Please find details for all talks here.

Two Days of Trainings (14./15. November)

Workshop 01 Workshop 02 Workshop 03 Workshop 04 Workshop 05
Hunting The Adversary: Developing And Using Threat Intelligence
John Bambenek (Fidelis Cybersecurity / SANS Internet Storm Center)
Open Source Defensive Security (closed)
Leszek Mis (Defensive Security)
SAP CTF Pentest : From Outside To Company Salaries Tampering (closed)
Yvan Genuer (Devoteam)
How To Be A Ghost
Rhett Greenhagen and Jean Yav (McAfee)
Advanced Penetration Testing In The Real World (closed)
Guillaume Lopes (Cisco) / Davy Douhine (RandoriSec)
Workshop 06 Workshop 07 Workshop 08 Workshop 09 Workshop 10
Smart Lockpicking - Hands-on Exploiting Contemporary Locks and Access Control Systems
Slawomir Jasek (SecuRing;
Workshop On Advanced Social Engineering (closed)
Dominique Brack (Reputelligence)
Mobile App Attack
Sneha Rajguru (Payatu software labs llp)
The ARM IoT Exploit Laboratory (Three-Day Workshop) (closed)
Saumil Shah (Net-Square Solutions Pvt. Ltd.)

All Trainings cover two days (from 09:30 to 18:30 every day) and include Lunch and two Coffee Breaks.

Two Days of Conference (16./17. November)

Throughout the conference you will get the opportunity of meeting experts at the Hacker's Lounge to discuss security issues and see demonstrations.

Conference, day 1 - Thu, 16 Nov
Left Pirouette Right Pirouette Riding School (ROOTS)
08:00 Registration opens
09:10   Social Science First!
Dr. Jessica Barker (Co-Founder, Redacted Firm)
10:00 Don't Let The Cuteness Fool You - Exploiting IoT's MQTT Protocol
dalmoz (Moshe Zioni) (VERINT)
Next-Gen Mirai
Balthasar Martin & Fabian Bräunlein (SRlabs)
Paying The Price For Disruption: A FinTech Allowed Account Takeover
Vincent Haupert, Dominik Maier, and Tilo Müller (FAU, TU Berlin, FAU)
10:50 Coffee Break
11:10 Lessons Learned: How To (Not) Design Your Own Protocol
Nicolai Davidsson (zyantific)
XFLTReaT: A New Dimension In Tunnelling
Balazs Bucsay (NCC Group)
A Survey On Automated Dynamic Malware Analysis Evasion And Counter-Evasion: PC, Mobile, And Web
Alexei Bulazel & Bulent Yener (River Loop Security, LLC, Rensselaer Polytechnic Institute)
12:00 Lock, Stock And Two Smoking Apples - XNU Kernel Security
Alex Plaskett & James Loureiro (MWR InfoSecurity)
Behavior Based Secure And Resilient System Development
Dr. Muhammad Taimoor Khan (Alpen-Adria University, Klagenfurt, Austria)
Dynamic Loader Oriented Programming On Linux
Julian Kirsch, Bruno Bierbaumer, Thomas Kittel, Claudia Eckert (Technical University of Munich)
12:50 Lunch
14:00 ML Clustering Attacks: A Walk outside the Lab
Gilad Yehudai (Imperva)
A Song of Botnets and Power: Blackout is coming
Adrian Dabrowski (SBA Research)
Reverse Engineering a Code without the Code
Mesbah Abdelhak (Université de Boumerdes), Jean-Louis Lanet (LHS INRIA)
14:50 Who Hid My Desktop – Deep Dive Into hVNC
Or Safran & Pavel Asinovsky (IBM Security Trusteer)
Insecurity In Information Technology
Tanya Janca (Canadian Government)
15:40 Coffee Break
16:00 How To Hide Your Browser 0-days: Free Offense And Defense Tips Included
Zoltan Balazs (MRG Effitas)
Repairing The internet With Responsible Disclosures
Victor Gevers (0xDUDE) (GDI.foundatoin)
16:50 Malware Analysis: A Machine Learning Approach
Chiheb Chebbi (TEK-UP University)
PeopleSoft: Hack The Planet's Universities
Dmitry Yudin (
17:40 Skip Tracing For Fun And Profit
Rhett Greenhagen (McAfee)
The Future of the Internet
Josh Pyorre (Cisco/OpenDNS)
20:00 Speaker's Dinner
Conference, day 2 - Fri, 17 Nov
Left Pirouette Right Pirouette Riding School (ROOTS)
09:00 Uncovering And Visualizing Botnet Infrastructure And Behavior
Josh Pyorre & Andrea Scarfo (OpenDNS/Cisco)
Intel AMT: Using & Abusing The Ghost In The Machine
Parth Shukla (Google)
09:50 Normal Permissions In Android: An Audiovisual Deception
Constantinos Patsakis (University of Piraeus)
Hacking The Brain For Fun And Profit
Stefan Hager (DATEV eG)
Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications
Sophia d’Antoine, Jeremy Blackthorne, Bülent Yener (Trail of Bits, Rensselaer Polytechnic Institute)
10:40 Coffee Break
11:00 Forensic Accounting – The What, Why And How
Ulrike Hugl (University of Innsbruck)
Making Security Awareness Measurable
Stefan Schumacher (Magdeburger Institut für Sicherheitsforschung)
On The (In-)Security Of JavaScript Object Signing and Encryption
Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk (Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum)
11:50 I Wrote my Own Ransomware; Did Not Make 1 Iota Of A Bitcoin
Thomas Fischer (Digital Guardian)
Cloud Of Suspicion: Scaling Up Phishing Campaigns Using Google Apps Scripts
Maor Bin (Proofpoint)
Enhancing Control Flow Graph Based Binary Function Identification
Clemens Jonischkeit, Julian Kirsch (Technical University of Munich)
12:40 Lunch
14:00 BITSInject - Control Your BITS, Get SYSTEM
Dor Azouri (Security researcher @SafeBreach)
How Secure Are Your VoLTE And VoWiFi Calls?
Sreepriya Chalakkal (ERNW GmbH)
Security Analysis Of The Telegram IM
Tomas Susanka & Josef Kokeš (Czech Technical University in Prague)
14:50 Essential Infrastructure Interdependencies: Would We Be Prepared For Significant Interruptions?
Herbert Saurugg (Cyber Security Austria)
BitCracker: BitLocker Meets GPUs
Elena Agostini (National Research Council of Italy)
15:40 Coffee Break
16:00 Bypassing Web Application Firewalls
Khalil Bijjou (EUROSEC GmbH)
OpenDXL In Active Response Scenarios
Tarmo Randel (CCDCOE)
16:50 How I Rob Banks
Freakyclown (Redacted Firm)
Securing The Darknet
Jens Kubieziel (
17:40 A Story Of A Vulnerability: How To Execute Code On A Forensic Workstation
Wolfgang Ettlinger (SEC Consult)
Building Security Teams
Astera Schneeweisz (SoundCloud)
18:20 Closing Ceremony
18:30 - .:.
19:00 - "The Maze" by Friedrich Moser