Preliminary Schedule

Please find details for all talks here

Two Days of Trainings

Nov 11

Nov 12
Workshop 1 Workshop 2 Workshop 3 Workshop 4 Workshop 5 Workshop 6 Workshop 7
09:30 - 18:30
Improving Code with Destructive Data - Heikki Kortti and Jukka Taimisto
Security Audit and Hardening of Java based Software - Marc Schoenefeld
The Exploit Laboratory - Saumil Udayan Shah
Design and Implementation of Security Awareness Campaigns - Stefan Schumacher
Advanced Malware Deobfuscation - Scott Lambert
Protocol and Traffic Analysis for Snort Signature - Matt Jonkman
Secure Application Coding for Enterprise Software - Vimal Patel

All Trainings are two days long and include Lunch and two Coffee Breaks.

Two Days of Conference

Throughout the conference the hardware specialists Deviant Ollam and Babak Javadi of TOOOL will set up their "Lockpicking Village" and show you the fallacies of locks and problems of physical security.

IMPORTANT NOTICE: The rooms for the talk have changed. All talks in the Small Riding School will be in the Great Riding School. All talks in the Great Riding School will be in the Pirouette.

Day 1 - Nov 13 Pirouette Great Riding School
Registration Opens
09:00 - 09:10
Welcome & Introduction
Paul Boehm & DeepSec Team
09:10 - 10:00
(Adam Laurie,
10:00 - 10:50
Botnet Monitoring & the DNS Scare of 2008
LDAP Injection & Blind LDAP Injection (Chema Alonso)
10:50 - 11:10
Coffee Break
11:10 - 12:00
Into the Eye of the Storm
All About the Storm Network
(Jason Steer, Ironport)
Web Pen Testing Essence
(Simon Roses Femerling, Microsoft)
12:00 - 12:50
Exploring Novelty Ways in Building Botnets
(Daniel Mende and Simon Rich, ERNW GmbH)
Security as a Service
(Achim Reckeweg, Sun Microsystems)
12:50 - 14:00
14:00 - 14:50
Distributed Offensive Computing
(Yarochkin Fedor, guard-info)
Social Engineering for Penetration Testers
(Sharon Conheady)
14:50 - 15:40
DDos Attack on Estonia
(José Nazario, Arbor Networks)
A Web Application Firewall based on Anomaly Detection
(Stefano Zanero and Claudio Criscione,
TU Milano and Secure network Srl
15:40 - 16:00
Coffee Break
16:00 - 16:50
Behind Enemy Lines
(Rafael Dominguez Vega, MWR InfoSecurity)
Mach-o reversing and abusing
(Vincenzo Iozzo, Secure Network)
16:50 - 17:40
Protocols and Encryption of the Storm Botnet
(Joe Stewart, Secure Works)
Living in the RIA World: Blurring the Line Between Web and Desktop Security
(Justine Osborne, iSEC Partners)
17:40 - 18:40
Night Talk: Fear, Uncertainty and the Digital Armageddon (Morgan Marquis-Boire) Music Player and PC Slayer: Messing Around in Memory with Firewire and an iPOD
(Peter Panholzer, SEC Consult)
20:00 - 23:59
Speaker's Dinner
Day 2 - Nov 14 Pirouette Great Riding School
09:00 - 09:50
Keynote (Ivan Krstić)
09:50 - 10:40
Low-Tech Hacking - (Johnny Long) Making Logs Sexy Again: Can We Finally Lose The Regexes? (Dr. Anton Chuvakin)
10:40 - 11:00
Coffee Break
11:00 - 11:50
Timing Attacks... Not just for Crypto. (Haroon Meer, SensePost Information Security) The Changing Methods of Malware Defence (Greg Day, McAfee)
11:50 - 12:40
Predictable RNG in the vulnerable Debian OpenSSL package (Luciano Bello & Maximiliano Bertacchini, CITEFA) Development of a Next Generation IDS/IPS (Matt Jonkman, Emerging, Victor Julien, Snort Inline)
12:40 - 13:40
13:40 - 14:30
Psychological Aspects of Social Engineering (Stefan Schumacher) SWF and the Malware Tragedy (fukami, SektionEins and Ben Fuhrmannek)
14:30 - 15:20
Reverse Engineering of Database Applications (Alexander Kornbrust, Red-Database-Security) Game of Web 2.0 Security - Attacking Next Generation Apps (Shreeraj Shah, Blueinfy)
15:20 - 15:40
Coffee Break
15:40 - 16:30
Hybrid Code Auditing: A Dataflow Source Code Review Methodology (Yiannis Pavlosoglou) Windows NTLM SSO Threats (Kurt Grutzmacher, Cisco Systems)
16:30 - 17:20
Case Studies from Estonia and Georgia (Gadi Evron) (Please go and listen to Gadi! ;-)
17:20 - 17:40
Closing Ceremony
20:00 -
Party & Networking at Metalab, Rathausstrasse 6, 1010 Wien