Please find details for all talks here.

Two Days of Trainings (16./17. November)

Workshop 01 Workshop 02 Workshop 03 Workshop 04 Workshop 05 Workshop 06 Workshop 07 Workshop 08
Hacking Modern Desktop Apps: Master the Future of Attack Vectors
Abraham Aranguren (7ASecurity LLLP)
Mobile Network Operations and Security
David Burgess (-)
Advanced Deployment and Architecture for Network Traffic Analysis (closed)
Peter Manev, Eric Leblond & Josh Stroschein (Open Information Security Foundation)
Pentesting Industrial Control Systems (closed)
Arnaud Soullié (RS formation et conseil)
How to Break and Secure Single Sign-On (OAuth and OpenID Connect) (closed)
Karsten Meyer zu Selhausen (Hackmanit GmbH)
Advanced Whiteboard Hacking – aka Hands-on Threat Modeling
Sebastien Deleersnyder (Toreon)
Defending Enterprises (closed)
Will Hunt, Owen Shearing (
Mobile Security Testing Guide Hands-On
Sven Schleier (-)

All Trainings cover two days (from 09:30 to 18:30 every day) and include Lunch and two Coffee Breaks.

Two Days of Conference (18./19. November)

Throughout the conference you will get the opportunity of meeting experts at the Hacker's Lounge to discuss security issues and see demonstrations.

Conference, day 1 - Thu, 18 Nov
Arabella Boheme (ROOTS)
08:00 Registration opens
09:00   Opening
René 'Lynx' Pfeiffer (DeepSec Conference)
09:10   Intelligence? Smartness? Emotion? What do We Expect from Future Computing Machinery?
Univ. Prof. Mag. Dr. Gabriele Kotsis (Johannes Kepler University Linz)
10:00 How to Choose your Best API Protection Tool? Comparison of AI Based API Protection Solutions
Vitaly Davidoff (JFrog)
Those Among Us - The Insider Threat facing Organizations
Robert Sell (Trace Labs)
Ethics in Security Research – The Good, the Bad and the Ugly
Dr. Katharina Krombholz (CISPA Helmholtz Center for Information Security)
10:50 Coffee Break
11:10 Releasing The Cracken – A Data Driven Approach for Password Generation
Or Safran, Shmuel Amar (Proofpoint)
Building a Cybersecurity Workforce: Challenges for Organizations
Matthieu J. Guitton, PhD, FRAI (Université Laval)
Reversing and Fuzzing the Google Titan M Chip
Damiano Melotti (Quarkslab)
12:00 Post-quantum Encryption System for 5G
Maksim Iavich (SCSA)
Uncovering Smart Contract VM Bugs Via Differential Fuzzing
Dominik Maier (TU Berlin)
12:50 Lunch
14:00 Critical Infrastructure (KRITIS) in Cyberspace - Complex and Dangerous?
Manuel Atug (HiSolutions AG)
Running an AppSec Program in an Agile Environment
Mert Coskuner (Amazon)
WAFL: Binary-Only WebAssembly Fuzzing with Fast Snapshots
Keno Haßler (TU Berlin)
14:50 Intercepting Mobile App Network Traffic aka “The Squirrel in the Middle”
Sven Schleier (OWASP Project Leader of Mobile Security Testing Guide (MSTG) and Mobile AppSec Verification Standard)
Large-scale Security Analysis Of IoT Firmware
Daniel Nussko (Freelancer)
15:40 Coffee Break
16:00 SSH spoofing attack on FIDO2 Devices in Combination with Agent Forwarding
Manfred Kaiser (Bundesministerium für Landesverteidigung)
16:50 Proactive SIMs
David Burgess (-)
State Malware: When Cops Play Hackers
Andre Meister (
17:40 QKD-based Security for 5G and Next Generation Networks
Sergiy Gnatyuk, PhD. DSc. (-)
Real-Time Deep Packet Inspection Intrusion Detection System for Software Defined 5G Networks
Dr. Razvan Bocu (Transilvania University of Brasov, Romania, Department of Mathematics and Computer Science)
20:00 Speaker's Dinner
Conference, day 2 - Fri, 19 Nov
Arabella Boheme (ROOTS)
09:00 The Black Box in your Data Center
Kai Michaelis (immune GmbH)
Firmware Surgery: Cutting, Patching and Instrumenting Firmware for Debugging the Undebuggable
Henrik Ferdinand Nölscher (Noelscher Consulting GmbH)
09:50 Hunting for LoLs (a ML Living of the Land Classifier)
Boros Tiberiu (Adobe)
Hunting for LoLs (a ML Living of the Land Classifier)
Tiberiu Boros, Andrei Cotaie (Adobe)
10:40 Coffee Break
11:00 Don't get hacked, get AMiner! Smart log data analytics for incident detection
Florian Skopik, Markus Wurzenberger and Max Landauer (Austrian Institute of Technology (AIT))
Hacking Modern Desktop apps with XSS and RCE
Abraham Aranguren (7ASecurity LLLP)
11:50 Revenge is Best Served over IOT
Chris Kubecka (Middle East Institute)
Assessing and Exploiting ICS
Etizaz Mohsin (Saudi Telecom Company)
12:40 Lunch
14:00 Kubernetes Security - Challenge or Chance?
Marc Nimmerrichter (Certitude Consulting GmbH)
When Ransomware fails
Sreenidhi Ramadurgam (Cisco Talos)
14:50 Do You Have a PlugX?
Artem Artemov, Rustam Mirkasymov (Group-IB Europe B.V.)
Information Security Assurance – The Capital C in PDCA
Frank Ackermann (Deutsche Börse AG)
15:40 Coffee Break
16:00 Web Cache Tunneling
Justin Ohneiser (Booz Allen Hamilton, Inc)
I Will Hide, You Come And Seek - Discovering The Unknown in Known Malwares using Memory Forensics
Shyam Sundar Ramaswami (Senior Research Scientist - Research and Efficacy Team - Cisco)
16:50 Analyzing Radicalization on the Internet - Method and Results of the COMRAD-Project
Dr. Andreas Enzminger & Dr. Jürgen Grimm (WU – Vienna University of Economics and Business & University of Vienna)
How to Protect the Protectors? Musings about Security in Security
Tim Berghoff (G DATA CyberDefense)
17:40 DevSecBioLawOps and the current State of Information Security
René Pfeiffer (DeepSec)
Exploitation with Shell Reverse and Infection with PowerShell using VBS file
Filipi Pires (Hacking Is Not crime Advocate | RedTeam Village | DCG 5511 - Sao Paulo)
18:20 Closing Ceremony
18:30 - .:.
19:00 - T.B.A.