Preliminary Schedule

Please find details for all talks here.

Two Days of Trainings (27./28. November)

Workshop 1 Workshop 2 Workshop 3 Workshop 4 Workshop 5
Social Engineering Testing for IT Security Professionals
Sharon Conheady & Martin Law (First Defence Information Security Ltd)
Penetration Testing with Metasploit
Georgia Weidman (Bulb Security LLC)
The Exploit Laboratory Advanced Edition
Saumil Udayan Shah (Net-Square)
Attacks on GSM Networks
Dieter Spaar & Harald Welte (Independent Researcher & HMW-Consulting)
Web application penetration testing
Ari Elias-Bachrach (Appsec Labs)
Workshop 6 Workshop 7 Workshop 8
SAP Security In-Depth
Juan Pablo Perez Etchegoyen (Onapsis, Inc.)
Malware Forensics and Incident Response Education (MFIRE)
Ismael Valenzuela (McAfee Strategic Security)
Strategic Thinking and Assessing Risk
Richard Hanlon (McAfee / Foundstone)

All Trainings cover two days (from 09:30 to 18:30 every day) and include Lunch and two Coffee Breaks.

Two Days of Conference (29./30. November)

Throughout the conference you will get the opportunity of meeting experts at the Hacker's Lounge to discuss security issues and see demonstrations.

Conference, day 1 - Thu, 29 Nov
Left Pirouette Right Pirouette
08:00 Registration opens
09:10   We Came In Peace - They Don't: Hackers vs. CyberWar
Felix "FX" Lindner (Recurity Labs GmbH)
10:00 The "WOW-Effect" - The whole dimension
Christian Wojner (
The Vienna Programme: A Global Strategy for Cyber Security by the Global Cyber Defence Initiative
Stefan Schumacher (Magdeburger Institut für Sicherheitsforschung)
10:50 Coffee Break
11:10 Introducing the Smartphone Pentesting Framework
Georgia Weidman (Bulb Security LLC)
Wargames in the Fifth Domain
Karin Kosina (n/a)
12:00 Pentesting iOS Apps - Runtime Analysis and Manipulation
Andreas Kurtz (NESO Security Labs / University of Erlangen-Nuremberg)
When I Grow up I want to be a Cyberterrorist
Mike Kemp (Xiphos Research Labs)
12:50 Lunch
14:00 Think differently about database hacking
László Tóth (Deloitte Hungary)
Services of cyber crime and cyber weapons in the Cloud.
Stas Filshtinskiy (Stratsec, Australia)
14:50 Hacking the NFC credit cards for fun and debit ;)
Renaud Lifchitz (BT (formerly known as British Telecom))
A Non-Attribution-Dilemma and its Impact on Legal Regulation of Cyberwar
Michael Niekamp und Florian Grunert (University of Osnabrück)
15:40 Coffee Break
16:00 Bad Things in Good Packages - Creative Exploit Delivery
Saumil Udayan Shah (Net-Square)
Social Engineering: how far can you go?
Sharon Conheady (First Defence Information Security)
16:50 Malware analysis on a shoestring budget
Michael Boman (Nowsec AB)
Breaking SAP Portal
Alexander Polyakov (ERPScan)
17:40 I'm the guy your CSO warned you about
Gavin 'Jac0byterebel' Ewan (Independent)
Evolution of E-Money
Jon Matonis (Lydia Group)
20:00 Speaker's Dinner
Conference, day 2 - Fri, 30 Nov
Left Pirouette Right Pirouette
09:00 Cybercrime vs. Cyberstalking - a new Behavior
Dr. Edith Huber (Donau-Uni Krems)
VMDK Hast Left The Building -- Attacking VMware-Based Cloud Infrastructures
Pascal Turbing, Daniel Mende, Matthias Luft (ERNW GmbH)
09:50 Proximax, Telex, Flashproxy - The current state of circumvention software
Jens Kubieziel (self)
Cloud Computing, new approach to securing personal information, and addressing new EU regalations
Mikhail Utin, Daniil Utin (Rubos, Inc.)
10:40 Coffee Break
11:00 SAP Slapping
Dave Hartley (MWR Info Security)
Insecurity? It's just a matter of time
Alexey Kachalin (Advanced Monitoring)
11:50 The Security (or Insecurity) of 3rd Party iOS Applications
Ilja van Sprundel (IOActive, Inc.)
The Whole Nine Yards
Peter Morgan (Accuvant LABS) & John Villamil
12:40 Lunch
14:00 Taking browser fuzzing to the next (DOM) level
Rosario Valotta (Independent security researcher)
Own the Network - Own the Data
Paul Coggin (Dynetics, Inc)
14:50 4140 Ways Your Alarm System Can Fail
Babak Javadi (The CORE Group)
Passive IPS Reconnaissance and Enumeration - false positive (ab)use
Arron "finux" Finnon (ActivityIM)
15:40 Coffee Break
16:00 AMF Testing Made Easy
Luca Carettoni (Matasano Security)
Multilayer evasion fuzzing with evader
Olli-Pekka Niemi (Stonesoft)
16:50 The Interim Years of Cyberspace - Security in a Domain of Warfare
Robert M. Lee (US Air Force)
Inception of the SAP Platform's Brain: Attacks to SAP Solution Manager
Juan Pablo Perez Etchegoyen (Onapsis, Inc.)
17:40 Closing Ceremony
20:00 - Party & Networking at Metalab, Rathausstrasse 6, 1010 Wien