatar": "https://pretalx.com/media/avatars/PTRYM8_mE2THbT.webp", "biography": "David Szili is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. He has more than ten years of professional experience in various areas like penetration testing, red teaming, security monitoring, security architecture design, incident response, digital forensics, and software development. David has two master's degrees, one in computer engineering and one in networks and telecommunication, and he has a bachelor's degree in electrical engineering. He holds several IT security certifications, such as GSE, GSEC, GCFE, GCED, GCIA, GCIH, GCFR, GMON, GCTD, GCDA, GPEN, GNFA, GPYC, GMOB, GMLE, GAWN, CCSK, OSCP, OSWP, CAWASP, CRTP, BTL1, and CEH.\r\nHe is also a certified instructor at SANS Institute, teaching FOR572: Advanced Network Forensics and FOR509: Enterprise Cloud Forensics and Incident Response, and he is the lead author of SANS DFIR NetWars. David regularly speaks at international conferences like BruCON, Hack.lu, Hacktivity, x33fcon, Nuit du Hack, BSides London, BSides Munich, BSides Stuttgart, BSidesLjubljana, BSidesBUD, BSides Luxembourg, Pass the SALT, Black Alps, Security Session, Future Soldier, SANS @Night Talks, Meetups, and he is a former member of the organizer team of the Security BSides Luxembourg conference.", "public_name": "David Szili", "guid": "82511a64-c4b0-5f52-8c53-3de7208e6f12", "url": "https://pretalx.com/bsides-munich-2024/speaker/PTRYM8/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/8GXRDV/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/8GXRDV/", "attachments": []}, {"guid": "21d5cc81-1008-58c8-aa73-054bc6369029", "code": "D3HR3G", "id": 53102, "logo": null, "date": "2024-11-09T14:00:00+01:00", "start": "14:00", "duration": "04:00", "room": "Hochschule M\u00fcnchen - R1.008", "slug": "bsides-munich-2024-53102-how-to-hack-your-web-application", "url": "https://pretalx.com/bsides-munich-2024/talk/D3HR3G/", "title": "How to Hack your Web Application", "subtitle": "", "track": "Workshops", "type": "Workshop (2h)", "language": "en", "abstract": "You always wanted to know how web applications are getting hacked? This is your chance. Learn how attackers will get into your web application and how you can defend.", "description": "This is a beginners' workshop on web application security. No prerequisites in web application security are required. A certain (web application) development background is beneficial.\r\n\r\n- First, we will be playing a virtual escaple the room game with challenges on a web application to get into an attacker's mindset.\r\n- Then follows a quick introduction to the OWASP Top 10 vulnerabilities.\r\n- Finally use the gathered knowledge so far to attack a vulnerable web application (https://github.com/Phylu/vulnerable-click-game) and see how these attacks can easily be prevented.\r\n\r\nPlease bring your (fully charged) laptop to be able to participate.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GZL39U", "name": "Janosch Braukmann", "avatar": "https://pretalx.com/media/avatars/GZL39U_aeBIuTC.webp", "biography": "Janosch Braukmann, ne Maier is a passionated entrepreneur, DevOps engineer and speaker. After his studies in Informatics and Educational Science he founded the start-up Crashtest Security. Janosch published his research on the border between computer science and psychology. He has been educating others on DevSecOps as a speaker on IT security and related topices for the last several years. Currently, Janosch is working as Team Lead System Engineering & Information Security Officer at ottonova.", "public_name": "Janosch Braukmann", "guid": "1899a635-83fd-5631-bf62-b7d0435d5ca6", "url": "https://pretalx.com/bsides-munich-2024/speaker/GZL39U/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/D3HR3G/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/D3HR3G/", "attachments": []}], "Hochschule M\u00fcnchen - R1.007": [{"guid": "a179540f-38ac-55da-ba90-d9ddb81a0d0c", "code": "A7VZRE", "id": 50352, "logo": null, "date": "2024-11-09T09:00:00+01:00", "start": "09:00", "duration": "04:00", "room": "Hochschule M\u00fcnchen - R1.007", "slug": "bsides-munich-2024-50352-gamified-cyber-incident-simulation", "url": "https://pretalx.com/bsides-munich-2024/talk/A7VZRE/", "title": "Gamified Cyber Incident Simulation", "subtitle": "", "track": "Workshops", "type": "Workshop (4h)", "language": "en", "abstract": "In order to ensure efficient and timely responses to cyber security incidents, it is of utmost importance to consistently practice their management. This typically entails substantial effort in terms of organizing and conducting exercises. In this workshop, I will present an innovative and engaging gamified approach to address this challenge, employing the \"Backdoors and Breaches\" framework.", "description": "After an introduction to the principles of gamified cyber incident simulations and the Backdoors and Breaches framework, participant will practice moderation of a simulation using either the physical card decks or the online version of the framework. At the end participants can discusss their approaches and  experiences.", "recording_license": "", "do_not_record": false, "persons": [{"code": "7MYCSX", "name": "Klaus-E. Klingner", "avatar": "https://pretalx.com/media/avatars/7MYCSX_NNaZpau.webp", "biography": "Klaus-E. Klingner is an accomplished information technology professional with expertise in web application development, IT security, and project leadership. With a career spanning over two decades, Klaus-E. Klingner has made significant contributions to renowned organizations such as Allianz and Brenntag.\r\n\r\nStarting his journey in 1999 at Dresdner Bank, he quickly established himself as a pioneering web application developer. Following the acquisition of Dresdner Bank by Allianz in 2004, Klaus-E. Klingner seamlessly transitioned into his role within the organization. He played a key role in introducing UC4 and contributed to the success of the Lotus Notes Team. He later assumed the position of Divisional Security Officer for Digital Interaction, showcasing his passion for IT security.\r\n\r\nKlaus-E. Klingner is a certified Web Application Penetration Tester, ISO27001 Implementer, and Data Privacy Specialist. In 2022, he built the threat prevention and management team at Brenntag, further solidifying his expertise in the field. Currently, he serves as the Information Security Officer at M.Asam GmbH.", "public_name": "Klaus-E. Klingner", "guid": "e14df34f-ea93-5b0e-ac64-228411f25970", "url": "https://pretalx.com/bsides-munich-2024/speaker/7MYCSX/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/A7VZRE/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/A7VZRE/", "attachments": []}]}}, {"index": 2, "date": "2024-11-10", "day_start": "2024-11-10T04:00:00+01:00", "day_end": "2024-11-11T03:59:00+01:00", "rooms": {}}, {"index": 3, "date": "2024-11-11", "day_start": "2024-11-11T04:00:00+01:00", "day_end": "2024-11-12T03:59:00+01:00", "rooms": {"WestIn - Munich": [{"guid": "977bb976-da9e-5b75-af6d-4ae9b1c8a1fa", "code": "H8HSNM", "id": 55663, "logo": null, "date": "2024-11-11T09:10:00+01:00", "start": "09:10", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-55663-opening-keynote", "url": "https://pretalx.com/bsides-munich-2024/talk/H8HSNM/", "title": "Opening Keynote", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "In her keynote she will show the unique development of cyber security and the growth of its importance, its impact on the health of today's experts and what each and everyone can do about it every day.", "description": ".", "recording_license": "", "do_not_record": false, "persons": [{"code": "E3TWQC", "name": "Desiree Sacher-Boldewin", "avatar": "https://pretalx.com/media/avatars/E3TWQC_ot5kzsK.webp", "biography": "Desiree Sacher-Boldewin is the Head of Operational IT Security at Finanz Informatik GmbH & Co. KG. She has been working in the cyber security industry for 20 years and spend the past years as a Manager at NVISO and Cyber Security Architect at Finanz Informatik before that. She focused her work on creating intelligent processes and workflows for IT security operations and she did this by utilizing all of her experience from various engineering and analyst positions held and publishing papers with her suggestions. From June 2022 to June 2024 she also was an elected board member of FIRST (the Forum of Incident Response and Security Teams) and she still is the liaison chair for the Special Interest Groups. These days she unifies all of her experience to be a manager. Desiree is also a certified GCIA Forensic Analyst, Network Forensic Analyst, Cyber Threat Intelligence Analyst and GIAC Penetration Tester. References to her work can be found on her GitHub on https://github.com/d3sre/ and she posts on Twitter as @d3sre, when she feels like she has something important to share.", "public_name": "Desiree Sacher-Boldewin", "guid": "33e2d3aa-9379-525a-b45e-0c46fc32a8b6", "url": "https://pretalx.com/bsides-munich-2024/speaker/E3TWQC/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/H8HSNM/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/H8HSNM/", "attachments": []}, {"guid": "3b56cf81-a895-54e3-ac7e-299fa06926d0", "code": "SWUBXX", "id": 53478, "logo": null, "date": "2024-11-11T10:00:00+01:00", "start": "10:00", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-53478-real-time-threat-intelligence-with-ml-feedback-loops", "url": "https://pretalx.com/bsides-munich-2024/talk/SWUBXX/", "title": "Real-Time Threat Intelligence with ML Feedback Loops", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Threat intelligence is one of the most critical lines of defense today for safeguarding organizations from malware and other potential attack vectors that can compromise business continuity and stability. This talk will delve into the design and implementation of a sophisticated threat intelligence feedback loop, leveraging machine learning to classify and manage millions of potential Indicators of Compromise (IOCs), aggregating and analyzing huge amounts of data in near real time.\r\n\r\nThis system built upon a robust cloud native & OSS stack powered by Kubernetes and Prometheus continuously scans the internet, social media, and various blogs, employing sentiment analysis to gauge the potential maliciousness of IOCs, which include domains, IP addresses, user agents, browser extensions, URIs, URLs, IP ranges, and more. A classification tree model then assigns a \"maliciousness\" score to each IOC.\r\n\r\nMalicious IOCs identified by the model are aggregated into a list and deployed into the production environment to block network communications involving these IOCs. The production environment generates feedback on the effectiveness of these blocks, summarizing user complaints and the frequency of block occurrences to assess the validity of the IOCs. The unique nature of this feedback is its ability to be looped back into the machine learning model rapidly from the users and network hosts, enabling near real time updates and refinement of the IOC classification scores. The model re-evaluates the IOCs to determine their legitimacy, significantly minimizing false positives, enabling the detection of novel threats as they evolve and happen,  enhancing overall accuracy of the threat intelligence model. This continuous feedback loop allows the model to improve over time and ensures that the system adapts dynamically to emerging threats, maintaining robust organizational security.\r\n\r\nJoin us to unpack how this feedback loop was built and works under the hood, its impact on threat intelligence and its continuous evolution, and the advancements in machine learning that drive advancements across the security domain.", "description": "This will take a deep dive under the hood on how modern engineering teams are building advanced ML models to enable more rapid threat intel and identification, what this involves, the stack and qualification.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TWD3EG", "name": "Tomer Doitshman", "avatar": "https://pretalx.com/media/avatars/TWD3EG_irhsING.webp", "biography": "Tomer is a security research team lead in Cato Research Labs at Cato Networks, with a keen interest in various aspects of cybersecurity, including reverse engineering, network protocol analysis, and detecting malicious traffic. Additionally, Tomer is enthusiastic about machine learning and thrives on tackling intricate challenges within this field. Presently, his main area of focus is network-based security research, where he endeavors to devise innovative approaches for detecting threats in corporate network settings.", "public_name": "Tomer Doitshman", "guid": "bc5930fa-4e75-58a4-a13c-de84312c375d", "url": "https://pretalx.com/bsides-munich-2024/speaker/TWD3EG/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/SWUBXX/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/SWUBXX/", "attachments": []}, {"guid": "99fb4e9e-8a3c-5a21-9c91-9897e41cb4dd", "code": "NQDH8L", "id": 53245, "logo": null, "date": "2024-11-11T10:30:00+01:00", "start": "10:30", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-53245-demystifying-the-first-few-minutes-after-compromising-a-container", "url": "https://pretalx.com/bsides-munich-2024/talk/NQDH8L/", "title": "Demystifying the First Few Minutes After Compromising a Container", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Meant for a less-offensive but still technical audience, this talk presents a hands-on look at Linux container post-compromise.  It will cover why a hacker compromises a container and what he hopes to get out of it, C2 comms from the container back to the attacker, information extraction, and breaking out and then into other containers.\r\n\r\nThroughout, the concept of what a container is will be a recurring theme, starting as a config which runs an application and then refined as the talk progresses to Linux processes which share common namespaces.\r\n\r\nThe talk is aimed at giving blue teams, systems administrators, and devops engineers a clearer picture of how an attacker could interact with what they create and defend with the ultimate goal of better-informed defensive and architectural choices.  Pentesters and red teamers should also find it helpful.\r\n\r\nIt is not a checklist of configuration settings or a magic SIEM/SOAR/such query but rather a different point of view.  There will be no 0days or kernel tomfoolery of the cc exploit && ./exploit variety but rather good old-fashioned Linux sneakiness and shell gymnastics in the modern age.", "description": "The days of finding that one SSH key for everything in a datacenter are drawing to a close.  Nowadays, it\u2019s more and more cloud-based containers which survive hours or maybe days if a hacker is lucky.  But, what does that actually look like?  How does someone who\u2019s got half a shell and a dozen files do the sort of things everybody else is trying to stop?  Is it really all that difficult?\r\n\r\nIn this talk, we\u2019ll take a walk through what happens when a container is compromised.  We\u2019ll start by breaking into a container to give ourselves a reasonably realistic place to be, then dive into how it looks on the attacker\u2019s side, how the attacker figures out where he is, makes off with data, and then uses that one container to go on and do other sneaky things, all with not much more than the tools commonly used by DevOps engineers.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SUCUBB", "name": "Stuart McMurray", "avatar": "https://pretalx.com/media/avatars/SUCUBB_bMhr1Hs.webp", "biography": "Stuart is a Lead Engineer on the Offensive Security team at Klarna, where he focuses on Red Teaming, Unix, and general Swiss Army knifery. He's been on the offensive side of public and private sector security for upwards of a decade, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools.", "public_name": "Stuart McMurray", "guid": "a50bbd9c-b730-5bf6-a982-0934b0628056", "url": "https://pretalx.com/bsides-munich-2024/speaker/SUCUBB/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/NQDH8L/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/NQDH8L/", "attachments": []}, {"guid": "a1d380ef-dc3e-51f0-9b3f-194cab2bf3ed", "code": "SV3TUN", "id": 49668, "logo": null, "date": "2024-11-11T11:30:00+01:00", "start": "11:30", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-49668-edr-analysis-an-introduction-to-reversing-sophisticated-detection", "url": "https://pretalx.com/bsides-munich-2024/talk/SV3TUN/", "title": "EDR Analysis: An Introduction to Reversing Sophisticated Detection", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Today, a prep phase against endpoint protection (EPP) and endpoint detection and response (EDR) products is part of every red team engagement, and preparing to create evasive malware that bypasses the targeted EDR to gain initial access can often be very time consuming. In general, when preparing malware such as a shellcode loader or similar, we want to be as sure as possible that our malware will be able to bypass the targeted EDR. The simplest approach is to start building malware and use trial and error to see if your malware is able to evade the EDR (evasion defined as not prevented and not detected) or if the malware is caught by the EDR. In order to build not only better, but more effective malware, it really helps to go beyond trial and error testing and start investing time and energy in reversing and debugging EDRs and trying to better understand the logic of the detection mechanisms they implement.\r\n\r\nTo build more evasive or effective malware, you need to know your enemy, in this case the EDR. By now most community members are aware that modern EDRs use things like the Antimalware Scan Interface (AMSI) to detect malicious powershell activity, or use user mode hooking to detect potentially malicious behaviour in the context of Windows APIs, or use kernel drivers to register various types of kernel callback routines such as ProcessNotifiyRoutine to detect when a new process is created, and so on. However, in addition to these well-known mechanisms, some EDRs use more sophisticated and unconventional mechanisms that have been used by the game hacking community for many years. By looking at these EDRs more closely, by trying to reverse engineer and debug them, some of these detections can be interpreted as some tricky traps for malware influenced by the game hacking community. In my talk \"EDR Analysis: An introduction to reversing sophisticated detection,\" I will provide insights into how to debug, reverse, and understand these EDR detection mechanisms in detail, as well as how to evade them.", "description": "In my role as a red teamer, commercial tester and researcher of security products, I regularly have the opportunity to learn about the latest technologies. In addition to these topics, I have always been fascinated by reverse engineering and find this area extremely exciting. Therefore, I am constantly trying to learn more about debugging and reverse engineering step by step, and at the beginning of this year 2024, I started to take a closer look at some well-known EDRs. The motivation to learn more about reverse engineering and debugging in the context of EDRs is my constant drive to better understand EDRs on Windows, to learn more about Windows Internals, and also to create more evasive and more effective malware. \r\n\r\nBy now most community members are aware that modern EDRs use things like the Antimalware Scan Interface (AMSI) to detect malicious powershell activity, or use user mode hooking to detect potentially malicious behaviour in the context of Windows APIs, or use kernel drivers to register various types of kernel callback routines such as ProcessNotifiyRoutine to detect when a new process is created, and so on. But in the context of some known EDRs, I started digging a little deeper by debugging and reversing them, and came across interesting detections or chains of detections that rely on several different components, going beyond the most well-known mechanisms I mentioned earlier. Over time, I was able to gain a better understanding of the rather sophisticated and unconventional detection mechanisms of these EDRs. During my learning process, I discovered that some of these concepts have been used in the game hacking community for several years and are now finding their way into the EDR world. During my journey to better understand these detections from these two EDRs, I came across fake DLLs, guard pages, hardware breakpoints, vectored exception handling, etc., and it turned out, or rather I had the impression, that these types of detection mechanisms are designed to serve as a kind of tricky trap for malware.\r\n\r\nIn my talk \"EDR Analysis: An introduction to reversing sophisticated detection\" I would like to give the community an insight into how these sophisticated and unconventional detection mechanisms of EDRs are implemented and how I debugged and reversed them. Ultimately, this talk should help the offensive community gain a better understanding of these sophisticated and unconventional detections of EDRs on Windows and also show some ways to effectively work around them. Furthermore, I will bring my own learning process into the talk and encourage other members of the community to experiment and research EDRs themselves.", "recording_license": "", "do_not_record": true, "persons": [{"code": "C3GT7F", "name": "Daniel Feichter", "avatar": "https://pretalx.com/media/avatars/C3GT7F_YgKiXqW.webp", "biography": "Daniel Feichter, 38, is from Austria and goes by VirtualAllocEx on Twitter and other platforms. With a background in electronics and communications engineering, he began his career as a junior penetration tester in 2018. After discovering a passion for ethical hacking, he has remained dedicated to the field. In late 2021, he founded his own company, RedOps, to pursue a research-driven focus, particularly on EDRs. Since October 2024, Daniel has also been a member of the ARES Red Team at NVISO, working as a Red Team Operator.\r\n\r\nHe focuses on learning and researching in the area of Windows Internals, endpoint security, malware development, and reverse engineering. He enjoys sharing his findings through blog posts, conference talks, and workshops, contributing to the community at conferences such as DEFCON 30 (Adversary Village), DEFCON 31 (Red Team Village), SANS Hackfest, BSides Munich, MCTTP etc.\r\n\r\nOutside of work, Daniel values spending time with family and friends, playing tennis and has practiced taekwondo consistently for over a decade.", "public_name": "Daniel Feichter", "guid": "034ee3b1-0f0b-5d36-bf04-b762f8f0e5fa", "url": "https://pretalx.com/bsides-munich-2024/speaker/C3GT7F/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/SV3TUN/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/SV3TUN/", "attachments": []}, {"guid": "38661a77-3923-583e-9de3-7c30bcaafb6f", "code": "Q8C7YV", "id": 53308, "logo": null, "date": "2024-11-11T12:00:00+01:00", "start": "12:00", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-53308-ground-control-to-major-threat-hacking-the-space-link-extension-protocol", "url": "https://pretalx.com/bsides-munich-2024/talk/Q8C7YV/", "title": "Ground Control to Major Threat - Hacking the Space Link Extension Protocol", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Space missions have increasingly been the subject in the context of security breaches and satellite hacks. The majority of discussions revolve around direct communication and access to spacecraft through means such as Software Defined Radio. However, the reality is that this approach isn't practical for most adversaries, as it requires substantial resources and is easily detectable due to the power and radio frequencies required to command a spacecraft. Instead, adversaries might shift their focus away from the Space Segment and opt for a more practical approach, such as accessing and exploiting the Ground Segment vulnerabilities and flaws in order to gain control over spacecraft. Every space mission comprises custom-made hardware and software components, which interact with each other utilizing dedicated protocols and standards designed and developed for this sole purpose. Numerous potential failure points can adversely impact a space mission, many of which persist on the ground. Considering the essential services they facilitate and the extent to which contemporary society relies on space technology, each component utilized in space missions should be regarded as integral to critical infrastructure and treated as such, particularly from a security standpoint. This study centers on the Space Link Extension (SLE) protocol, which is employed as a standard for communication between mission data systems and ground stations by various space agencies and organizations, including NASA and ESA. We will address the security concerns inherent in the SLE protocol. At the same time, we demonstrate methods and techniques malicious actors can employ to conduct a Denial of Service (DoS) or tap into the ground station communications, gaining control over an actual spacecraft. We will conclude this publication by presenting the reader with a possible mitigation strategy that we believe should be employed at the SLE protocol level. Additionally, we will outline a forecast for future work, detailing both planned endeavors and those already in progress, to further expand on this research.", "description": "This will be a presentation with a few recorded videos demonstrating the exploitation of the SLE Protocol.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SDYTSV", "name": "Andrzej Olchawa", "avatar": "https://pretalx.com/media/avatars/SDYTSV_EOovVBM.webp", "biography": "Offensive Security Engineer with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development. Holds a number of OffSec certifications, and has been credited with several CVEs.\r\n\r\nhttps://x.com/0x4ndy\r\nhttps://linkedin.com/in/andrzejolchawa", "public_name": "Andrzej Olchawa", "guid": "b177b080-c22d-5f14-a6e5-7034c6f62606", "url": "https://pretalx.com/bsides-munich-2024/speaker/SDYTSV/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/Q8C7YV/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/Q8C7YV/", "attachments": []}, {"guid": "739fa616-3184-5be2-bacd-598ef18607e0", "code": "8WD3DN", "id": 50677, "logo": null, "date": "2024-11-11T12:30:00+01:00", "start": "12:30", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-50677-a-security-champion-s-journey-how-to-make-things-a-bit-more-secure-than-yesterday-every-day", "url": "https://pretalx.com/bsides-munich-2024/talk/8WD3DN/", "title": "A Security Champion's Journey - How to Make Things a Bit More Secure than Yesterday Every Day", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "\"Congratulations, you're the new security champion for your team! Now make sure to get all these important security topics done, okay? But don't get in the way of feature development.\"\r\n\r\nEven if you're not an officially appointed champion, building secure products might be dear to you. It definitely is to me. The problem is that security is one of those aspects that people love to advertise, deem important, and still deprioritize and postpone for \"later\" (whenever that is). And sometimes, it's even me saying \"later.\" So, how do we make sure \"later\" isn't \"never\"?\r\n\r\nIn this talk, I'll take you on my own journey, from learning more about security to supporting our information security team. Spreading awareness enabled us to include known topics in our roadmap and finally make our product more secure. Creating an application security strategy was key to finding the next most important measure while allowing us to share our endeavors across teams. We updated dependencies to get our components in shape before reviving automated dependency checks in our pipeline to combat prevailing alert fatigue. We fixed reported security issues, got rid of insecure implementations to reduce our product's attack surface, and more - all this while still delivering new features and reducing other technical debt.\r\n\r\nHear about what worked, especially what didn't, and what we really shouldn't have done in the first place. I can't offer you a magic recipe, yet I will share the pieces of advice that actually helped make things a bit more secure than yesterday every day.", "description": "Key learnings:\r\n* Evaluate risks and potential impact based on your domain to get security improvements prioritized\r\n* Understand the need to experiment with different approaches to advocate for security from inside a delivery team and figure out what works\r\n* Opt for many small steps continuously and take your team with you\r\n* Fostering relationships and staying aligned across teams and specialties is crucial for driving outcomes\r\n* Keep learning with allies - we are all figuring this out and are more effective together", "recording_license": "", "do_not_record": false, "persons": [{"code": "RGVDYJ", "name": "Lisi Hocke", "avatar": "https://pretalx.com/media/avatars/RGVDYJ_AFbc404.webp", "biography": "Lisi found tech as her place to be in 2009 and has grown as a specialized generalist ever since. She's passionate about the whole-team approach to holistic testing and quality and enjoys experimenting and learning continuously. Building great products that deliver value together with great people motivates her and lets her thrive. Security is a big part of this, and she's enthusiastic about all things AppSec to help build more secure solutions. Having received a lot from communities, she's paying it forward by sharing her stories and learning in public. She posts on Mastodon as [@lisihocke@mastodon.social](https://mastodon.social/@lisihocke) and blogs at www.lisihocke.com. In her free time, she plays indoor volleyball or delves into computer games and stories of all kinds.", "public_name": "Lisi Hocke", "guid": "47a09504-2aa3-5b40-86a2-9f071d819974", "url": "https://pretalx.com/bsides-munich-2024/speaker/RGVDYJ/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/8WD3DN/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/8WD3DN/", "attachments": []}, {"guid": "252b4d51-775e-5661-810d-0f0b4759fc61", "code": "QQUUDL", "id": 53111, "logo": null, "date": "2024-11-11T14:00:00+01:00", "start": "14:00", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-53111-some-thoughts-on-penetration-test-reports", "url": "https://pretalx.com/bsides-munich-2024/talk/QQUUDL/", "title": "Some Thoughts on Penetration Test Reports", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Writing the report is the least favorite part of most penetration tests. This talk gives a number of tips on how to create better reports in less time.", "description": "I have been creating penetration test reports since 2005. Over time, I've learned a few things that I'd like to share with others, including:\r\n\r\n- The value of good reports\r\n- Knowing your audience\r\n- Template management and other optimizations\r\n- Severity rating\r\n- Visualsizations", "recording_license": "", "do_not_record": false, "persons": [{"code": "Y3AYKX", "name": "Hans-Martin Muench", "avatar": "https://pretalx.com/media/avatars/Y3AYKX_qRR3Cl9.webp", "biography": "CEO of MOGWAI LABS, a small cyber security boutique.", "public_name": "Hans-Martin Muench", "guid": "b047d0fa-0cb6-504b-8f4b-696433d07beb", "url": "https://pretalx.com/bsides-munich-2024/speaker/Y3AYKX/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/QQUUDL/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/QQUUDL/", "attachments": []}, {"guid": "c3dc7358-ed73-503e-97bd-a7a7d4add16a", "code": "KGWJXP", "id": 52671, "logo": null, "date": "2024-11-11T14:30:00+01:00", "start": "14:30", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-52671-demystifying-cloud-infrastructure-attacks", "url": "https://pretalx.com/bsides-munich-2024/talk/KGWJXP/", "title": "Demystifying Cloud Infrastructure Attacks", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Threat actor tactics in a classic on-premises environment are well documented and understood. For example, extracting credentials from memory and then pass-the-hash is a common technique to move laterally in Windows. But how do threat actors move laterally between cloud workloads and compute instances? What are the common persistence techniques, and what are the high value targets we need to protect?\r\n\r\nAlexander is Principal Forensic Consultant at Truesec and will in this session share his learnings from over 10 000 billable hours of enterprise forensics. You will learn how cloud tactics differ from on-premises and see the latest techniques used in real attacks against cloud infrastructure.", "description": "The session will be presented using story telling. The storyline will be a realistic but fictive incident response case. All components of the case are anonymized and taken from real world incident investigations.\r\n\r\nBelow is a list of the contents/topics of the talk. They will not necessarily be presented in this order (as it will be following a storyline).\r\n\r\nIntroduction\r\n- Essential cloud concepts\r\n- Physical vs Virtualized vs Container vs Function\r\n- Hybrid cloud\r\n- Devops and CI/CD concepts\r\n- Orchestration, Secrets, and APIs\r\n\r\nCloud cli utilities and admin workstations\r\n- Extracting secrets with aws cli, gcloud, and az\r\n- Abusing token cache and refresh tokens\r\n- Abusing compute instance metadata and high privileges\r\n- Extracting session cookies from web browsers\r\n\r\nCI/CD attack vectors\r\n- Jenkins\r\n- Dumping secrets from build servers\r\n\r\nContainer vectors\r\n- Lateral movement from containers\r\n- Secrets in containers and kubernetes\r\n- Container breakout attacks\r\n\r\nPersistence\r\n- Enterprise apps and account persistence\r\n- Container image manipulation\r\n- Golden SAML\r\n- Skeleton Keys \r\n\r\nBackup destruction and ransomware\r\n- Sharing a case explaining how a threat actor managed to delete cloud backups before deploying ransomware on cloud compute instances\r\n\r\nConclusions\r\n- Security challenges and incident response in the cloud\r\n- Summary and closing", "recording_license": "", "do_not_record": false, "persons": [{"code": "KVD3EB", "name": "Alexander", "avatar": "https://pretalx.com/media/avatars/KVD3EB_Jxmqfoa.webp", "biography": "Alexander is a Principal Forensic Consultant at Truesec where he focuses on incident response, threat intelligence, and security research. Alexander spends most of his time providing incident response to companies that have suffered from a cyber attack. He has responded to several hundred complex incidents, including nation state-backed attacks and ransomware against global organizations. Alexander also performs offensive and forensic research, and is responsible for developing Truesec's forensic tooling.", "public_name": "Alexander", "guid": "2d41f367-318d-50ea-9ef1-6777ca9c8e6b", "url": "https://pretalx.com/bsides-munich-2024/speaker/KVD3EB/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/KGWJXP/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/KGWJXP/", "attachments": []}, {"guid": "c9005e6d-abdd-5218-a10e-6824faba405d", "code": "XFZLKA", "id": 53253, "logo": null, "date": "2024-11-11T15:30:00+01:00", "start": "15:30", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-53253-let-s-get-physical-stories-from-behind-your-company-s-gate", "url": "https://pretalx.com/bsides-munich-2024/talk/XFZLKA/", "title": "Let's Get Physical: Stories From Behind Your Company's Gate", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "In this light-hearted session led by experienced red teamers, participants will explore the intricate world of physical security breaches in corporate settings. The presentation will focus on practical techniques like caller-ID spoofing, social engineering, and rogue device deployment, alongside undetected infiltration and objective attainment. Through engaging narratives, including a night-time operation in a European high-security facility, the speakers will demonstrate how to navigate high-pressure scenarios. The talk aims to provide a clear understanding of physical breach dynamics, potential challenges, and their impact, empowering attendees with insights into the art of physical intrusion.", "description": "We start the presentation with an introduction of who we are, how we ended up in the red team and how we started with physical breaches at NVISO.\r\n\r\nWe will go over a few our our encounters with performing physical breaches and the techniques we used to get in and achieve our objective. We will highlight the do's and don'ts of infiltrating companies and reaching objectives without getting caught. The highlighted techniques include caller-id spoofing, social engineering, tailgating, planting rogue devices such as Raspberry PIs and keyloggers, dropping USBs... . With these stories, we will recall how we got out of tense situations such as getting surrounded and asked questions while in a sensitive department. This includes a story in a highly secured OT environment located within a mountain in Europe, where Moritz and another colleague infiltrated during nighttime.\r\n\r\nThe purpose of this talk is not to go into deep technical details, but to provide insights into what physical breach scenario's look like, what can be expected or unexpected, and the impact that it could have on a company when performed by a real attacker.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YTSAEW", "name": "Moritz Thomas", "avatar": "https://pretalx.com/media/avatars/YTSAEW_e5DirY2.webp", "biography": "Moritz developed an interest in hacking computer programs & video games during his Bachelor's computer science studies and soon acquired a distinguished set of skills in binary reverse-engineering. A few years later, he wrote his Master's thesis about conceptualizing and implementing a modular proxy for IoT appliances at NVISO. Right after his studies, he decided to join NVISO and embark on a journey into (mostly) offensive IT security.\r\n\r\nToday, he is a senior IT security consultant and red teamer at NVISO ARES (Adversarial Risk Emulation & Simulation) where he coordinates and participates in research & development efforts. When he isn't infiltrating networks or exfiltrating data, he is typically knees deep in research and development, working on new techniques and tools in red teaming.\r\n\r\nWith more than 15 years of experience in programming, 5 years in binary reverse-engineering and three years in professional offensive IT security assessments, he feels like he is just getting started!", "public_name": "Moritz Thomas", "guid": "a9044ce9-e94d-5d9d-998a-f9b788b62440", "url": "https://pretalx.com/bsides-munich-2024/speaker/YTSAEW/"}, {"code": "G3MKN7", "name": "Firat Acar", "avatar": "https://pretalx.com/media/avatars/G3MKN7_1kbwFvN.webp", "biography": "Firat is a senior red teamer within NVISO. His specialties include the whole red team attack cycle, mainly the internal network and Active Directory part, as well as physically breaching company defenses.", "public_name": "Firat Acar", "guid": "f379e541-ce05-55d7-87f7-2d5a52d90589", "url": "https://pretalx.com/bsides-munich-2024/speaker/G3MKN7/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/XFZLKA/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/XFZLKA/", "attachments": [{"title": "Presentation slides", "url": "/media/bsides-munich-2024/submissions/XFZLKA/resources/Lets_get_physical_-_EN_-_BSides_Munich_bGtOrs5.pdf", "type": "related"}]}, {"guid": "803d53e5-beaf-5f94-b6d2-ab7f8ddecf1b", "code": "PFQGFN", "id": 53570, "logo": null, "date": "2024-11-11T16:00:00+01:00", "start": "16:00", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-53570-becoming-the-evil-maid-hacking-android-disk-encryption-for-fun-and-profit", "url": "https://pretalx.com/bsides-munich-2024/talk/PFQGFN/", "title": "Becoming the Evil Maid - Hacking Android Disk Encryption for Fun and Profit", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Loosing your smartphone is painful enough, but having your data on there exposed to others can\r\nbe devastating. This is why securing personal data on smartphones is of paramount importance.\r\nAndroid's Full Disk Encryption (FDE) is a robust feature designed to protect user data, but what\r\nhappens when your device stops working and you need to recover your encrypted data on it?\r\nJoin David as he delves into the depths of Android's Full Disk Encryption code in his quest to\r\nrecover lost encryption keys.", "description": "When David embarked on his side project of examining Android's FDE feature, his goal was to determine if it was possible to decrypt disk contents even if the device had been factory reset or partially broken. After some reverse engineering, countless trials and errors, and several surprising discoveries, he is now on the brink of success.\r\n\r\nIn this session, David will take the audience on a journey through how Android secures it storage, how and when TrustZones are involved, what Linux has to do with it and what unexpected discoveries he made along the way.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3ZJHLZ", "name": "David Gstir", "avatar": "https://pretalx.com/media/avatars/3ZJHLZ_d3ykoNl.webp", "biography": "David Gstir is an accomplished security researcher and software engineer with 15+ years of hands-on experience. He obtained a master's degree in computer sciences from the University of Technology Graz, Austria where he specialized in IT security and cryptography. In his master's thesis, he focused on analyzing attacks on AES, showcasing his expertise in this domain.\r\n\r\nThroughout his career, David has been actively involved in security-related projects, successfully identifying vulnerabilities in various consumer and enterprise software. His extensive investigations encompass diverse areas such as password managers, Web3 solutions, embedded devices, and network security solutions.\r\n\r\nIn addition to his security expertise, David has a strong background in software engineering. He developed production-level software in a wide range of programming languages, and his contributions continue to be utilized today. He has particularly made contributions to open source software, playing a key role in introducing filesystem encryption and authentication to Linux' UBIFS subsystem.", "public_name": "David Gstir", "guid": "fc1c414d-e720-51e9-97f9-8e1e690f5a63", "url": "https://pretalx.com/bsides-munich-2024/speaker/3ZJHLZ/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/PFQGFN/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/PFQGFN/", "attachments": [{"title": "slides v1.0", "url": "/media/bsides-munich-2024/submissions/PFQGFN/resources/becomin_dkD1enB.pdf", "type": "related"}]}, {"guid": "9556d061-b2e8-5375-8f2a-73559a71852d", "code": "JRXDQE", "id": 53461, "logo": null, "date": "2024-11-11T16:40:00+01:00", "start": "16:40", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-53461-help-my-application-is-vulnerable-but-how-bad-is-it-practical-vulnerability-analysis-for-development-teams", "url": "https://pretalx.com/bsides-munich-2024/talk/JRXDQE/", "title": "Help, My Application Is Vulnerable, but How Bad Is It? - Practical Vulnerability Analysis for Development Teams", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "The goal of this presentation is to give developers practical insight into the vulnerability analysis process and to provide them with ideas and tools they can use when the next vulnerability appears.", "description": "With an increasing number of high and critical vulnerabilities being released each year, and with more than 6000 CVE entries released so far in 2024 being rated high or critical, developers and project teams are faced with the ongoing challenge of quickly responding to serious flaws in their codebases and projects. Often there is no structured process or dedicated security team to manage these issues, but project teams must quickly decide on the next steps to take. \r\n\r\nIn this presentation, based on real-world experience with numerous project teams, we will discuss how to efficiently analyze vulnerabilities and estimate their potential impact in their specific context. CVSS (Common Vulnerability Scoring System) metrics provide a general assessment of vulnerability severity and are often used as a first step in prioritization. We will explain what CVSS scores mean and their limitations. We will also introduce the Exploit Prediction Scoring System (EPSS), which uses artificial intelligence to estimate the likelihood that a vulnerability will be exploited within the next 30 days, but has its own shortcomings that we will explore.  \r\n\r\nUltimately, relying on these metrics alone does not provide a comprehensive view of exploitability and risk. The context of an application is critical. We will show how to get a clearer picture of the risks indicated by these metrics by analyzing the cyber kill chain for some well-known disclosed vulnerabilities as examples. Specifically, we will show how current application design and network architecture can disrupt the cyber kill chain at its seven stages, thereby contributing to a more reliable vulnerability assessment.  \r\n\r\nThrough this presentation, you will learn about different approaches to vulnerability analysis, the meaning of CVSS and EPSS scores, and how to incorporate your technical context into a structured process for better vulnerability management.", "recording_license": "", "do_not_record": false, "persons": [{"code": "VTB8G9", "name": "Michael Helwig", "avatar": "https://pretalx.com/media/avatars/VTB8G9_p4CVsJz.webp", "biography": "Michael is a cybersecurity strategist and expert working on a wide range of product and cybersecurity topics with a background in secure software development. He is the co-founder of a security consulting firm that helps clients across industries implement product security programs, adopt DevSecOps, and achieve compliance with various standards. He believes that people and communication are at least as important and effective in moving organizations forward as tools and technology.", "public_name": "Michael Helwig", "guid": "2e6c36e0-f3ec-5656-8e79-38d75fb2b77e", "url": "https://pretalx.com/bsides-munich-2024/speaker/VTB8G9/"}, {"code": "M8W9JX", "name": "Alvaro Martinez", "avatar": "https://pretalx.com/media/avatars/M8W9JX_RSRFV4o.webp", "biography": "Alvaro Martinez holds a Bachelor of Engineering in Telecommunications and a Master's degree in Information Security, graduated in 2018. After several years working as web developer, he decided to switch to his preferred area, cybersecurity, where he currently works at conducting vulnerability assessments and web penetration tests, integrating security tools into corporate environments and helping development teams to better understand and mitigate vulnerabilities in their applications.", "public_name": "Alvaro Martinez", "guid": "839aeca0-e469-5bb6-9ca6-64ec50bc14eb", "url": "https://pretalx.com/bsides-munich-2024/speaker/M8W9JX/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/JRXDQE/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/JRXDQE/", "attachments": []}, {"guid": "5ab4b2b2-95f7-5e36-8dd9-29144f5d26ee", "code": "9DBTLC", "id": 55664, "logo": null, "date": "2024-11-11T17:20:00+01:00", "start": "17:20", "duration": "00:30", "room": "WestIn - Munich", "slug": "bsides-munich-2024-55664-closing-keynote-empowering-pentesters-strategies-for-team-motivation-purpose-and-success", "url": "https://pretalx.com/bsides-munich-2024/talk/9DBTLC/", "title": "Closing Keynote - Empowering Pentesters: Strategies for Team Motivation, Purpose and Success", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "How to keep penetration testers motivated in a fast-changing environment, continuously increasing technological complexity and high pressure due to limited time and budget? How to cultivate trust, collaboration and professional growth within pentesting teams? How to foster appropriate communication of findings in a \"top secret world\"?\r\n\r\nBettina will share strategies on how to keep penetration testing teams motivated, ensure fun and purpose at work as well as provide great value for organizations, ultimately leading to increased cybersecurity maturity.", "description": "TBD", "recording_license": "", "do_not_record": false, "persons": [{"code": "QANA8R", "name": "Bettina Haas", "avatar": "https://pretalx.com/media/avatars/QANA8R_lwSbFXH.webp", "biography": "After studying computer science and engaging in IT, Bettina has continued to develop in the direction of cybersecurity for several years.\r\n\r\nShe has coordinated cybersecurity assessments and cybersecurity projects in a global organization, driving red teaming, penetration testing and process assessments at strategic and operational levels.\r\n\r\nBettina shows passion for breaking down gender barriers, promoting diversity, and serving as a coach for young professionals in the digital realm.", "public_name": "Bettina Haas", "guid": "90ae278d-8913-5bf5-9120-8ebb6bf05fa1", "url": "https://pretalx.com/bsides-munich-2024/speaker/QANA8R/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/9DBTLC/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/9DBTLC/", "attachments": []}], "WestIn - Partenkirchen": [{"guid": "5c4822ce-4fab-5c29-a9e5-0cb1d6c0ef19", "code": "FLVUA8", "id": 53316, "logo": null, "date": "2024-11-11T10:00:00+01:00", "start": "10:00", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-53316-leaking-kakao-how-i-found-a-1-click-exploit-in-korea-s-biggest-chat-app", "url": "https://pretalx.com/bsides-munich-2024/talk/FLVUA8/", "title": "Leaking Kakao: How I found a 1-Click Exploit in Korea's Biggest Chat App", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "KakaoTalk is the WhatsApp of South Korea with more than 100 million downloads from the Google Playstore. In this talk we show how multiple vulnerabilities in a chat app can lead to the disclosure of users' messages. We do this by presenting an account takeover \"one-click\" exploit in KakaoTalk's regular chat room without breaking cryptography or escaping the app's sandbox. We also release our tooling so that fellow security researchers can dig into KakaoTalk's broad attack surface to find more bugs.", "description": "With more than 100 million downloads from the Google Playstore, KakaoTalk is South Korea's most popular chat app. Similar to other Asian apps such as WeChat, KakaoTalk is an \"all-in\" app including everything into one app (payment, ride-hailing services, shopping, e-mail, etc.). End-to-end encrypted (E2EE) messaging is not enabled per default in KakaoTalk. Regular chatrooms, where Kakao Corp. can access messages in transit, is the preferred way for many users. KakaoTalk does have an opt-in E2EE feature called \"Secure Chat\" but it doesn't support features such as group messaging or voice calling.\r\n\r\nIn this talk different vulnerabilities affecting KakaoTalk will be described. I will cover different topics ranging from Android AppSec, Web Security to Applied Cryptography.", "recording_license": "", "do_not_record": false, "persons": [{"code": "UTDET7", "name": "Dawin Schmidt", "avatar": "https://pretalx.com/media/avatars/UTDET7_mCmPwWJ.webp", "biography": "Hey. I'm Dawin, yet another independent security researcher based in Munich. I'm interested in Android security, rock climbing and Drum and Bass music.", "public_name": "Dawin Schmidt", "guid": "e9ea28d6-221a-5363-ad0e-b6f7c57ad36a", "url": "https://pretalx.com/bsides-munich-2024/speaker/UTDET7/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/FLVUA8/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/FLVUA8/", "attachments": [{"title": "Presentation Slides", "url": "/media/bsides-munich-2024/submissions/FLVUA8/resources/BSides_Slides_jX7fC1w.pdf", "type": "related"}]}, {"guid": "01bae134-5aa1-538f-bbac-2fd779a26e9b", "code": "XBW7JD", "id": 53345, "logo": null, "date": "2024-11-11T10:30:00+01:00", "start": "10:30", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-53345-proc-for-security-analysts-unveiling-hidden-threats-and-forensic-treasures", "url": "https://pretalx.com/bsides-munich-2024/talk/XBW7JD/", "title": "/proc for Security Analysts: Unveiling Hidden Threats and Forensic Treasures", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "In the intricate landscape of cybersecurity, the ability to uncover hidden threats and analyze system behaviors is paramount. \r\n\r\nThe `/proc` filesystem, a critical component of Unix-like operating systems, serves as a treasure trove of real-time data and system information. In this talk, \"/proc for Security Analysts,\" will delve into the forensic value of `/proc`, demonstrating how it can be leveraged to detect rootkits, uncover anomalies, and gain a profound understanding of the operating system. \r\n\r\nParticipants will learn how to navigate and interpret the vast array of data within `/proc`, equipping them with the skills to enhance their security analyses and bolster system defenses.", "description": "### 1. Introduction to `/proc`\r\n\r\n- Overview of the `/proc` filesystem\r\n- Importance of `/proc` in system administration and security\r\n- Key files and directories: `/proc/cpuinfo`, `/proc/meminfo`, `/proc/net/`, `/proc/[pid]/`\r\n\r\n### 2. Forensic Value of `/proc`\r\n\r\n- Real-time system and process information\r\n- Carving out deleted executables\r\n### 3. Detecting Rootkits with `/proc`\r\n\r\n- Understanding rootkits and their behaviors\r\n- Common techniques rootkits use to hide\r\n- Using `/proc` to reveal hidden processes and files\r\n    - `/proc/[pid]/exe` and `/proc/[pid]/cwd`\r\n    - `/proc/modules`\r\n    - `/proc/net/tcp` and `/proc/net/udp`\r\n- Tools and scripts for rootkit detection using `/proc`\r\n\r\n### 4. Learning the Operating System with `/proc`\r\n\r\n- Kernel parameters and tunables: `/proc/sys/`\r\n- Process management and signals: `/proc/[pid]/`\r\n- Network stack and interfaces: `/proc/net/`\r\n- Filesystem `/proc/mounts`\r\n### 5. Practical Applications and Case Studies\r\n\r\n- Real-world examples of security incidents uncovered through `/proc`\r\n- Case studies demonstrating successful rootkit detection and removal", "recording_license": "", "do_not_record": false, "persons": [{"code": "C7AHN8", "name": "Stephan Berger", "avatar": "https://pretalx.com/media/avatars/C7AHN8_XZLjJO1.webp", "biography": "Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team. An avid Twitter user under the handle [@malmoeb](https://twitter.com/malmoeb), he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog [DFIR.ch](https://dfir.ch), where he provides in-depth analysis and commentary on digital forensics and incident response. Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.", "public_name": "Stephan Berger", "guid": "698cb298-5b68-5675-9e3e-3de45ac23fff", "url": "https://pretalx.com/bsides-munich-2024/speaker/C7AHN8/"}, {"code": "ST7XDJ", "name": "Asger Strunk", "avatar": "https://pretalx.com/media/avatars/ST7XDJ_bfALkst.webp", "biography": "Asger Strunk is a highly skilled IT security professional with a wealth of experience spanning over a decade. Throughout his career, Asger has been involved in both offensive and defensive security operations, working tirelessly to protect individuals and organizations from cyber threats. His expertise in incident response is second to none, and he has an unwavering commitment to ensuring his clients are protected at all times. Currently, Asger is employed full-time by a leading Swiss cyber security company, where he specializes in incident response and brings a level of expertise that is unmatched in the industry.", "public_name": "Asger Strunk", "guid": "155e358c-20dc-51b0-bf20-2218ba51cfcf", "url": "https://pretalx.com/bsides-munich-2024/speaker/ST7XDJ/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/XBW7JD/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/XBW7JD/", "attachments": []}, {"guid": "0eea831c-6b05-5880-9f36-ac76e33b5405", "code": "L8HSJ9", "id": 53543, "logo": null, "date": "2024-11-11T11:30:00+01:00", "start": "11:30", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-53543-building-and-leading-advanced-red-teams", "url": "https://pretalx.com/bsides-munich-2024/talk/L8HSJ9/", "title": "Building and Leading Advanced Red Teams", "subtitle": "", "track": "Talks", "type": "Talks - Rookie", "language": "en", "abstract": "After years of acquiring Red Teaming skills, Senior Red Teamers (sometimes unexpectedly) grow into a lead position at some point in their career.\r\nThis talk focuses less on the technical facets and more on the challenges that young leaders with a strong technical background may face.\r\nIt will also look at how good leadership can contribute to employee development and retention, how innovation and automation can succeed without sacrificing quality, and how to build effective Red Teams.", "description": "As Senior Red Teamers evolve in their careers, they often find themselves transitioning into leadership roles in their company \u2013 roles that require a distinct set of skills beyond their technical expertise. \r\nIt also happens from time to time that experienced Red Teamers - e.g. when moving to a new company - build a red team from scratch.\r\n\r\nWhile the new leader's experience can often be drawn on when it comes to tooling and skills, leadership experience is regularly something that can become a challenge.\r\n\r\nThis talk, \"Building and Leading Advanced Red Teams,\" aims to provide insights and guidance to those navigating this transition.\r\n\r\nBj\u00f6rn Trappe is an experienced Red Team Leader at Laokoon Security and will talk about what kind of people and personalities you should bring into your team and build them up as well as what fears and reservations often hold young managers back from being good bosses. He will also shed light on the ambivalence between control and trust and which things could be automated and which shouldn't.\r\n\r\nPart of an effective Red Team is also the development of targeted and long-term knowledge and skills management, which is much more than a wiki.", "recording_license": "", "do_not_record": true, "persons": [{"code": "G38AUU", "name": "Bjoern Trappe", "avatar": "https://pretalx.com/media/avatars/G38AUU_m0yXfQ2.webp", "biography": "Bjoern Trappe is one of the founders and managing directors of Laokoon Security, a company formed by a team of former offensive cybersecurity experts from the German armed forces and other security agencies. With a deep specialization in orchestrating and executing Red Team engagements, Bjoern leads his teams in comprehensive attack strategies that extend beyond IT-perimeter defenses to include physical security breaches. His work is driven by a commitment to exposing and addressing the full spectrum of organizational vulnerabilities.", "public_name": "Bjoern Trappe", "guid": "37431ccd-a4cd-5aac-818a-00958886d06a", "url": "https://pretalx.com/bsides-munich-2024/speaker/G38AUU/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/L8HSJ9/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/L8HSJ9/", "attachments": [{"title": "Building and Leading Advanced Red Teams", "url": "/media/bsides-munich-2024/submissions/L8HSJ9/resources/Buildin_0z69akk.pdf", "type": "related"}]}, {"guid": "158103f9-d71c-504e-a452-69dc034ea729", "code": "DCMSPV", "id": 53519, "logo": null, "date": "2024-11-11T12:00:00+01:00", "start": "12:00", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-53519-from-boot-to-root-identifying-and-mitigating-security-issues-in-bootloaders", "url": "https://pretalx.com/bsides-munich-2024/talk/DCMSPV/", "title": "From Boot to Root: Identifying and Mitigating Security Issues in Bootloaders", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "With the advent of verified/secure boot, bootloaders have become critical components in the chain of trust for embedded Linux systems. This talk will explore common security issues in verified boot implementations and provide an in-depth analysis of vulnerabilities found in popular bootloaders. Attendees will learn about the implications of these vulnerabilities and practical mitigation strategies to enhance device security.", "description": "Over decades, the role of bootloaders has been rather straightforward, loading an operating system kernel and starting it, optionally with some configuration or visual enhancements. However, with the rise of verified, or secure boot, bootloaders now find themselves at the beginning of the chain of trust. Being a member of the chain of trust comes with significant responsibility. Bugs or misconfigurations are no longer just unpleasant; they now undermine the entire security concept of a device.\r\n\r\nIn this talk, Richard will highlight common problems he has encountered in verified boot implementations of embedded Linux systems. He will also provide a deep dive into some vulnerabilities he has discovered in popular bootloaders and discuss how to mitigate them.", "recording_license": "", "do_not_record": false, "persons": [{"code": "NPJPNG", "name": "Richard Weinberger", "avatar": "https://pretalx.com/media/avatars/NPJPNG_n24W0wI.webp", "biography": "Richard is co-founder of sigma star gmbh where he offers consulting services around Linux and IT security. Upstream he maintains various subsystems of the Linux kernel such as UserModeLinux and UBIFS. Beside of low level and security aspects of computers he enjoys growing lithops.", "public_name": "Richard Weinberger", "guid": "5d3c5b2e-55fc-5e5a-a208-72bc9b2709dd", "url": "https://pretalx.com/bsides-munich-2024/speaker/NPJPNG/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/DCMSPV/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/DCMSPV/", "attachments": [{"title": "Slides v0.1", "url": "/media/bsides-munich-2024/submissions/DCMSPV/resources/bootloader_security_bsides_OT8plMC.pdf", "type": "related"}, {"title": "Slides", "url": "/media/bsides-munich-2024/submissions/DCMSPV/resources/bootloa_7Kj05gu.pdf", "type": "related"}]}, {"guid": "4bf6a20d-8afa-500a-ba7e-a214c280d124", "code": "D9ZKCT", "id": 53595, "logo": "https://pretalx.com/media/bsides-munich-2024/submissions/D9ZKCT/1719581283583_ym1t9Qo.jpg", "date": "2024-11-11T12:30:00+01:00", "start": "12:30", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-53595-mystical-vulnerabilities-exploring-the-oddities-in-cybersecurity", "url": "https://pretalx.com/bsides-munich-2024/talk/D9ZKCT/", "title": "Mystical Vulnerabilities: Exploring the Oddities in Cybersecurity", "subtitle": "", "track": "Talks", "type": "Talks - Rookie", "language": "en", "abstract": "In the Information Security world, where many researchers crave to enhance their resume, the aid represented by the concepts of CVE and CVSS is paradoxally and slowly disrupting the vulnerability categorization and management process. Subject to disputed claims by the vendors and inflated severity ratings, the CVE assignment process has become a battleground for recognition, resulting in bogus submissions and unrealistic scores. That's why, for this paper, we have ironically coined the term \"Mystical Vulnerabilities\": security flaws that are not supposed to be so, but they get filed anyway, exploiting the lack of targeted inspection by MITRE or the NVD. This flawed system compels organizations to allocate resources based on CVE scores, and almost highlight the need for a \"scoring system for the scoring system\". A shift towards a more filter-oriented culture and more transparent CVE assignment practices is imperative to navigate the complexities of the arising cyber threats. This paper proposes mitigations to this problem, from a cultural change, to additional scoring systems out there for complementing and filtering CVEs, finishing with interesting clean sources and databases.", "description": "In the dynamic and ever-changing realm of Cyber Security, where both innocuous bugs and serious hidden threats keep spreading exponentially, vulnerability categorization is not a straightforward task at all. This paper will uncover the subset of vulnerabilities represented by the CVEs that defy conventional classification, and will shed light on the root causes for their generation, presenting some concrete examples, and proposing a series of aids that would avoid the security workforce and enthusiasts to fall into the trap, and would contribute to a stronger filter-oriented mindset. This paper coins the term \u201cmystical\u201d vulnerabilities/CVEs in order to better emphasize, on an ironic streak, the paradox represented by these occurrences that seemed outliers, but in reality they are way more than we can count, as we'll see in the next section.\r\nTo be more precise, we define as \u201cmystical\u201d two types of CVEs:\r\n\r\n1)\u00a0\u00a0\u00a0\u00a0 Vulnerabilities that carry disputed claims by their vendors, against the security researchers who filed them. They result in debates due to conflicting interpretations, highlighting the complexity of categorizing vulnerabilities, or even the researcher\u2019s desire for notoriety;\r\n\r\n2)\u00a0\u00a0\u00a0\u00a0 Vulnerabilities that turn out to be rare, because of unconventional methods of exploitation, or their unpredictable impact.\r\n\r\nAt the heart of the discourse surrounding these \"mystical\" vulnerabilities lies the contentious process of CVE assignment. This process, intended to provide a standardized means of identifying and tracking vulnerabilities, ended up trapped in a labyrinth of conflicting interests and divergent interpretations. The CVE assignment process is fraught with challenges, coming from the lack of technical verification by the most notorious databases, like MITRE or the NVD, leading to the susceptibility of exploitation and manipulation by security researchers. To put it ironically, many Bug Bounties are becoming Beg Bounties [1], [2] seeking for recognition at all costs. Our exploration of these vulnerabilities will address the dynamics behind both definitions we gave above: one concerning the human side of the story (researchers aiming for fame, vendors struggling to dispute and protect their reputation), and the other one concerning the perplexities of the scoring system, and the need for a more nuanced approach in vulnerability assessment. As we navigate the easiness of CVEs filing, versus the complexity of proper vulnerability categorization, it becomes evident that a fundamental reevaluation of vulnerability management practices is imperative. We must transcend the limitations of current frameworks and embrace a granular approach that incorporates more solutions as filters to avoid entering the noise. \r\n\r\n[1] https://www.troyhunt.com/beg-bounties/\r\n[2] https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way/?ref=troyhunt.com", "recording_license": "", "do_not_record": false, "persons": [{"code": "QZHZMG", "name": "Massimo Morello", "avatar": "https://pretalx.com/media/avatars/QZHZMG_iAueOm8.webp", "biography": "Massimo is a passionate Cyber Security Analyst, currently working in the Deutsche B\u00f6rse Group (Eurex Clearing) as an Associate Information Security Specialist. Previously collaborating with Kemetmueller Information Security on vulnerabilities research, their trends, and how to efficiently face the storm. In addition, he was formerly employed at the European Central Bank as an IT Security Trainee, where he took care of Vulnerability Management as well.\r\nHis approach in such a dynamic realm is complemented by a keen interest in Security Governance, IT Risk Management, and IT Compliance (especially with DORA and ISO 27001) in order to try to see the problems from a broader perspective.\r\nHis paper \"Regulatory Compliance Verification: A Privacy Preserving Approach\" was presented last year at the CSNet 2023 (IEEE ComSoc) conference in Montreal.\r\nTwo master's degrees in Cyber Security (ouch!) with minor in Digital Innovation & Entrepreneurship, and a lot of thirst for knowledge, desire to share, and make together the Internet a safer place!", "public_name": "Massimo Morello", "guid": "039f6b39-5c6a-5cd4-8a3c-dbc682f9b799", "url": "https://pretalx.com/bsides-munich-2024/speaker/QZHZMG/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/D9ZKCT/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/D9ZKCT/", "attachments": [{"title": "Presentation \"Mystical Vulnerabilities: Exploring the Oddities in Cybersecurity\"", "url": "/media/bsides-munich-2024/submissions/D9ZKCT/resources/Final__4VRcuv2.pptx", "type": "related"}]}, {"guid": "75bc41cc-953d-58b3-8a84-900dd1ec3175", "code": "JUXQQB", "id": 53389, "logo": null, "date": "2024-11-11T14:00:00+01:00", "start": "14:00", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-53389-kobold-letters-and-other-mischief-how-emails-can-deceive-you", "url": "https://pretalx.com/bsides-munich-2024/talk/JUXQQB/", "title": "Kobold Letters and Other Mischief - How Emails Can Deceive You", "subtitle": "", "track": "Talks", "type": "Talks - Rookie", "language": "en", "abstract": "It often doesn't take much for a phishing email to fool its victim, but that doesn't mean there isn't more to it: This talk will look at technical attacks on email that have the potential to elevate the risk of phishing attacks - if that was even necessary - and discuss what it would take to mitigate these attacks.", "description": "Kobold letters use CSS selectors to hide messages in an email, only to reveal them once the email has been forwarded. This allows for two-stage phishing attacks that exploit the trust placed in the message by being forwarded from a trusted sender. Common awareness strategies do not address this issue as the forwarder is legitimate.\r\n\r\nA second vulnerability, undisclosed at the time of submission, provides attackers with similar opportunities, but using a different technical approach that bypasses any lessons learned from Kobold letters.", "recording_license": "", "do_not_record": false, "persons": [{"code": "W3P9PN", "name": "Konstantin Weddige", "avatar": "https://pretalx.com/media/avatars/W3P9PN_v2wWLHy.webp", "biography": "Konstantin Weddige is a penetration tester and co-founder of Lutra Security. His focus is on application security, while his interests cover a wide range of topics in information security in general. He is motivated by the desire to help people understand cybersecurity risks and to make the Internet a safer place, one vulnerability at a time.", "public_name": "Konstantin Weddige", "guid": "f9103fdd-5efc-5a0f-92f9-4391694c67cf", "url": "https://pretalx.com/bsides-munich-2024/speaker/W3P9PN/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/JUXQQB/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/JUXQQB/", "attachments": []}, {"guid": "70206ccd-8569-5116-9d99-39b62ea4160e", "code": "ZVGDJW", "id": 51536, "logo": null, "date": "2024-11-11T14:30:00+01:00", "start": "14:30", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-51536-reverse-engineering-and-control-flow-analysis-with-intel-processor-trace", "url": "https://pretalx.com/bsides-munich-2024/talk/ZVGDJW/", "title": "Reverse Engineering and Control Flow Analysis with Intel Processor Trace", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Intel Processor Trace (Intel PT) offers a powerful tool for capturing detailed control flow information of software running on Intel CPUs. This presentation explores how Intel PT, combined with Linux's perf tool can be leveraged for dynamic control flow analysis and reverse engineering. Attendees will learn about Intel PT's architecture and configuration, techniques for collecting and interpreting trace data using perf, and practical applications in analyzing software behavior, detecting anomalies, and uncovering vulnerabilities in combination with common reverse engineering tools. Real-world case studies and demonstrations will showcase the effectiveness of Intel PT and perf in enhancing software security.", "description": "Reverse Engineering and Control Flow Analysis with Intel Processor Trace focuses on dynamic, rather than static, control flow analysis. Utilizing Intel Processor Trace (Intel PT) alongside Linux's perf tool, this session will demonstrate advanced techniques for capturing and analyzing the execution flow of programs in real-time. Key topics include configuring Intel PT, decoding trace data, and applying these insights to counter anti-debugging techniques and analyze complex software behavior. The presentation aims to equip attendees with practical knowledge for leveraging Intel PT in reverse engineering and dynamic analysis, emphasizing its possibilities over static analysis methods for real-time debugging and security assessment.\r\n\r\n**Participants should have basic knowledge of Linux and the program execution process (libraries,  dynamic loader, executable and linkable format, ...).**", "recording_license": "", "do_not_record": false, "persons": [{"code": "MY8CQV", "name": "Hagen Paul Pfeifer", "avatar": "https://pretalx.com/media/avatars/MY8CQV_jCiPfkV.webp", "biography": "Hagen Paul Pfeifer serves as the Chief Software Strategist at Rohde & Schwarz, where he plays a pivotal role in shaping the software strategy and driving technological innovation. With extensive experience in low-level programming, system architecture, embedded systems and cybersecurity, Hagen specializes in leveraging advanced tools and techniques to dissect and understand complex software behaviors.\r\n\r\nThroughout his career, Hagen has made contributions to both the Linux kernel and the Internet Engineering Task Force (IETF). He has worked on multiple Linux subsystems, including networking and performance analysis, and has authored several Internet-Drafts within the IETF, focusing on routing and TCP performance enhancements.\r\n\r\nHagen holds a degree in Computer Science and continuously engages in research to stay at the forefront of technology. He can be reached at hagen@jauu.net for inquiries and collaborations.\r\n\r\nFor more details, you can refer to his [GitHub profile](https://github.com/hgn).", "public_name": "Hagen Paul Pfeifer", "guid": "6e775809-c5b3-5790-9589-7373e58d46e5", "url": "https://pretalx.com/bsides-munich-2024/speaker/MY8CQV/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/ZVGDJW/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/ZVGDJW/", "attachments": [{"title": "Slides - Reverse Engineering and Control Flow Analysis with Intel Processor Trace", "url": "/media/bsides-munich-2024/submissions/ZVGDJW/resources/bside-r_48zy5lm.pdf", "type": "related"}]}, {"guid": "cf8eefe2-ed01-5aad-a794-b7416de740b2", "code": "3NQ8D3", "id": 50538, "logo": null, "date": "2024-11-11T15:30:00+01:00", "start": "15:30", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-50538-beyond-manual-enhancing-and-scaling-security-with-automation", "url": "https://pretalx.com/bsides-munich-2024/talk/3NQ8D3/", "title": "Beyond Manual: Enhancing and Scaling Security with Automation", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Security teams are often short-staffed and overburdened, but many of their tasks can be automated to alleviate this pressure. Automation enables the offloading of repetitive and mundane manual work, allowing security teams to focus on more complex and engaging tasks. Furthermore, automation facilitates the execution of large-scale security tasks that are not achievable manually.\r\n\r\nThis presentation will begin by exploring the specific automation example of External Attack Surface Monitoring (EASM), demonstrating its implementation using open-source tools. \r\nFollowing this, the discussion will broaden to cover the implementation of a generic security automation platform. Examples will be provided of the types of tasks that can be automated, how they can be implemented and the tools available to achieve this.\r\n\r\nWhile this talk aligns with DevSecOps principles, it is distinct in that it does _not_ focus on CI/CD pipeline security. Instead, it addresses security automation that extends beyond security for software development activities.", "description": "This presentation explores how automation can alleviate the burden on short-staffed security teams by offloading manual tasks. It begins with an example of implementing External Attack Surface Monitoring (EASM) using open-source tools, then expands on the general topic of building a security automation platform. The discussion highlights various automatable tasks and available tools.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SSTJN3", "name": "Christian Bauer", "avatar": null, "biography": "Software engineer turned security engineer.\r\nExtensive expertise in cloud-native security, with hands-on experience across a wide range of security topics. From implementing security infrastructure and tooling all the way to security consulting.", "public_name": "Christian Bauer", "guid": "073faa10-559f-539b-afc6-a6d2619be6fa", "url": "https://pretalx.com/bsides-munich-2024/speaker/SSTJN3/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/3NQ8D3/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/3NQ8D3/", "attachments": [{"title": "Slides", "url": "/media/bsides-munich-2024/submissions/3NQ8D3/resources/talk_PW8LRG1.pdf", "type": "related"}]}, {"guid": "267338c0-2fa6-5033-b749-b45af0dc3e95", "code": "KCKTLP", "id": 58528, "logo": null, "date": "2024-11-11T16:00:00+01:00", "start": "16:00", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-58528-nis2-and-cra-from-legislation-to-execution", "url": "https://pretalx.com/bsides-munich-2024/talk/KCKTLP/", "title": "NIS2 and CRA: From Legislation to Execution", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "There is an increase in new EU legislation that requires cyber security measures. This talk demonstrates how governance and engineering can work together to ensure resilience and security while at the same time delivering compliance.", "description": "There is an increase in new EU legislation that requires cyber security measures. This talk demonstrates how governance and engineering can work together to ensure resilience and security while at the same time delivering compliance.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ETDJG7", "name": "Jennifer Janesko", "avatar": "https://pretalx.com/media/avatars/ETDJG7_ddaKFH3.webp", "biography": "Suffering from persistent earworms, Jenn works as an earthling cyber security and privacy governance manager by day. Her nights and weekends are littered with jogging, 3d printing, video-editing, music-making, hiking, AI exploring and TV-binging. She prefers to undertake difficult tasks with epic background music and perpetually seeks early-evening karaoke and jeans made for short-legged tall people.", "public_name": "Jennifer Janesko", "guid": "4259039a-26ae-5737-b4ef-3ab2a6c7dcdb", "url": "https://pretalx.com/bsides-munich-2024/speaker/ETDJG7/"}, {"code": "MJFQUB", "name": "Sneha Rajguru", "avatar": null, "biography": "Sneha has been working in the field of information security for over a decade now, she has spoken and provided training at various international security conferences. Outside work, she likes to take small hikes in the alps, spends her time building the 75192 Millennium Falcon and is obsessed with Darth Vader.", "public_name": "Sneha Rajguru", "guid": "e6fbd606-c8a3-582e-aa89-269f36ec0fb0", "url": "https://pretalx.com/bsides-munich-2024/speaker/MJFQUB/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/KCKTLP/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/KCKTLP/", "attachments": [{"title": "NIS2 and CRA: From Legislation to Execution", "url": "/media/bsides-munich-2024/submissions/KCKTLP/resources/NIS2-CR_NZrZXm0.pdf", "type": "related"}]}, {"guid": "ec9a0468-bc40-5e45-af1b-22a0b9bcb528", "code": "DAABP9", "id": 53085, "logo": "https://pretalx.com/media/bsides-munich-2024/submissions/DAABP9/zOS4genZ_aQG12E0.jpg", "date": "2024-11-11T16:40:00+01:00", "start": "16:40", "duration": "00:30", "room": "WestIn - Partenkirchen", "slug": "bsides-munich-2024-53085-z-os-for-genz-hack-the-mainframe", "url": "https://pretalx.com/bsides-munich-2024/talk/DAABP9/", "title": "z/OS for GenZ - Hack the Mainframe", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Discover the critical role of mainframe computing in today's digital landscape. This talk delves into the enduring relevance of mainframes, exploring how they underpin many of the world's most essential systems. We will address a series of emerging challenges that, if left unchecked, could converge into a perfect storm, threatening the stability and security of these vital infrastructure components. The session culminates with a live demonstration, showcasing a real-time hack of a mainframe, to highlight vulnerabilities and the importance of robust security measures.", "description": "For over 60 years, mainframes have been the backbone of mission-critical systems, yet they face significant challenges today. A growing skill gap is emerging as experienced system programmers retire, compounded by the high barrier to entry and domain-specific knowledge required. New talent is scarce due to limited and expensive learning resources, and knowledge sharing is often restricted.\r\n\r\nSecurity testing is critical concern. There is a lack of objective-based penetration testing a knowledge deficit among security professionals adequately assess the vulnerabilities, leaving these essential systems exposed to potential threats.\r\n\r\nThis talk will address these issues, emphasizing the need for bridging the skill gap, promoting knowledge sharing, and enhancing security measures. The session will conclude with a live hacking demonstration, showcasing real-time vulnerabilities and underscoring the importance of robust security practices. Join us to explore the future of mainframe computing and its indispensable role in our digital infrastructure.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YHQBDV", "name": "Jonathan Prince", "avatar": "https://pretalx.com/media/avatars/YHQBDV_2Dz7RDP.webp", "biography": "Jonathan is a senior consultant at NVISO GmbH, he has a wide range of interests within the information technology field including two areas at opposing ends of the (de)centralization scale - blockchain based distributed technologies and mainframe computing.", "public_name": "Jonathan Prince", "guid": "78766981-315c-56b4-92de-56c511e4a640", "url": "https://pretalx.com/bsides-munich-2024/speaker/YHQBDV/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-munich-2024/talk/DAABP9/feedback/", "origin_url": "https://pretalx.com/bsides-munich-2024/talk/DAABP9/", "attachments": [{"title": "Presentation", "url": "/media/bsides-munich-2024/submissions/DAABP9/resources/zos4genz_RjqIexC.pdf", "type": "related"}]}]}}]}}}