Past RuhrSec editions featured many cutting-edge talks from great speakers. If you want to see which talks
              have been given at RuhrSec in the past or want to enjoy one of the talks again you can find the program of
              all RuhrSec editions and all available videos here: 
              RuhrSec 2025 | RuhrSec 2023 | RuhrSec 2022 | RuhrSec 2020 | RuhrSec 2019 | RuhrSec 2018 | RuhrSec 2017 | RuhrSec 2016
            
Ben Stock (CISPA Helmholtz Center for Information Security) – Keynote
Keynote. Complexity Kills - Why Adding Layers of Security Doesn’t Solve Much
Video. YouTube
Slides. PDF
Abstract. Many of the technologies (e.g., email or the Web) we use today have been designed decades ago. Over the years, several additions have been made to these technologies to add security, be it in the form of transport encryption or security mechanisms supported by major browsers. However, the overwhelming evidence suggests that the addition of these mechanisms is only beneficial for a tiny fraction of affected operators. Indeed, merely adding security mechanisms leads to confusion about threat models and misunderstandings about the mechanisms. In this keynote, I'll underline this statement and identify what I believe are key issues to overcome to secure both the email and Web ecosystem.
Biography.   Ben Stock is a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Ben leads the Secure Web Application Group at CISPA, and his research focuses on various aspects of Web and network security, with a recent focus in particular on (un)usability of security mechanisms. His group regularly publishes at all major security conferences and Ben serves on the PC and in chair roles for various security conferences. Beyond the focus on academic output, together with his students, he regularly aims to bridge the gap between scientists and practitioners through talks at non-academic conferences like OWASP AppSec or Ruhrsec.
              
               @kcotsneb
            
Daniel Gruss (Professor at Graz University of Technology) – Keynote
Keynote. Every Threat Model is Wrong
Video. Soon
Slides. PDF
Abstract. Security is the tension between an adversary trying to break into a system and a defender trying to prevent this. This game is inherently asymmetric, as the defender tries to anticipate what the adversary could do and the adversary tries to find anything the defender overlooked. Thus, it is at the core of security that threat models are time and again invalidated. In this keynote, we'll explore some historic examples including the change from isolated to interconnected systems, the change of the root of trust with TEEs, and lastly the change from carbon-ignorant security to carbon-aware security. Finally, we will discuss why threat models are still relevant and how they can guide security research in a constantly evolving landscape.
Biography.    Daniel Gruss is a Professor at Graz University of Technology. He has a great passion for teaching, which he started doing in 2009. Daniel's research focuses on microarchitectural security, covering both attacks as well as efficient and effective defenses. He implemented the first remote fault attack running in a website, known as Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs published in early 2018. He frequently speaks at top international venues. In 2022, he was awarded an ERC Starting Grant to research how to make security more sustainable.
              
              
                 @lavados
                
              
                 @lavados@infosec.exchange
            
Christoph Heine and David Rupprecht (Montsecure) – Talk
Talk. 5G Security (And Why You Should Care About It)
Video. YouTube
Slides. PDF
Abstract.The security of cellular networks is still frequently associated with the security of phone networks and personal communication. Attacks discussed in popular media mostly focus on the privacy aspect of phone calls and text messages, e.g. attacks involving eavesdropping or location tracking. However, with the introduction of the 5th Generation technology standard (5G) in 2016, the possible practical applications of cellular network technology have increased significantly beyond usage in phone networks. 5G introduces several new provisions that allow it to be deployed in advanced machine-to-machine communication contexts such as IoT devices, autonomous driving, or aviation. Furthermore, 5G’s new modular design makes it much easier to run a small-scale, dedicated 5G network by placing a greater emphasis on scalability, interoperability, and usage of more “classic” web technologies, e.g. TLS, OAuth2, and HTTP [1]. While these applications offer exciting new opportunities and use cases from a consumer’s point of view, they also have the potential to significantly increase the attack surface and introduce new threats in the fields of mobile security. In our talk, we want to shine a light on the current state of 5G and security threats that have been observed or may arise in the future as the standard is being rolled out all over the world. In this context, we explain which lessons can be learned from related fields of security research, e.g. web security, and how researchers in these fields may apply their findings in the context of 5G. We also discuss the current challenges we face in both 5G security research and practical testing of 5G networks based on our experience on working with the BSI to refine Germany's national 5G certification scheme. [1] //www.3gpp.org/technologies/5g-system-overview
Biography.  Christoph Heine is an independent security researcher and developer of pentesting tools for Montsecure (formerly Radix Security). Christoph is best known for designing and building tools with a high degree of automation, particularly in the field of REST security and testing common vulnerabilities in APIs. His current main focus is the analysis and enhancement of the REST APIs used in the 5G network standards. In this context, he is currently working with a team at Montsecure to create a dedicated security suite for enhancing the testing of 5G networks. In addition to his security related interests, Christoph is also an avid free software advocate and is a frequent collaborator on various open source projects.
            David Rupprecht is a security researcher at the Ruhr University of Bochum in the field of mobile security. Since finishing his PhD in 2020, David has dedicated a significant amount of his attention to the development of official security requirements for the 5G network standards published by the 3GPP working group. In this context, David also works closely with the German Federal Office for Information Security (BSI) to prepare the rollout of the German national certification program for public 5G networks. In 2022, David founded Montsecure (formerly Radix Security) together with Katharina Kohls to pursue these efforts further with a dedicated team of like-minded individuals. As of 2025, their company has grown to the size of 12 people.
            
               David Rupprecht
            
Leon Trampert and Daniel Weber (CISPA Helmholtz Center for Information Security) – Talk
Talk. Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails
Video. Soon
Slides. PDF
Abstract.Modern browsers are increasingly restricting traditional tracking methods like third-party cookies to enhance user privacy. However, browser fingerprinting remains a powerful tool for tracking users across websites, even in privacy-conscious scenarios. It is typically associated with JavaScript-based methods, which have been the primary focus of tracking and mitigation efforts. This talk highlights how Cascading Style Sheets (CSS), often considered harmless and enabled by default in email clients, enable third-party profiling without cookies or JavaScript. Furthermore, modern browser engines facilitate these techniques in HTML emails, making email fingerprinting a capable vector for tracking, targeted phishing, and spam campaigns. These findings reveal gaps in current JavaScript-centric privacy protections and emphasize the need for broader mitigations.
Biography. Daniel Weber is a PhD student researching in the field of microarchitectural attacks, such as side-channel and transient-execution attacks. His work focuses on improving the process of finding such attacks via automation. He is part of Michael Schwarz' research group at the CISPA Helmholtz Center for Information Security. Before that, he obtained a Bachelor's degree in Cybersecurity from Saarland University. In his free time, Daniel regularly participates in Capture the Flag competitions as part of the team saarsec.
              
              
                 @weber_daniel
               roots.ec
              
              Leon Trampert is a PhD student at Saarland University working for the CISPA Helmholtz Center for Information Security under the supervision of Dr. Michael Schwarz and Prof. Christian Rossow. He works on unintended security and privacy implications introduced by new Web technologies. As such, he regularly plays around with up-and-coming Web technologies such as WebAssembly, WebUSB, or new CSS features. Before his doctoral studies, he obtained his Bachelor's degree in Cybersecurity from Saarland University.
              
 
              
                 @LTrampert
               leon.trampert.me
            
Daniel Klischies (Ruhr University Bochum) – Talk
Talk.Behind Closed Curtains - Insights on Security Vulnerabilities in Smartphone Basebands
Video. YouTube
Slides. PDF
Abstract. In an era where smartphones are integral to our daily lives, securing them against vulnerabilities is crucial to protect our overall digital privacy. Consequently, mobile operating systems have been hardened, prompting exploits to become increasingly sophisticated and costly. Threat actors are, therefore, exploring cellular basebands as an alternative and more attractive avenue to compromise the security of smartphones. In this talk, I provide new insights on the security of modern smartphone basebands. I will outline several vulnerabilities in commercial basebands, affecting thousands of different smartphone models. Besides concrete vulnerabilities, you will learn about the systemic issues in the cellular protocol specifications and firmware lifecycle, promoting the likelihood and longevity of such vulnerabilities.
Biography.  Daniel Klischies is a final-year PhD student at the Chair for Security and Privacy of Ubiquitous Systems at Ruhr University Bochum. His main research objective is to understand and improve the security properties of firmware, currently focusing on cellular devices. He prefers to employ a diverse range of methodologies in problem-solving, such as binary analysis, formal methods, and empirical studies. Prior to his PhD studies, Daniel was a software engineer for data analytics solutions in the automotive industry.
 
              
                 @danielklischies
               www.danielklischies.net
            
Márton Bognár and Jo Van Bulck (KU Leuven) – Talk
Talk. Breaking and Securing Memory Isolation in Texas Instruments Microcontrollers
Video. Soon
Slides. PDF
Abstract. Texas Instruments has shipped millions of new-generation MSP430 microcontrollers featuring an advanced security feature (Intellectual Property Encapsulation, IPE) that isolates selected code and data from attackers. We first adapt attack techniques from higher-end systems to leak or inject data and extract side-channel information from IPE. Then we demonstrate controlled call corruption, a novel attack which completely bypasses the IPE protections by performing a simple function call. In the second part of the talk, we first demonstrate a software-only mitigation for existing devices which repurposes the memory protection unit to recover most of IPE’s security guarantees. We then introduce openIPE, our research prototype implementing IPE’s specification extended with a flexible firmware layer to enable rapid prototyping of security primitives more closely aligned with industry practices.
Biography.  Jo Van Bulck is a professor in the DistriNet lab at the Department of Computer Science of KU Leuven, Belgium. His research explores microarchitectural security limitations along the hardware-software boundary, with a particular attention for privileged side-channel attacks on trusted execution environments. Jo's research has uncovered several innovative attack vectors in commodity Intel x86 processors. Key results include Foreshadow, LVI, ZombieLoad, Plundervolt, and SGX-Step.  
 
              
                 @jovanbulck
               www.vanbulck.net
              
              Márton is a graduating PhD student at the DistriNet research group of KU Leuven. His interest lies at the intersection of hardware design, microarchitectural attacks, and formal verification. He is active in both offensive and defensive research with contributions ranging from performing side-channel attacks on web browsers and microcontrollers to building hardware extensions on RISC-V to mitigate transient execution vulnerabilities.
              
 
              
                 @martonbognar
                
                  Bluesky – @mici.hu
               www.mici.hu
            
Niclas Kühnapfel (Technische Universität Berlin) – Talk
Talk. Glitching AP4: A Technical Deep Dive Into Tesla’s Autopilot Computer
Video. Soon
Slides. PDF
Abstract. Tesla has become known not only for its electric vehicles but also for its advanced computer platform, featuring an infotainment system, remote services, and the prominent Autopilot driving assistant. While Autopilot’s platform security protects its code, machine learning models, and data from competitors, it also hinders third parties from accessing crucial user data, such as camera and sensor recordings, which could aid in e.g. crash investigations. In this presentation, we demonstrate how we rooted Tesla Autopilot HW4 using voltage glitching, enabling the extraction of arbitrary code and user data. We will dive deeper into Autopilot’s security architecture, exploring the flash filesystem, full disk encryption, and model weight encryption. Additionally, we will compare this attack with the previously published attack on Autopilot HW3.
Biography. Niclas Kühnapfel is a Ph.D. candidate at TU Berlin’s Chair for Security in Telecommunications (SecT). His research spans hardware, embedded, and platform security. He studied Computer and Communication Systems Engineering (B.Sc., TU Braunschweig) and Computer Engineering (M.Sc., TU Berlin). Niclas has presented on covert channels (ACSAC) and fault injection attacks on AMD-ASP (IEEE PAINE). Recently, he published voltage glitching attacks on Tesla’s infotainment system (Black Hat) and Autopilot HW3 (37C3).
Jonas Kaspereit and Sebastian Schinzel (FH Münster) – Talk
Talk. LanDscAPe: Exploring LDAP Weaknesses and Data Leaks at Internet Scale
Video. YouTube
Slides. PDF
Abstract. The Lightweight Directory Access Protocol (LDAP) is the standard technology to query information stored in directories. These directories can contain sensitive personal data such as usernames, email addresses, and passwords. LDAP is also used as a central, organization-wide storage of configuration data for other services. Hence, it is important to the security posture of many organizations, not least because it is also at the core of Microsoft's Active Directory, and other identity management and authentication services. We report on a large-scale security analysis of deployed LDAP servers on the Internet. We developed LanDscAPe, a scanning tool that analyzes security-relevant misconfigurations of LDAP servers and the security of their TLS configurations. Our Internet-wide analysis revealed more than 10k servers that appear susceptible to a range of threats, including insecure configurations, deprecated software with known vulnerabilities, and insecure TLS setups. 4.9k LDAP servers host personal data, and 1.8k even leak passwords. We document, classify, and discuss these and briefly describe our notification campaign to address these concerning issues.
Biography.  Jonas Kaspereit is currently pursuing a Ph.D. in Computer Science at FH Münster.  
               Jonas Kaspereit
            
David Klein (Technische Universität Braunschweig) – Talk
Talk. Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
Video. Soon
Slides. PDF
Abstract. In this talk, we will delve into why this is the case. To remove XSS payloads, an HTML sanitizer must first parse its input. Then, it determines which parts of the input are dangerous and removes or rewrites them. Lastly, it serializes the transformed input back to its textual form and returns it. This process means a sanitizer is only as strong as the employed HTML parser. Despite HTML looking deceptively simple, implementing an HTML parser is surprisingly complex. While officially specified, parsing HTML has tons of edge cases and quirks. Sanitizers have to implement all of them, effectively mimicking the exact behavior of a browser. Even if a developer pulls off this nontrivial feat, additional pitfalls lie in the differences in behavior between browsers.This talk will show how sanitizers deployed by millions of people fall well short of these goals and are easily bypassable.
              We will present MutaGen, a framework that generates HTML fragments prone to abuse parsing implementation differences, so-called parsing differentials. When evaluating the generated fragments on 11 server-side HTML sanitizers, we found that all use deficient parsers. In benign cases, this means the sanitizer mangles harmless input. However, by abusing such parsing differentials we could automatically bypass all but two of them. 
            
Biography.  David is a PhD candidate at the Institute for Application Security at Technische Universität Braunschweig under the supervision of Martin Johns. His research focus mainly lies in the area of Web Security. However, he's also passionate about privacy and making applications more private and secure through runtime enforcement techniques. He's actively participating in the open source community, maintaining the research browser "Project Foxhound" and the JVM taint engine "Project Fontus". His works have been presented at leading academic conferences (IEEE S&P, Usenix Security, ACM CCS, IEEE EuroS&P, ACSAC, PETS, ...) as well as non-academic venues, e.g., Black Hat EU, RuhrSec, IT Defense, OWASP AppSec SFO, German OWASP Day.
               David Klein
              
                 @leeN@chaos.social
                
                   leeN
            
Vaisha Bernard (EYE Security) – Talk
Talk. Phishing for Tenants: All I Wanted was for Microsoft to Deliver my Phishing Simulation, but instead I kept Reeling in Bug Bounties and Admin Access to Random Tenants
Video. YouTube
Slides. PDF
Abstract. I just wanted to send out a phishing simulation. My first attempt with Microsoft's new Attack Simulation platform resulted in three bug bounties for the most trivial mistakes and no more faith in the product. Then I tried building it myself and the last thing I needed was only to allowlist my IP address. I ended up in a rabbit hole that took me from a Chinese company that wanted all my access tokens, to intercepting client-side requests made by the Security & Compliance Center with the goal of replaying these to a backend API, only to discover I could now access tenants that were not mine. Tenants which I could now completely turn upside down and extract every bit of information that was in there.
Biography. Vaisha Bernard is a principal cybersecurity specialist at Eye Security, a rapidly growing MSSP based in The Netherlands, Germany, and Belgium. Although he has a formal background in Astrophysics and Artificial Intelligence, he already became an offensive cybersecurity enthusiast at age 12. After graduating it was this expertise that landed him a job at the Dutch government. In 2020 he joined Eye Security as principal cybersecurity specialist, where he splits his time between research, high profile incident response cases and cracking attack surfaces.
              
               @the1bernard
              
               Vaisha Bernard
            
Sarah Mader (NVISO GmbH) – Talk
Talk. Red Team Operations in OT: A Peek Behind the Curtains of Hacking Industrial Systems
Video. Soon
Slides. PDF
Abstract. In an era where industrial systems are increasingly targeted by sophisticated cyber threats, understanding how these attacks take place and how to defend against these attacks is crucial. This presentation will provide an in-depth look at Red Team operations within Operational Technology (OT) environments, such as factories and power plants. We will begin by outlining the fundamental differences between OT and IT security, highlighting the unique challenges and vulnerabilities present in OT systems. This foundational knowledge sets the stage for a deeper exploration of the current threat landscape within OT environments. The core of the presentation will focus on real-world case studies from our Red Team assessments. We will walk you through the methodologies we use to simulate real attacker behaviours, from initial infiltration to identifying critical vulnerabilities, all while ensuring minimal disruption to operational processes. Agenda: - Introduction: Overview of Operational Technology (OT) and Red Teaming - Distinguishing IT from OT: Key Differences and Implications - Current Threat Landscape: Emerging Threats and Vulnerabilities in OT - Red Team Operations in OT Environments: Strategies, Tools, and Techniques - Case Studies: Real-world Examples and Lessons Learned
Biography. Sarah is a Senior Consultant at NVISO, with a focus on Red Team Assessments. Complementing her cybersecurity experience, she has developed proficiency in Operational Technology (OT) assessments and continues to specialize further in this area. She possesses a Master's degree in Applied IT Security, which has been enriched by her diverse experiences in cybersecurity roles across various companies. In addition to her professional work, Sarah is dedicated to contributing to the community by leading workshops and delivering presentations at industry conferences.
Jessa Gegax (Surescripts LLC) – Talk
Talk. Salesforce Snafus: Unveiling and Exploiting Security Misconfigurations Using Commonly Used Widgets
Video. YouTube
Slides. PDF
Abstract. This talk explores how to leverage the nooks of Salesforce to find and abuse misconfigurations that chain together and create vulnerabilities that leak data to adversaries. It highlights that security concerns still exist on applications built on a well-known CRM tool with declarative or "point and click" development, where to discover them, and how they can be remediated. It provides a real-world scenario of using various Salesforce widgets to find security vulnerabilities like Insecure Direct Object References (IDORs) and Broken Authorization as a means of stealing sensitive information. It offers solutions for detection and prevention for these attacks that relate to common security best practices. At the end of this discussion, you will walk away with better awareness of the vulnerabilities existing in Salesforce, how they can be discovered, remediated, then prevented.
Biography.  Jessa Gegax is an Information Security Testing Analyst at Surescripts LLC in Minneapolis, Minnesota. Jessa holds an undergraduate degree in Computer Science with research interests in offensive cloud security, networking, and web application/API penetration testing.
              
               Jessa Gegax
            
Paul Gerste (SONARSOURCE SA) – Talk
Talk.SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
Video. Soon
Slides. PDF
Abstract.SQL injections seem to be a solved problem; databases even have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application's database connection. Using vulnerable database driver libraries as case studies, we will bring the concept of HTTP request smuggling to binary protocols. By corrupting the boundaries between protocol messages, we desynchronize an application and its database, allowing the insertion of malicious messages that lead to authentication bypasses, data leakage, and remote code execution.
Biography. Paul Gerste is a vulnerability researcher on Sonar's R&D team. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing and organizing CTFs with team FluxFingers.
              
               @pspaul95 
             @pspaul@infosec.exchange 
            
Fabian Bäumer (Ruhr University Bochum) – Talk
Talk. Terrapin Attack: Breaking SSH Channel Integrity by Sequence Number Manipulation
Video. Soon
Slides. PDF
Abstract. The SSH protocol provides secure access to network services, particularly remote terminal login and file transfer to millions of servers worldwide. SSH uses an authenticated key exchange to establish a secure channel between client and server, which protects the confidentiality and integrity of messages sent. In this talk, we show that as new algorithms and mitigations were added to SSH, the protocol no longer establishes a secure channel: SSH channel integrity is broken for three widely used encryption modes. This allows prefix truncation where encrypted packets at the beginning of the SSH channel can be deleted without either peer noticing it. We demonstrate real-world applications of this attack. We show that we can break SSH extension negotiation, such that an attacker can downgrade algorithms for user authentication or turn off a countermeasure against keystroke timing attacks. Further, we identify a flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim’s login into an attacker-controlled shell.
Biography.  Fabian Bäumer completed his M.Sc. degree in IT security by the end of 2021. Since 2022, Fabian has been working as a PhD student at Ruhr University Bochum and is part of the Chair for Network and Data Security. Currently, he is researching the SSH (Secure Shell) network protocol from a security standpoint.
              
              
                Bluesky – @skrillor.bsky.social
                
              
                  @Skrillor@infosec.exchange
            
Ross Anderson (Professor at University of Cambridge) – Keynote
Keynote. How to statically detect insecure uses of cryptography - at scale and with almost perfect precision
Video. YouTube
Slides. PDF
Abstract. During the 1980s, the intelligence agencies sought to maintain information dominance via export controls on crypto hardware. During the 1990s, once crypto could be done in software, they tried to mandate government access to keys. During the 2000s, as communications came to rely on the server farms of Hotmail, Gmail and Facebook, they harvested most of their material from there. After Ed Snowden told us this in 2013, people started using end-to-end crypto, so the agencies turned their attention to our phones and other devices. We now face a twin attack. Laws proposed in the EU, the UK and elsewhere will mandate client-side scanning, with the usual rhetoric about terrorists and kids. The second front is the EU's Digital Markets Act which will mandate interoperability. If government access to keys was undesirable because of the complexity it introduced, even if escrow keys were kept perfectly secure, then mandated interoperability is complexity on steroids. A coherent response from academia and civil society must engage many issues, from cryptographic protocol design through antitrust economics to strategies to combat violence against women and girls.
Biography.  Ross Anderson is Professor of Security Engineering at the
              Universities of
              Cambridge and Edinburgh. He made early contributions to the study of cryptographic protocols,
              hardware tamper-resistance, security usability and the economics of information security, and
              has worked
              with a range of applications from payment networks and electronic health records
              to vehicle tachographs and prepayment utility meters. He is a Fellow of the Royal Society and
              the Royal
              Academy of Engineering, and won the Lovelace Medal, Britain's top award in computing.
              He is the author of the standard textbook "Security Engineering – A Guide to Building Dependable
              Distributed
              Systems".
              
               @rossjanderson
            
Karthikeyan Bhargavan (Inria Paris) – Keynote
Keynote. Towards High-Assurance Cryptographic Software
Video. YouTube
Slides. PDF
Abstract. The threat of quantum computing, the promise of blockchains, and the need for privacy against pervasive surveillance has ushered in a golden era for the design and deployment of new cryptography, with multiple cryptographic algorithms and protocols being standardised every year. Despite all these exciting developments, however, correctly designing and securely implementing cryptographic systems remains a challenging and error-prone task, even for experts. In this talk, we will see how formal verification and security-oriented programming languages can be used to help build high-assurance cryptographic software. We will discuss their use in the design of recent cryptographic standards like HPKE and MLS, and in the implementation of cryptographic libraries like HACL*. We will conclude by looking at how these methods can be made more widely usable by cryptographic engineers in the future.
Biography. Karthikeyan Bhargavan (Karthik) is a directeur de recherche (DR) at Inria in Paris, where he leads a team of researchers working on developing new techniques for programming securely with cryptography. He was born in India and did his undergraduate studies at the Indian Institute of Technology Delhi before pursuing his PhD at the University of Pennsylvania. He then worked at Microsoft Research in Cambridge until 2009 when he moved to France. Karthik’s research lies at the intersection of programming language design, formal verification, and applied cryptography. Most recently, his work has focused on the design and analysis of the TLS 1.3 Internet standard and the design and deployment of the HACL* cryptographic library. Karthik is also a co-founder of Cryspen, a company that specializes in high-assurance cryptographic solutions.
Fabian Ising (Münster University of applied Sciences) – Talk
Talk. Content-Type: multipart/oracle - Tapping Into Format Oracles in Email End-to-End Encryption
Video. YouTube
Slides. PDF
Abstract."Email is an offline protocol - oracle attacks against its end-to-end
              encryption
              are impractical." - This statement has been made time and time again. However, is it really
              true? Can we
              perform “real” oracle attacks, like Vaudenay's CBC Padding Oracle Attack and Bleichenbacher’s
              infamous
              Million Message Attack against E2EE email? 
              We survey how the decryption state of E2EE email can be made visible through the interplay of
              MIME and IMAP
              and describe side-channels caused by specific MIME trees. We analyze 19 OpenPGP and S/MIME email
              clients and
              exploit side-channels to decrypt S/MIME messages in iOS Mail and Google Workspaces.
              Finally, we discuss why exploiting the other clients is impractical and that the unintended
              countermeasures
              create dangerous conflicts between usability and security. Finally, we present more rigid
              countermeasures
              for developers and the standards.
Biography.  Fabian Ising is a security researcher and PhD candidate at Münster
              University
              of Applied Sciences and Ruhr Uni Bochum. He is interested in applied cryptography, especially in
              email
              security and network protocols. Apart from applied cryptography, he spends time on medical
              security and web
              security. He also has experience as a penetration tester and code auditor. When not working, he
              loves hiking
              and doing jigsaw puzzles.
 @murgi
 @murgi@infosec.exchange
            
Daniel Weber and Michael Schwarz (CISPA Helmholtz Center for Information Security) – Talk
Talk. CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks
Video. YouTube
Slides. PDF
Abstract.Over the last two decades, researchers discovered different new attacks
              on
              modern CPUs. These attacks include side-channel attacks capable of leaking secret keys or
              breaking
              security mitigations. More recently, even more powerful attacks such as Spectre and Meltdown
              were
              discovered
              In this talk, we explore approaches that we developed to automatically find such attacks. First, we
              present
              Osiris, a tool to automatically find side channels. Second, with Transynther, we find new variants
              of
              Meltdown-type attacks. Third, we discuss MSRevelio, a tool searching for undocumented MSRs.
              
              We also present the found attacks ranging from side-channel attacks over KASLR breaks, to
              Meltdown-type
              attacks. Along the way, we will elaborate on the challenges and limitations these tools face despite
              their
              success and comment on what we believe are the most important lessons we can learn from them.
            
Biography. Daniel Weber is a PhD student researching in the field of
              microarchitectural
              attacks, such as side-channel and transient-execution attacks. His work focuses on improving the
              process
              of finding such attacks via automation. He is part of Michael Schwarz' research group at the
              CISPA
              Helmholtz Center for Information Security. Before that, he obtained a Bachelor's degree in
              Cybersecurity
              from Saarland University. In his free time, Daniel regularly participates in Capture the Flag
              competitions
              as part of the team saarsec.
              
               @weber_daniel
              
              Michael Schwarz is Faculty at the CISPA Helmholtz Center for Information Security, Germany, with
              a focus
              on microarchitectural attacks and system security. He obtained his PhD in 2019 from TU Graz. He
              holds two
              master's degrees in computer science and software engineering. He is a regular speaker at both
              academic
              and hacker conferences. He was part of one of the research teams that found the Meltdown,
              Spectre,
              Fallout, LVI, PLATYPUS, and ZombieLoad. He was part of the team developing the KAISER patch, the
              basis for
              the widely Meltdown countermeasure deployed in every modern operating system.
              
 
               @misc0110
            
Soheil Khodayari (CISPA Helmholtz Center for Information Security) – Talk
Talk.Everything You Wanted to Know About DOM Clobbering (But Were Afraid to Ask)
Video. YouTube
Slides. PDF
Abstract. XSS has been a major threat to webapps for the past 20 years, often achieved by script injection, and mitigated by disallowing or controlling script execution. But what if the attackers can obtain XSS with script-less markups? DOM Clobbering is a type of namespace collision attack that enables attackers to transform seemingly benign HTML markups to executable code by exploiting the unforeseen interactions between JS code and the runtime environment. Unfortunately, attack techniques, browser behaviours, and code patterns that enable DOM clobbering has not been studied yet, and in this work, we undertake that. Our study shows that DOM clobbering vulnerabilities are ubiquitous, affecting 9.8% of the top 5K sites, and that existing defenses may not completely cut them. This talk covers clobbering techniques, vulnerability detection, prevalence, indicators, and defenses.
Biography.  Soheil Khodayari is a PhD candidate at CISPA, Germany, researching
              in the area
              of Web security and privacy testing, and Internet measurements. Soheil has presented and
              published his works
              on top tier security venues like IEEE S&P, NDSS, USENIX Security, Stanford SecLunch, and OWASP
              AppSec. He
              also serves as the AE PC of security conferences like USENIX and ACSAC. Among his contributions,
              Soheil
              proposed the first taxonomy and detection of XS-leaks, one of the first studies about
              client-side CSRF, the
              state of the SameSite adoption, and other client-side vulnerabilities.
 
               @Soheil__K
            
Veelasha Moonsamy (Ruhr University Bochum) and Rafa Gálvez (KU Leuven) – Talk
Talk. Federated Learning and Its Application for a Privacy-Respecting Android Malware Classifier
Video. YouTube
Slides. PDF
Abstract. Federated Learning (FL) has gained popularity as a mechanism to
              address privacy
              threats in the training process of a machine learning model. Instead of sharing raw data, users
              can share
              locally trained models to stop service providers from getting access to their personal
              information. FL has
              been deployed in a popular Android application, the Gboard mobile keyboard, and researchers are
              investigating new ways to make it more accurate and more secure.
              In this talk, we introduce the basics for understanding FL and discuss three important
              shortcomings of
              vanilla FL. First, users are required to provide the system with ground truth to enable local
              training in
              their own devices. Second, the introduction of malicious users to the federation may break the
              integrity of
              the model in order to lower performance. And third, an honest-but-curious service provider may
              break user
              privacy by attacking their individual models. Our solution is based on semi-supervised machine
              learning
              techniques that, on the one hand, allow users to learn from their unlabeled data, and on the
              other hand,
              reduce the attack surface of the federated model.
              We demonstrate the feasibility of our design by implementing LiM, an Android malware classifier
              that is
              resistant against poisoning and inference attacks while providing state-of-the-art results
              without user
              supervision. We end by giving an overview of potential applications of LiM beyond malware
              detection.
            
Biography.  Veelasha Moonsamy is a tenured research faculty at the Chair for
              System
              Security at Ruhr University Bochum in Germany. She was previously an Assistant Professor in the
              Digital
              Security group at Radboud University (The Netherlands) and was briefly affiliated with the
              Software Systems
              group at Utrecht University (The Netherlands) in 2018. She received her PhD degree in 2015 from
              Deakin
              University (Australia). Her research interests revolves around security and privacy for embedded
              devices, in
              particular side- and covert-channel attacks, malware detection, and mitigation of information
              leaks at
              application and hardware level. 
 
               @veelasha_m
               @veelasha@infosec.exchange
              
              Rafa Gálvez is a recent PhD graduate from the COSIC research group
              at KU
              Leuven working on privacy engineering for AI. He is interested in delivering high-quality,
              state-of-the-art
              AI products that respect user privacy and solve real-world needs of as many (vulnerable) people
              as possible.
              
 
              
                @artificialphilosopher@scholar.social
            
David Klein (Technische Universität Braunschweig) – Talk
Talk. Hand Sanitizers in the Wild: A Large-Scale Study of Custom JavaScript Sanitizer Functions
Video. YouTube
Slides. PDF
Abstract. Input Sanitization is the main defense strategy against the ever
              present class
              of injection vulnerabilities. Needing to process complex input data, such as HTML fragments,
              makes writing
              correct sanitizers very demanding. Are developers up to the task?
              This is the question we will answer during this talk with a focus on Client-Side Cross-Site
              Scripting. We
              will cover how to detect sanitization logic on websites, automatically assess their security and
              bypass them
              if they are insecure. With this toolkit we present the results of our study on the state of HTML
              sanitization on the Web at large. This includes various examples how developers try and fail at
              writing such
              routines.
              Finally, we will discuss ways to actually protect yourself as a developer as well as a glimpse
              towards
              upcoming mitigations built into the browser. Maybe these will finally aid to ridden the web of
              this
              vulnerability class.
            
Biography.  David is a PhD candidate at the Institute for Application Security
              at
              Technische Universität Braunschweig. His research interests include Web Security with a focus on
              (breaking)
              protection mechanisms, as well as approaches on making existing software more privacy
              preserving. David has
              presented both at academic venues as well as industrial conferences such as SAP DKOM, IT-DEFENSE
              and OWASP
              Global AppSec.
              
               @ncd_leen
               @leeN@chaos.social
            
Jörg Schwenk (Professor at Ruhr University Bochum) – Talk
Talk. Security of Push Messaging
Video. YouTube
Slides. PDF
Abstract. Push services like SMS, e-mail and instant messaging are one of the
              foundations of digital communications. However, their security differs significantly.
              Researchers are
              enthusiastic about new security paradigms implemented in instant messaging applications like
              SIGNAL and
              WhatsApp, and despair about the security of OpenPGP and S/MIME. But is either enthusiasm or
              despair
              justified? This talk gives an overview on recent research and novel solutions to these
              problems.
              
              In this talk, the speaker will demonstrate how a popular app with over 100 million downloads
              conducts
              their mobile fraud operation and performs a commonplace mobile fraud technique: Click Injection.
            
Biography.  Since September 2003, Prof. Dr. Jörg Schwenk heads the Chair for
              Network and
              Data Security at the Ruhr University Bochum. The chair belongs to the renowned Horst Görtz
              Institute for
              IT Security. Professor Schwenk is an internationally recognized expert in the areas of
              cryptography and IT
              security. After completing his doctorate in the Department of Mathematics at the University of
              Gießen he
              moved in 1993 to Darmstadt, where he worked at the Telekom Technology center for applied
              research in the
              field of IT security. Professor Schwenk is an author of numerous international publications in
              renowned
              conferences (for example USENIX Security, ACM CCS), author of textbooks on cryptography and
              Internet
              security, and about 60 patents in the field of IT security. 
               @JoergSchwenk
            
Marius Musch (Technische Universität Braunschweig) – Talk
Talk. Server-Side Browsers: Exploring the Web's Hidden Attack Surface
Video. YouTube
Slides. PDF
Abstract. As websites grow ever more dynamic and load more of their content on
              the fly,
              automatically interacting with them via simple tools like curl is getting less of an option.
              Instead,
              headless browsers with JavaScript support, such as PhantomJS and Puppeteer, have gained traction
              on the Web
              over the last few years. For various use cases like messengers and social networks that display
              link
              previews, these browsers visit arbitrary, user-controlled URLs. To avoid compromise through
              known
              vulnerabilities, these browsers need to be diligently kept up-to-date.
              In this talk, we investigate the phenomenon of what we coin 'server-side browsers' at scale and
              find that
              many websites are running severely outdated browsers on the server-side. Remarkably, the
              majority of them
              had not been updated for more than 6 months and over 60% of the discovered implementations were
              found to be
              vulnerable to publicly available proof-of-concept exploits.
              By attending, you will not only learn about this new and unique attack surface, but also how to
              discover
              these vulnerabilities on your own. Moreover, you will learn how defenses against traditional
              SSRF attacks
              are insufficient in the context of this attack and what can be done about that.
            
Biography.  Marius Musch is a web security researcher at the Institute for
              Application
              Security at Technical University Braunschweig, where he obtained his PhD in November 2022. His
              research
              interests focus on the intersection of client-side web attacks and large-scale studies. So far,
              Marius has
              given presentations at venues such as Usenix Security, AsiaCCS, OWASP Global AppSec, and the
              Chaos
              Communication Congress.
               @m4riuz
               @m4riuz@infosec.exchange
            
Antoon Purnal and Marton Bognar (KU Leuven) – Talk
Talk. ShowTime: CPU Timing Attacks With the Human Eye
Video. YouTube
Slides. PDF
Abstract. Are precise timers required for successful timing attacks? 
              While machines are accomplishing feats previously thought to require human-like intellect,
              this talk exposes
              how humans can achieve a task previously thought to require machine-like precision:
              observing phenomena
              happening at the nanosecond scale.
Biography. Antoon (Toon) Purnal is a PhD researcher in the hardware
              security group at
              COSIC under the supervision of professor Ingrid Verbauwhede. His research interests include
              microarchitectural attacks and defences, and efficient and secure cryptographic
              implementations. Before
              joining COSIC, he obtained a Master’s degree in Electrical Engineering from KU Leuven.
              
               @purnaltoon
               @PurnalToon@infosec.exchange
              
              Marton is a Ph.D. candidate at the DistriNet research group of KU Leuven under the
              supervision of Frank
              Piessens. His interest lies in the intersection of side-channel attacks, hardware design,
              and formal
              verification. He is active in both offensive and defensive research.
              
               @martonbognar
            
Stefan Gast and Daniel Gruss(Graz University of Technology) – Talk
Talk. SQUIP or Why We Need to Study Processors Like Nature
Video. YouTube
Slides. PDF
Abstract. As CPU microarchitectures have been the subject of security
              research over
              decades, one might think that we are close to exhaustively understanding them. However, we
              argue that this
              is not the case. We overview prior attacks and present a new case study: SQUIP - Scheduler
              Queue Usage
              Interference Probing.
              
              We provide background on modern CPU pipelines and out-of-order execution. We discuss
              scheduler queues and their security implications, showing how scheduler queue contention can
              leak up to 2.7 MBit/s in a cross-process covert-channel scenario and up to 0.89 MBit/s
              across virtual machines. Our end-to-end SQUIP attack on AMD CPUs leaks full RSA private keys
              within 1 hour, across processes and virtual machines. Finally, we outline how to go forward,
              both on mitigating SQUIP and on microarchitectural security research in general, showing
              that we need to study microarchitectures like nature.
            
Biography. Stefan Gast started his PhD in Daniel's research group at Graz
              University of
              Technology in August 2021. His research focuses on software-based microarchitectural CPU
              attacks and
              defenses. SQUIP was the first publication for his PhD thesis. Stefan is also passionate
              about teaching and
              has been doing so for more than 10 years.
              
               @notbobbytables
              
                @notbobbytables@infosec.exchange
              
              Daniel Gruss is a Professor at Graz University of Technology. He has a great passion for
              teaching, which he
              started doing in 2009. Daniel's research focuses on microarchitectural security, covering
              both attacks as
              well as efficient and effective defenses. He implemented the first remote fault attack
              running in a website,
              known as Rowhammer.js. His research team was one of the teams that found the Meltdown and
              Spectre bugs
              published in early 2018. He frequently speaks at top international venues. In 2022, he was
              awarded an ERC
              Starting Grant to research how to make security more sustainable.
              
               @lavados
               @lavados@infosec.exchange
            
Sven Hebrok (Paderborn University) – Talk
Talk. We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers With TLS Session Tickets
Video. YouTube
Slides. PDF
Abstract. Session tickets improve the TLS protocol performance and are
              therefore widely
              used. For this, the server encrypts secret state and the client stores the ciphertext and
              state. Anyone able
              to decrypt this ciphertext can passively decrypt the traffic or actively impersonate the TLS
              Server on
              resumption. To estimate the dangers associated with session tickets, we perform the first
              systematic
              large-scale analysis of the cryptographic pitfalls of session ticket implementations.
              
              We found significant differences in session ticket implementations and critical security
              issues in the
              analyzed servers. Vulnerable servers used weak keys or repeating keystreams in the used
              tickets. Among
              others, our analysis revealed a widespread implementation flaw within the Amazon AWS
              ecosystem that allowed
              for passive traffic decryption for at least 1.9% of all servers in the Tranco Top 100k
              servers.
            
Biography.  I am a PhD student at the System Security Chair at Paderborn
              University,
              supervised by Juraj Somorovsky. I'm Interested in TLS, cryptographic and configuration
              issues, as well as
              odd behavior of implementations in edge cases but also network security in general. Along
              the way, I have
              gathered some experience in large scale scanning and working with networks. Occasionally you
              can also find
              me in a Kayak.
              
               @xoimex
            
Sebastian Roth and Ben Stock (CISPA Helmholtz Center for Information Security) – Talk
Talk.You Can't Always Get What You Want – How Web Sites (Often) Lack Consistent Protection
Video. YouTube
Slides. PDF
Abstract.Client-side security policies are designed to protect against
              various types of
              Web attacks and are communicated to the browser through HTTP response headers. To ensure
              protection, these
              headers must be consistently deployed and enforced across all pages within the same origin
              and for all
              clients.
              In this talk, you will get a refresher on the most important security headers and see
              examples of
              seemingly innocuous misconfigurations that can lead to significant threats. Moreover, you’ll
              learn about
              how many of the top sites fall victim to such mistakes (based on our scientific measurement
              studies).
              Finally, you’ll learn how to avoid them for your own pages, and hear about a new proposal to
              overcome all
              these issues.
Biography. Sebastian Roth is a last-year PhD Candidate (submitted in January
              2023) at
              Saarland University / CISPA. My research interest is focused on client-side Web security as
              well as
              developer-centric usable security and is regularly published at Top Tier academic venues.
              But I also enjoy
              giving non-academic talks such that I can stay in contact with folks from the industry. In
              addition to
              that I have taught other students as a tutor and teaching assistant in several different
              lectures. During
              my leisure time, I regularly organize and participate in CTF (Capture the Flag) competitions
              together with
              saarsec.
              
               @s3br0th
              
              Ben Stock is a tenured faculty at the CISPA Helmholtz Center for Information Security in
              Saarbrücken,
              Germany. Ben leads the Secure Web Application Group at CISPA, and his research focuses on
              various aspects
              of Web security, with a recent focus in particular on CSP and its connections to aspects of
              usability. His
              group regularly publishes at major security conferences such as USENIX Security, CSS, and
              NDSS, and Ben
              also serves on the PC and as track chair of the venues. His group also regularly shares
              insights outside
              the scientific community, such as at OWASP AppSec or Ruhrsec.
              
               @kcotsneb
            
Paul Staat (Ruhr University Bochum) – Talk
Talk. Your Wi-Fi Is the Eavesdropper's Radar: How to Counter Privacy Threats of Wireless Sensing
Video. YouTube
Slides. PDF
Abstract. Today's ubiquitous wireless devices are attractive targets for
              passive
              eavesdroppers to launch reconnaissance attacks. Regardless of cryptographic measures,
              adversaries can
              overhear standard communication signals on the physical layer to obtain estimations of
              wireless
              propagation channels. These are known to contain information about the surrounding
              environment, which can
              be extracted using wireless sensing methods. In this way, adversaries may gain sensitive
              information which
              poses a major privacy threat. For instance, it is easily possible to infer human motion,
              allowing to
              remotely monitor premises of victims
              In this talk, we first review wireless sensing and its privacy implications. We then
              introduce IRShield -
              a countermeasure against adversarial wireless sensing based on recent advances on
              intelligent reflecting
              surfaces. IRShield is designed as a plug-and-play privacy-preserving extension to existing
              wireless
              networks. We demonstrate that IRShield defeats a state-of-the-art human motion detection
              attack proposed
              in the literature.
            
Biography. Paul Staat received his B.Sc. degree in electrical engineering and the M.Sc. degree in communication systems and networks from the University of Applied Sciences Cologne, Germany, in 2016 and 2018, respectively. He is currently working towards the Ph.D. degree at the Max Planck Institute for Security and Privacy in Bochum. His research interests include physical-layer and wireless security and tamper-resistant hardware.
Patricia Arias-Cabarcos (Paderborn University) – Talk
Talk. For Smarter Authentication, We Might Need to Use the Brain
Video. YouTube
Abstract. We deserve smarter authentication mechanisms to move on from the current password-dominated scene. With the democratization of neurotechnologies, the usage of brain biometrics in everyday life becomes a tangible possibility. In this talk, we will present research contributions towards practical brainwave-based user authentication, covering both security and usability aspects.
Biography.  Patricia Arias-Cabarcos is Professor of IT Security at Paderborn
              University.
              Her research interests lie in the area of human-centered security and privacy, with a special focus on
              usable authentication, behavioral data protection, and data-driven transparency. She publishes in major
              conferences in the field, such as CCS and USENIX Security, having also served on the technical program
              committee for this type of venues, including CCS, ESORICS and EuroUSEC.
 @patriAriasC
Jasper Bongertz and Tatjana Ljukovic (G DATA Advanced Analytics GmbH) – Talk
Talk. The Cyber-Triad - TTPs, Nightmares and Epic Fails All Things IR, Reverse Engineering and Red Teaming
Video. N.A.
Abstract. IT security incidents occur in many forms and characteristics. The reasons
              for
              a successful attack and the resulting incident are also diverse.
Using current examples from
              the last two years, this presentation explains in a realistic manner how Reverse Engineering, Incident
              Response/Readiness and various topics from the offensive side interact when dealing with an incident and
              where are limitations. Furthermore, fundamental obstacles and show-stoppers in the area of analyzing and
              dealing with IT security incidents are also discussed.
Biography.  Jasper Bongertz is a network security expert with a focus on network
              forensics and incident response. He works as Head of Incident Response at G DATA Advanced Analytics in
              Bochum.
              
              Tatjana Ljucovic is studying for her Master's degree in Internet Security. Over the past 10 years, she
              has
              gained profound knowledge in various fields of IT security and has focused in particular on secure
              network
              communication.
            
Aurore Fass (Stanford University) – Talk
Talk. DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale
Video. YouTube
Abstract. Browser extensions have elevated privileges compared to web pages, thus
              attracting the interest of attackers. While prior work focused on detecting malicious extensions, we
              consider vulnerable extensions. In fact, a web page under the control of an attacker can send malicious
              payloads to a vulnerable extension, leading to, e.g., universal XSS.
To uncover such attacks,
              we built DoubleX, our static analyzer detecting suspicious external data flows between an attacker and
              security- or privacy-critical APIs in extensions. On the 155k Chrome extensions analyzed, DoubleX has
              both
              high precision (89%) and recall (93%). Overall, we could exploit 184 extensions under our threat model
              (2021), 87% of which were already vulnerable in 2020.
We hope that our work will increase the
              awareness of well-intentioned developers toward unsafe programming practices leading to security and
              privacy issues.
Biography.  Aurore Fass is a Visiting Assistant Professor of Computer Science at
              Stanford University (U.S.) and a Research Group Leader at CISPA (Germany). Aurore got her PhD from CISPA
              &
              Saarland University in 2021, jointly supervised by Michael Backes and Ben Stock. Her PhD thesis revolves
              around studying JavaScript security through static analysis.
Aurore's research focuses on Web
              Security & Privacy, Web Measurements, and Machine Learning. Specifically, she is interested in detecting
              malware & vulnerabilities on the Web and collecting data to better understand and improve user security
              and privacy.
 @AuroreFass
Lukas Giner and Daniel Gruss (Graz University of Technology) – Talk
Talk. Secure Cache Designs: The State of the Art and Beyond
Video. YouTube
Abstract. In recent years, the advent of microarchitectural attacks has brought with
              it
              a renewed interest in secure cache designs. The prominent strategies that have emerged in secure cache
              designs to mitigate side-channel attacks are randomization or partitioning. Following initial designs,
              other works have shown that even these improved designs are limited in the face of more advanced
              attacks,
              starting a theoretical (cache) arms race.
In this talk, we give an overview of traditional
              and
              secure caches designs, as well as their respective attacks. We outline the mechanisms of the most
              prominent designs and discuss their properties. We take a detailed look at which design assumptions were
              broken by new attacks and where designs may have had flaws to begin with. Finally, we present a new
              cache
              design that aims to avoid currently known attacks and sidestep the mechanisms on which they are built.
            
Biography.  Lukas Giner is a PhD Student at Graz University of Technology in the
              CoreSec
              group of Daniel Gruss. His research focuses on microarchitectural security, from attacks like Fallout to
              secure hardware designs like Scattercache.
 @redrabbyte
              
              Daniel Gruss is an Assistant Professor at Graz University of Technology. He has been involved in
              teaching
              operating system undergraduate courses since 2010. Daniel's research focuses on side channels and
              transient execution attacks. He implemented the first remote fault attack running in a website, known as
              Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs published
              in
              early 2018. He frequently speaks at top international venues.
 @lavados
            
Fabian Ising (Münster University of Applied Sciences) and Damian Poddebniak (Independent Researcher) – Talk
Talk. Why TLS is better without STARTTLS
Video. YouTube
Abstract. TLS is one of today's most widely used and best-analyzed encryption
              technologies. However, for historical reasons, TLS for email protocols is often not used directly but
              negotiated via STARTTLS. This additional negotiation added complexity and was prone to security
              vulnerabilities such as naive STARTTLS stripping or command injection attacks in the past.
We
              performed the first structured analysis of STARTTLS in SMTP, POP3, and IMAP and introduced a
              semi-automatic testing toolkit (EAST) to analyze email clients. We used EAST to analyze 28 email clients
              and 23 email servers, resulting in over 40 STARTTLS related issues. Only 3 out of 28 clients and 7 out
              of
              23 servers did not show any STARTTLS-specific security issues. We conclude that STARTTLS is error-prone
              to
              implement, under-specified in the standards, and should be avoided.
Biography.  Fabian Ising is a security researcher and PhD candidate at Münster
              University of Applied Sciences and Ruhr Uni Bochum. He is interested in applied cryptography, especially
              in email security and network protocols. Apart from applied cryptography, he spends time on medical
              security and web security. He also has experience as a penetration tester and code auditor. Bugs love
              him
              and tend to jump at him as soon as he uses software. He/Him.
 @murgi
              
              Damian Poddebniak is a software engineer and security researcher interested in email security, network
              protocols, and applied cryptography. He recently defended his dissertation about the limitations of
              end-to-end encrypted email and now seeks opportunities to sustainably improve the status quo of software
              security. He believes in free software, open access to knowledge, and a world with net-zero greenhouse
              gas
              emissions. Rustacean. He/Him.
 @dues__
            
Louis Jannett (Ruhr University Bochum) – Talk
Talk. Modern Single Sign-On: On the Security of Single Sign-On Flows in Popups and IFrames
Video. YouTube
Abstract. Single Sign-On (SSO) protocols like OpenID Connect are cornerstones of user authentication on the web. Until now, HTTP redirects empowered the login flow to transfer authentication tokens from identity providers like Facebook and Google to arbitrary websites. With a rising demand for streamlined login experience, many websites adopted proprietary modern login flows that are executed in popups and iframes. Thereby, in-browser communications gradually replace the redirects, shifting SSO security closely towards the web security's territory. In this talk, we dive into the deployment of modern SSO. We discuss its new attack surface and showcase real-world vulnerabilities on popular sites like AliExpress and NYTimes to demonstrate our research impact. Further, we summarize the lessons learned and security best practices mitigating the issues such that developers can protect their login flows.
Biography.  Louis Jannett is a first-year PhD candidate at the Chair for Network and
              Data Security at Ruhr University Bochum, supervised by Jörg Schwenk. His current research interests are
              focused on how web security threats enable new attacks on the security and privacy of user authorization
              and authentication on the web. He especially investigates the prevalence, security, and privacy of
              popular
              Single Sign-On protocols like OAuth and OpenID Connect, paying close attention to SDKs and custom
              implementations in the wild.
 @iphoneintosh
Sebastian Roth and Ben Stock (CISPA Helmholtz Center for Information Security) – Talk
Talk. I Wanna Deploy You, but My Senses Tell Me to Stop! – CSP’s Past, Present and Future?
Video. YouTube
Abstract. The Web has improved our ways of communicating, collaborating, teaching, and entertaining us and our fellow human beings. However, this cornerstone of our modern society is also one of the main targets of attacks, most prominently Cross-Site Scripting (XSS). A correctly crafted Content Security Policy (CSP) is capable of effectively mitigating the effect of those Cross-Site Scripting attacks. Throughout the last years we have conducted several research projects that deal with topics around the Content Security Policy. In this talk, we want to highlight the lessons learned from those research projects. We show how the seemingly straightforward task of getting your own site CSP-compliant is undermined by third parties. Further, we discuss the insights of our study with 12 developers and the roadblocks that they face, such that you can avoid them when deploying a CSP for your Web applications.
Biography.  Sebastian Roth is a third-year PhD student in the Secure Web Applications
              Group at the CISPA Helmholtz Center for Information Security, where he is supervised by Ben Stock. His
              research interest is focused on client-side Web Security as well as Usable Security for developers.
              Thus,
              he is collaborating with the research group of Katharina Krombholz. Currently, he is specifically
              looking
              into the prevalence, the usage, and the usability of security header present in Web
              applications.
 @s3br0th
              
              Ben Stock is a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken,
              Germany. Ben leads the Secure Web Application Group at CISPA, and his research focuses on various
              aspects
              of Web security, with a recent focus in particular on CSP and its connections to aspects of usability.
              His
              group regularly publishes at major security conferences such as USENIX Security, CSS, and NDSS, and Ben
              also serves on the PC and as track chair of the venues. His group also regularly shares insights outside
              the scientific community, such as at OWASP AppSec or Ruhrsec.
 @kcotsneb
            
Robert Merget (Ruhr University Bochum) – Talk
Talk. Analysis of DTLS Implementations Using Protocol State Fuzzing
Video. YouTube
Abstract. Recent years have witnessed an increasing number of protocols relying on UDP. Due to UDP's simplicity and performance advantages over TCP, it is being adopted in Voice over IP, tunneling technologies, IoT, and novel Web protocols. To protect sensitive data exchange in these scenarios, the DTLS protocol has been developed as a cryptographic variation of TLS. DTLS's main challenge is to support the stateless and unreliable transport of UDP. This has forced the protocol designers to make choices that affect the complexity of DTLS, and to incorporate features that need not be addressed in the numerous TLS analyses. We present the first comprehensive analysis of DTLS implementations using protocol state fuzzing. To that end, we extend TLS-Attacker, an open-source framework for analyzing TLS implementations, with support for DTLS tailored to the stateless and unreliable nature of the underlying UDP layer. We build a framework for applying protocol state fuzzing on DTLS servers and use it to learn state machine models for thirteen DTLS implementations. Analysis of the learned state models reveals 4 serious security vulnerabilities, including a full client authentication bypass in the latest JSSE version, as well as several functional bugs and non-conformance issues. It also uncovers considerable differences between the models, confirming the complexity of DTLS state machines.
Biography.  Robert Merget is a PhD Student at the Chair for Network and Data security
              at
              Ruhr University Bochum. The focus of his research is practical TLS implementations and their analysis.
              He
              is the main developer of TLS-Attacker and TLS-Scanner. 
               @ic0nz1
            
Arnau Gàmez i Montolio (University of Barcelona) – Talk
Talk. Code emulation for reverse engineers: a deep dive into radare2's ESIL
Video. YouTube (slides and demos)
Abstract. Code emulation is a well-known technique widely used in many scenarios non
              related to reverse engineering. However, it can also be leveraged as a great tool aiding in different
              reversing processes and it is becoming more and more popular for this purpose recently.
              
              We will start by providing an overview of the capabilities and basic usage of the radare2 free and open
              source reverse engineering framework.
              
              Then, we will explain the basics of code emulation, focusing on the reasons why it can be useful in
              reverse engineering processes and how it is implemented and used within radare2 by ESIL (Evaluable
              Strings
              Intermediate Language). In particular, we will explain the workings behind its implementation as a
              "stack
              machine on steroids".
              
              Finally, we will explore practical examples and live demos that will show how to make the most out of it
              in different case scenarios related to reverse engineering, ranging from simple CTF challenges up to
              pseudo-debugging and analysis of non-native architectures, safe dynamic analysis of untrusted code and
              recovering original code from encryption/decryption routines inside obfuscated malware code.
              
              The main goal of the talk is to introduce the radare2 reversing framework, mainly its emulation engine
              ESIL, and highlight the different ways in which reverse engineers can take advantage from code emulation
              techniques for daily tasks in different scenarios.
            
Biography.  Arnau, 22 years old, is a student of Mathematics and Computer Engineering
              at
              the University of Barcelona, specially interested in the field of reverse engineering and focusing his
              research in advanced techniques for code deobfuscation.
              He has worked as a software developer in a project of the European Research Council and has been a DFIR
              summer intern at Arsenal Consulting. Speaker at seminars and university meetings as well as in several
              security conferences (RootedCON, OverdriveConference, r2con, HITB...). He collaborates in the
              organization
              of the radare2 congress (r2con) and is co-founder and president of @HackingLliure, a non-profit
              association of ethical hacking and computer security.
               @arnaugamez
            
Kai Gellert (University of Wuppertal) – Talk
Talk. Efficient Forward Security for TLS 1.3 0-RTT
Video. YouTube
Abstract. The TLS 1.3 0-RTT mode enables a client reconnecting to a server to send
              encrypted application-layer data in "0-RTT" ("zero round-trip time"), without the need for a prior
              interactive handshake. This fundamentally requires the server to reconstruct the previous session's
              encryption secrets upon receipt of the client's first message. The standard techniques to achieve this
              are
              session caches or, alternatively, session tickets. The former provides forward security and resistance
              against replay attacks, but requires a large amount of server-side storage. The latter requires
              negligible
              storage, but provides no forward security and is known to be vulnerable to replay attacks.
              In this talk, we discuss which drawbacks the current 0-RTT mode of TLS 1.3 has and which security we
              actually would like to achieve. We then present a new generic construction of a session resumption
              protocol and show that it can immediately be used in TLS 1.3 0-RTT and deployed unilaterally by servers,
              without requiring any changes to clients or the protocol. This yields the first construction that
              achieves
              forward security for all messages, including the 0-RTT data.
Biography.  Kai Gellert is a PhD student at the chair of IT Security and Cryptography
              at
              the University of Wuppertal, where he is supervised by Tibor Jager. The focus of his research is the
              construction and security analysis of forward-secure 0-RTT protocols. His results are published at
              leading
              security and cryptography conferences such as Eurocrypt and the Privacy Enhancing Technologies
              Symposium.
               @KaiGellert
            
Chloé Messdaghi (Point3 Security) – Talk
Talk. Hacker Rights
Video. YouTube
Abstract. Sixty percent of hackers don't submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This fear is based on socially constructed beliefs. This talk dives into the brain's response to fear while focusing on increasing public awareness in order to bring legislation that supports ethical hackers, ending black hoodie and ski mask imagery, and encourage organizations to support bilateral trust within their policies.
Biography.  Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a
              security
              researcher advocate who supports safe harbor and strongly believes that information security is a
              humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is
              driven
              to change the statistics of women in InfoSec. She is the President and cofounder of Women of Security
              (WoSEC) and heads the SF Bay Area chapter. As well, she created WomenHackerz, a global online community
              that provides support and resources for hundreds of women hackers at all levels.
               @chloemessdaghi
            
Aurore Fass (CISPA Helmholtz Center for Information Security) – Talk
Talk. HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
Video. YouTube
Abstract. Given the popularity of the Web platform, attackers abuse JavaScript to
              mount
              different attacks on their victims. Due to the plethora of such malicious scripts, detection systems
              rely
              on static analysis to quickly process JavaScript inputs, sending only suspicious scripts to dynamic
              components. For an accurate detection of previously unseen JavaScript files, static approaches combine
              an
              abstraction of the source code at a lexical or syntactic level (based on the Abstract Syntax Tree (AST))
              with machine learning algorithms.
              
              In this talk, we present HideNoSeek, a novel and generic camouflage attack, which evades the entire
              class
              of detectors based on syntactic and lexical features, without needing any information about the system
              it
              is trying to evade. Our attack consists of automatically rewriting the ASTs of malicious JavaScript
              files
              into existing benign ones, while keeping the initial malicious semantics. In particular, HideNoSeek uses
              malicious seeds and searches for similarities at the AST level between the seeds and traditional benign
              scripts. Specifically, it replaces benign sub-ASTs by identical malicious ones and adjusts the benign
              data
              dependencies--without changing the AST--, so that the malicious semantics is kept after execution.
              
              In practice, we leveraged 23 malicious seeds to generate 91,020 malicious scripts, which perfectly
              reproduce ASTs of Alexa top 10k web pages. Overall and by construction, a standard trained classifier
              has
              99.98% false negatives on such crafted inputs, while a classifier trained on such samples has over
              88.74%
              false positives, rendering the targeted static detectors unreliable. Similar to Android malware in
              repackaged applications, HideNoSeek could automatically alter benign JavaScript libraries and present
              them
              as an improved version of the original ones, for malicious purpose. In particular, such a modification
              of
              jQuery 1.12.4 would affect over 30% of the websites.
            
Biography.  Aurore Fass is a third-year Ph.D. student at the CISPA Helmholtz Center
              for
              Information Security (Germany), jointly supervised by Michael Backes and Ben Stock. Her areas of
              interest
              include static malware analysis and detection (with special focus on JavaScript code), machine learning,
              and adversarial attacks. She presented her research work at several academic and non-academic venues
              like
              CCS, ACSAC, DIMVA, MADWeb, and Blackhoodie.
               @AuroreFass
            
Sebastian Roth and Ben Stock (CISPA Helmholtz Center for Information Security) – Talk
Talk. Restricting the scripts, you're to blame, you give CSP a bad name
Video. YouTube
Abstract. In a current research project, we investigated the longitudinal evolution of
              the Content Security Policy header over the course of the last seven years. Throughout this analysis of
              the 10.000 highly ranked sites, we conducted case studies that illustrate the struggle of Web sites that
              try to deploy a CSP in a secure fashion and examples of sites that give up on CSP. In addition to that,
              we
              shed light on the other security capabilities of CSP, especially regarding framing control and TLS
              enforcement.
              
              The CSP can be used to enforce that resources are only loaded via TLS secured connections. This can be
              achieved by either forbid the loading of HTTP resources by specifying the block-all-mixed-content
              directive in CSP or by using the upgrade-insecure-requests directive. This directive forces the
              automatic
              rewriting of all HTTP URLs to HTTPS upon page loading. This is useful to gracefully implement a
              transition
              from HTTP to HTTPS while preventing warnings and breakage due to the use of mixed content. Based on an
              analysis of live Web sites, we show that most sites could deploy upgrade-insecure-requests right now to
              avoid any mixed content without errors.
              
              In case of framing control, we have investigated that within the Top 10K sites 3,253 made use of XFO,
              whereas only 409 used frame-ancestors. Due to the inconsistencies of the XFO header, the protection of
              the
              3,253 sites might be weaker in comparison to the protection offered by the frame-ancestors Web sites.
              The
              ALLOW-FROM mode of XFO is not supported in some of the major browsers (including Google Chrome). Thus,
              an
              operator that uses this mode would not secure all user of this browser, because unsupported headers will
              be ignored. In addition to that, the SAMEORIGIN mode of XFO is in some cases susceptible to so-called
              Double Framing attacks. This is caused by the fact that the XFO standard does not define whether the
              top-most frame, the parent frame, or even all frame ancestors (like the CSP directive) have to be hosted
              within the same origin.
              
              Due to this inconsistencies, we send notifications to 2,700 Web sites that suffer from this problem. By
              investigating the responses, we were able to get valuable information regarding the roadblocks of CSP
              deployment in the wild. While most of the Web developers were aware of the protection that CSP can
              offer,
              they are massively intimidated by the complexity of CSPs content restriction. Due to this complexity or
              because of the unawareness of the additional capabilities of CSP, they do not consider framing control
              or
              TLS enforcement as legitimate use cases of the CSP.
              
              In this talk, we want to raise the awareness regarding issues of some of the widely used security header
              as well as presenting and explaining the more secure CSP alternatives for them. Furthermore, we want to
              involve the audience to discuss with us about their “horror stories” and roadblocks for CSP deployment
              such that we can build better tools and improve informational material regarding the CSP.
            
Biography.  Sebastian Roth is a first-year PhD student in the Information Security and
              Cryptography Group at the CISPA Helmholtz Center for Information Security, where he is supervised by
              Michael Backes. His research interest is focused on client-side Web Security as well as Usable Security
              for developers. Thus his work is done in collaboration with the Secure Web Applications Group headed by
              Ben Stock. Currently, he is specifically looking into the prevalence and the usage of security header
              present in Web applications.
               @s3br0th
              
              Ben Stock is a Tenure-Track Faculty at the newly founded CISPA-Helmholtz Center for Information
              Security.
              In his PhD, Ben focussed on the detection and mitigation of Client-Side Cross-Site Scripting. During his
              PhD, he worked closely with SAP Research and interned with Microsoft Research. After his PhD, he joined
              CISPA as a postdoc, focussing on both Web Security as well as Usable Security research. He currently
              heads
              the Secure Web Applications Group at CISPA and is a regular speaker at academic and non-academic venues
              like CCS, USENIX Security, NDSS, Blackhat, and OWASP AppSec.
               @kcotsneb
            
Steffen Becker and Carina Wiesen (Ruhr University Bochum) – Talk
Talk. Towards Cognitive Obfuscation
Video. YouTube
Abstract. In a world in which interconnected digital systems permeate almost all
              facets
              of our lives, cybersecurity attacks form devastating threats with catastrophic consequences. Hardware
              components are the root of trust in virtually any computing system and are valuable targets of
              cyberattacks. In order to conduct malicious manipulations, hardware reverse engineering is usually the
              tool-of-choice. While hardware reverse engineering is a highly complex and universal tool for legitimate
              purposes, it can also be employed with illegitimate intentions, undermining the integrity of ICs via
              piracy, subsequent weakening of security functions, or insertion of hardware Trojans. In particular,
              Intellectual Property (IP) piracy has become a major concern for the semiconductor industry which causes
              losses in the range of several billion dollars. Due to the serious threats posed by attacks based on
              hardware reverse engineering, strong countermeasures, e. g. obfuscation, are indispensable. The security
              of most existing obfuscation techniques is assessed exclusively based on technical measures. However,
              the
              process of hardware reverse engineering cannot be fully automated, yet, and the lack of holistic tools
              forces human analysts to combine several semi-automated steps. Accordingly, cognitive processes and
              strategies applied by humans in the context of hardware reverse engineering must be considered for the
              development of cognitively difficult countermeasures (cognitive obfuscation).
              
              Our research focuses on understanding how human analysts reverse parts of unknown hardware designs in
              realistic scenarios. Therefore, we perform several psychological studies and analyze the behavior of
              engineers at different levels of expertise. Based on an initial investigation we were able to derive a
              model of reverse engineering, consisting of three phases: (1.) Candidate Identification, (2.) Candidate
              Verification, and (3.) Realization. Furthermore, we analyzed more and less efficient strategies of
              reverse
              engineers and took cognitive abilities (e.g., working memory capacity) into account. In our talk, we
              will
              give an overview of the technical and cognitive aspects of hardware reverse engineering. In more detail,
              we will present our study design, the applied methods, and present our results. At the end of our talk,
              we
              will discuss implications for novel cognitive obfuscation techniques based on our findings.
            
Biography.  Steffen Becker is currently working towards his Ph.D. degree under the
              supervision of Prof. Christof Paar at the Embedded Security Group, Ruhr University Bochum, Germany. He
              is
              also a member of the SecHuman graduate school and the Horst Görtz Institute for IT Security. His
              research
              focuses on human factors in reverse engineering. In particular, he explores underlying processes of
              hardware reverse engineering to facilitate the development of sound obfuscation methods.
              
              Carina Wiesen is a research assistant at the Educational Psychology Lab in the Institute of Educational
              Research at Ruhr University Bochum, Germany (supervisor Prof. Dr. Nikol Rummel). She is also a Ph.D.
              candidate in the SecHuman graduate school which is part of the Horst Görtz Institute for IT Security.
              Her
              research focuses on problem-solving and learning processes in cybersecurity. In particular, she is
              strongly interested in analyzing the so far understudied cognitive processes and factors of human
              analysts
              which determine the success of hardware reverse engineering.
          
Prof. Dr. Eric Bodden (Paderborn University) – Keynote
Talk. How to statically detect insecure uses of cryptography - at scale and with almost perfect precision
Video. YouTube
Abstract. For decades, static code analysis has been notorious for being ineffective,
              due to high false positive rates. Yet, recent algorithmic breakthroughs have now given us the capability
              to build static analysis tools that not only rapidly analyze code bases with millions of lines of code,
              but also yield perfect precision in most practical cases.
              In this talk I will highlight the main ideas behind those breakthroughs and will demonstrate CogniCrypt,
              a
              recent practical security code analysis tool that makes us of this leap in technology. CogniCrypt (www.cognicrypt.de) is an official
              Eclipse
              project integrating with various IDEs and CI environments, which allows code developers to precisely
              pinpoint security-critical misuses of APIs, particularly crypto APIs. It currently supports the analysis
              of Java and Android projects, but a variant for C/C++ is in the works as well.
              I will conclude my talk with results from a large-scale study in which we applied CogniCrypt to
              security-sensitive Android apps and to all software artifacts on MavenCentral.
            
Biography.  Eric Bodden is one of the leading experts on secure software engineering,
              with a specialty in building highly precise tools for automated program analysis. He is Professor for
              Software Engineering at Paderborn University and director for Software Engineering and IT-Security at
              Fraunhofer IEM, where he is collaborating with the leading national and international software
              development
              companies. Further, he is a member of the directorate of the Collaborative Research Center CROSSING at
              TU
              Darmstadt.
              
              Prof. Bodden's research was awarded numerous times. At the German IT-Security Price, his group scored
              1st
              place in 2016 and 2nd place in 2014. In 2014, the DFG awarded Bodden the Heinz Maier-Leibnitz-Preis,
              Germany's highest honour for young scientists. Prof. Bodden's research has received five ACM
              Distinguished
              Paper Awards in different communities.
               @profbodden
            
Ass.Prof. Dr. Christina Pöpper (NYU Abu Dhabi) – Keynote
Talk. Publish-and-Forget: Longitudinal Privacy Techniques and User Behaviour
Video. YouTube
Abstract. Technological development and the collection of digital data prompt individuals to rethink the boundaries of their privacy. At times of social media and our digital society where online opinion, images, and connections are what counts, longitudinal privacy techniques gain importance. The decision and action of sharing or withholding information cannot be left to the individual alone but need to be facilitated by technical and legal means. Data that is no longer relevant, whose original purpose has been satisfied, or where the owner is withdrawing consent for its online presence represent valid conditions that demand for means and techniques for data fading and disappearance. In this talk, we will review technical, legal, psychological, and usability-related aspects of sharing, withholding, and removing information and discuss how computer scientists and security researchers can contribute to address open challenges for providing better data control to users.
Biography.  Christina Pöpper is a computer scientist with a focus on information and
              communication security. Her research goal is to better understand and enhance the security and privacy
              of
              current and future IT and communication systems. Specific interests are the security of wireless systems
              and applications, where she is working on topics like secure localization and jamming-resistant
              communication, mobile-, protocol- and system-level security as well as on aspects of privacy. She is
              teaching computer/IT security and general computer science classes. She is affiliated with the Center
              for
              Cyber Security at NYUAD.
              
              Prior to joining NYUAD, Christina Pöpper was an assistant professor at Ruhr University Bochum, Germany,
              where she headed the Information Security Group at the Electrical Engineering and Information Technology
              Department / Horst-Görtz-Institute for IT-Security. In the past, she taught specialized courses on
              wireless security as well as on private and anonymous communication. She received her doctoral and
              graduate degrees in computer science from ETH Zurich, Switzerland.
              
              Her research interest is cybersecurity and privacy. One focus area is wireless and communication
              security,
              in particular securing wireless radio transmissions against jamming as well as securing localization
              techniques. She likes to combine systems and security mechanisms in different application settings. She
              addresses secure systems where cryptography alone is often not enough.
            
Vladislav Mladenov (Ruhr University Bochum) – Talk
Talk. 1 Trillion Dollar Refund – How To Spoof PDF Signatures
Video. YouTube
Abstract. The Portable Document Format (PDF) is the de-facto standard for document
              exchange worldwide. To guarantee authenticity and integrity of documents, digital signatures are used.
              Several public and private services ranging from governments, public enterprises, banks, and payment
              services rely on the security of PDF signatures.
              
              In this talk, we present the first comprehensive security evaluation on digital signatures in PDFs. We
              introduce 3 novel attack classes which bypass the cryptographic protection of digitally signed PDF files
              allowing an attacker to spoof the content of a signed PDF.
              
              We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and
              widely
              used applications such as Adobe Reader DC and Foxit. We additionally evaluated 8 online validation
              services and found 6 to be vulnerable. These results are due to the absence of a standard algorithm to
              verify PDF signatures – each client verifies signatures differently, and attacks can be tailored to
              these
              differences. We therefore propose the standardization of a secure verification algorithm, which we
              describe in this paper. All findings have been responsibly disclosed and the affected vendors were
              supported during fixing the issues. As a result 3 generic CVEs for each attack class were issued
              (CVE-2018-16042, CVE-2018-18688, CVE-2018-18689).
            
Biography.  Vladislav Mladenov works as a security researcher at the Chair of Network
              and Data Security at the Ruhr University Bochum since 2012.
              In his dissertation he analyzed the security of Single Sign-On protocols such as SAML 2.0, OpenID,
              OpenID
              Connect and OAuth and discovered various vulnerabilities.
              After completing his doctorate Vladislav Mladenov works as a PostDoc and additionally devotes his
              attention to the security of data description languages, e.g. JSON, XML and PostScript.
              Since 2018, Mr. Mladenov focused his research on the security of PDF files and recently published
              several
              attacks on PDF signatures.
               @v_mladenov
            
Erik Kraft and Michael Schwarz (TU Graz) – Talk
Talk. Are Microarchitectural Attacks still possible on Flawless Hardware?
Video. YouTube
Abstract. In recent years, we have seen that optimizations in processors often enable
              new microarchitectural side channels. The severity of side-channel attacks varies widely, from small
              annoyances for which developers have to introduce workarounds in software, to highly critical attacks
              leaking arbitrary memory contents. While new attacks pop up regularly, finding defenses is not a trivial
              task.
              
              In this talk, we first briefly overview the state of the art of microarchitectural attacks and defenses.
              We then assume that we have a futuristic CPU which magically hides all microarchitectural side effects,
              rendering all known attacks useless. Even in this thought experiment, we show that such attacks are not
              dead. In fact, we present ways of mounting well-known microarchitectural attacks without relying on any
              hardware effects, making these attacks hardware agnostic. We show that attack primitives exploiting the
              hardware can be shifted to the software level, making these attacks easier to mount and independent of
              the
              CPU. The attacks that we present work on Windows, Linux, and Android, both on x86 and ARM processors.
            
Biography.  Erik Kraft is a master's student in Information and Computer Engineering
              at
              Graz University of Technology focusing on secure and correct systems. He holds a bachelor's degree in
              Information and Computer Engineering. In the past, he has been invited to teach computer science courses
              on undergraduate level. In his current research, he focuses on software-based side-channel
              attacks.
               @ekraft95
              
              Michael Schwarz is an Infosec PhD candidate at Graz University of Technology with a focus on
              microarchitectural side-channel attacks and system security. He holds two master's degrees, one in
              computer science and one in software development with a strong focus on security. He frequently
              participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a
              speaker at Black Hat Europe 2016, Black Hat Asia 2017 & 2018, and Black Hat US 2018, where he presented
              his research on microarchitectural side-channel attacks. He authored and co-authored several papers
              published at international academic conferences and journals, including USENIX Security 2016 & 2018,
              NDSS
              2017, 2018 & 2019, IEEE S&P 2018 & 2019. He was part of one of the four research teams that found the
              Meltdown and Spectre bugs published in early 2018.
               @misc0110
            
Tobias Burri and Elias Hazboun (Live Reply) – Talk
Talk. Artifical Intelligence in Cyber Security: Threat, Tool or Target?
Video. YouTube
Abstract. Recent machine learning algorithms such as Convolutional Neural Networks or LSTMs fueled by modern GPUs have produced astonishing results unimaginable only a few years ago. These developments bring a number of challenges and opportunities in the cyber security field. First, using AI maliciously can potentially result in threats that are faster, more complex and more difficult to detect. Second, recent developments in AI can be leveraged to improve our protection capabilities against cyber-attacks. Last, as AI technology becomes increasingly popular and available in more systems and services, new challenges emerge as this technology needs also to be protected from cyber threats. In this session we will present current developments in the field of AI and their relevance for cybersecurity. We will then cover some concepts and examples for each of the T's (threat, tool and target) both in the industry and research. We will close the session by presenting our views on trends and potential future scenarios.
Biography. Although having an academic background in Economics, Tobias Burri became
              interested in programming during his studies and started his professional career as a developer for a
              web-analytics platform. Today, he is a senior consultant in Live Reply's Cyber Security unit where he
              supports companies in both assessing their current security landscape and integrating new security
              components. Tobias is strongly focused on the rising relevance of AI in the field of cyber security,
              both
              in terms of malicious use as well as leveraging current developments for new security
              applications.
               @tobias_burri
              Elias Hazboun is a security consultant at Live Reply Cyber Security unit with expertise in security
              assessment and testing. His responsibilities revolve around helping clients secure their current and
              future solutions, whether it is API, network equipment or cloud infrastructure. He is also a certified
              Penetration Tester (OSCP) and has worked on multiple offensive security projects including websites,
              VoIP
              and Chat-bots. He is currently contributing towards securing next generation carrier-grade software
              defined networks. Elias is a passionate advocate of security by design, privacy and the study of the
              intersection between future technology and society. He is also the recipient of DAAD Study Scholarship
              that allowed him to complete his Master studies with distinction in computer science at the Technical
              University of Munich.
            
Andreas Kuehne (trustable) and Jens Neuhalfen (Deutsche Post DHL Group) – Talk
Talk. Automate the generation of security documentation
Video. YouTube
Abstract. Formal security documentation is usually a neglected task. However, it’s a
              basic requirement to have comprehensive and recent documents in place, not only if you are facing some
              sort of audit. We will compare the aims and structure of "classical" security documentation and will
              show
              common shortcomings of these documents. Especially when moving from waterfall to a more agile approach
              there are new challenges:
              - changes occur more frequently and must be reflected in the security documents,
              - increasing numbers of (micro-) services require significantly more documentation efforts,
              - resource-oriented services do not match well with usually established process-focused
              approaches,
              - security documentation is the first victim in high frequency deployment environments.
              The proven way to solve these issues is automation! We will outline an approach to take advantage of
              already existing meta information to derive a solid foundation of a security documentation. The process
              can be integrated into the usual build process and liberates the dev team from annoying documentation
              tasks.
              
              The talk will be completed with a summary of documentation parts that can be produced by automation and
              parts that need human expertise. We will also give an outlook on aspects that maybe addressed in later
              stages of automation.
            
Biography.  Andreas Kuehne is the founder of trustable Ltd., a security consultancy
              company and member of the FutureTrust project. He is an active initiator and contributor of several open
              source projects as well as the co-chair of the OASIS DSS-X committee.
              
              
              Jens Neuhalfen is Information Security Officer at Deutsche Post DHL Group and lives and breathes IT
              since
              20 years. He is convinced that the interface between IT and non-IT is the most important lever to
              run a successful business for IT-centric ventures.
              Further, Jens is convinced that sensible IT security not only saves money but opens new business
              opportunities.
              
            
Sheila Berta (Freelancer) – Talk
Talk. The Bicho: backdooring CAN bus for remote car hacking
Video. YouTube
Abstract. Attacks targeting connected cars have already been presented in several
              conferences, as well as different tools to spy on CAN buses. However, there have been only a few
              attempts
              to create “something similar” to a useful backdoor for the CAN bus. Moreover, some of those proofs of
              concept were built upon Bluetooth technology, limiting the attack range and therefore tampering its
              effects.
              
              Now we are happy to say, “those things are old”!
              
              We have successfully developed a hardware backdoor for the CAN bus, called “The Bicho”. Due to its
              powerful capabilities we can consider it as a very smart backdoor. Have you ever imagined the
              possibility
              of your car being automatically attacked based on its GPS coordinates, its current speed or any other
              set
              of parameters? Even more, have you ever imagined the possibility that your car suddenly stopped working,
              when you least expected it, due to a remote attack? Now all of this is possible.
              
              The Bicho supports multiple attack payloads and it can be used against any vehicle that supports CAN,
              without limitations regarding manufacturer or model. Each one of the payloads is related to a command
              that
              can be delivered via SMS, this way it allows remote execution from any geographical location. Our
              backdoor
              is an open-hardware tool and it has an intuitive graphical interface, called “Car Backdoor Maker”, which
              is open-sourced too and allows payload customization.
              
              The attack payload can be configured to be automatically executed once the target vehicle is proximate
              to
              a given GPS location. The execution can also be triggered by detecting the transmission of a particular
              CAN frame, which can be associated with any given factor, such as: the speed of the vehicle, its fuel
              level, and some other factors. Moreover, in our talk we will be presenting a new feature, that allows us
              to remotely kill the car’s ECU and consequently causing the car to stop working suddenly.
            
Biography.  Sheila Ayelen Berta is an Information Security Specialist and Developer,
              who
              started at 12 years-old by herself. At the age of 15, she wrote her first book about Web Hacking,
              published by RedUSERS Editorial in several countries. Over the years, Sheila has discovered lots of
              vulnerabilities in popular web applications and softwares. She also has given courses of Hacking
              Techniques in universities and private institutes. Sheila currently works as Security Researcher who
              specializes in offensive techniques, reverse engineering and exploit writing. She is also a developer in
              ASM (microcontrollers, x32/x64), C/C++, Golang and Python. Sheila is an international speaker who has
              spoken at important security conferences such as Black Hat EU 2017, DEFCON 26, DEFCON 25 CHV,
              HITBSecConf,
              HackInParis, Ekoparty Security Conference, IEEE ArgenCon, Hack.Lu, OWASP Latam Tour and others.
               @UnaPibaGeek
            
Pierre Laperdrix (CISPA Helmholtz Center for Information Security) – Talk
Talk. Browser fingerprinting: past, present and possible future
Video. YouTube
Abstract. Browser fingerprinting has grown a lot since its debut in 2010. By collecting specific information in the browser, one can learn a lot about a device and its configuration. It has been shown in previous studies that it can even be used to track users online, bypassing current tracking methods like cookies. In this presentation, we will look at how this technique works and present an overview of the research performed in the domain. We will then see how this technique is currently used online before looking at its possible future.
Biography.  Pierre Laperdrix is currently a postdoctoral researcher in the Secure
              Web Applications Group at the CISPA-Helmholtz Center for Information
              Security working with Ben Stock. Previously, he was a postdoctoral
              researcher in the PragSec lab at Stony Brook University working with
              Nick Nikiforakis. His current topics of research are Security and
              privacy on the Web. He obtained his PhD at Inria in Rennes working on
              the topic of browser fingerprinting. As part of his thesis, he developed
              the AmIUnique.org website to understand fingerprinting and worked with
              the Tor organization to improve the Tor browser fingerprinting defenses.
               @RockPartridge
            
David Jardin (Joomla!) – Talk
Talk. Content-Security-Policies in mass-distributed web apps - doing the undoable
Video. YouTube
Abstract. Content-Security-Policy is a well-established technology that is able to catch Cross-Site-Scripting attacks in modern browsers. However, regardless of the benefits, usage in mass-distributed web-apps like WordPress or Joomla is still close to be non-existant. In this talk, we will talk about the concepts of CSP, the huge challenges that web app developers face during the implementation and potential workarounds to get CSP out of the door.
Biography.  Born and living in Cologne, Germany, David got in touch with web
              development
              during school in 2002. After a few years working with plain HTML sites, he started to develop his own
              CMS
              in 2004 and switched to Mambo shortly after. He quickly became an active member of the German community
              and met them in person for the first time during JoomlaDay Germany 2006. After school, he started his
              business as a freelance webdeveloper and quickly got more involved in the community by giving support in
              the forums, co-organizing the German JoomlaDay and the J&Beyond conference, starting a Joomla Usergroup
              in
              his home town, developing own extensions and joining the board of the German Joomla association
              "J&Beyond
              e.V.". In 2012, he joined the Bug Squad and started contributing to the CMS code.
              In late 2012, he co-founded the CMS-Garden project, which is cooperation of 12 opensource CMS. In the
              CMS-Garden, volunteers from all participating systems combine their forces to improve their marketing
              and
              reach new potential users.
               @SniperSister
            
Marius Steffens and Ben Stock (CISPA Helmholtz Center for Information Security) – Talk
Talk. Don't Trust The Locals: Exploiting Persistent Client-Side Cross-Site Scripting in the Wild
Video. YouTube
Abstract. The Web has become highly interactive and an important driver for modern
              life,
              enabling information retrieval, social exchange, and online shopping. From the security perspective,
              Cross-Site Scripting (XSS) is one of the most nefarious attacks against Web clients. Research has long
              focused on three categories of XSS: reflected, persistent, and DOM-based XSS. We argue, however, that
              this
              classification lacks a key threat in the modern Web: persistent Client-Side XSS.
              
              In this talk, we not only provide an improved notion of the classes of XSS, but rather report on a
              real-world study which shows that of the Alexa Top 5,000 domains, around 2,000 make use of persisted
              data
              on the client. We conduct this study using a combination of taint tracking and a fully automated exploit
              generation pipeline. Doing so, we find that of these 2,000, over 20% make that use in an insecure way
              which enables an attacker to execute a persisted payload on every page load, allowing for nefarious
              long-term attacks such as JavaScript-based keyloggers, credential extraction from password managers, or
              cryptojacking. In addition, we analyze the end-to-end exploitability of the flaws we discovered based on
              two attacker models, showing that at least 70% of the sites with an insecure data flow can succesfully
              be
              infected with a malicious payload. We also discuss a number of real-world case studies to highlight the
              severity of this threat.
              
              Based on our insights, we show that in many cases, the use case requires the execution of persisted
              JavaScript code. We identify four distinct classes of intended uses for the persisted data, and end our
              talk with a discussion of applicable countermeasures tailored for those cases.
            
Biography. 
              Marius Steffens is a first year PhD student in the Secure Web
              Applications Group at the CISPA-Helmholtz Center for Information Security, where he is supervised by Ben
              Stock. Marius is currently interested in the area of Web Security, and specifically looking into the
              prevalence of vulnerabilities in client-side Web applications.
               @steffens_marius
              
              Ben Stock is a Tenure-Track Faculty at the newly founded CISPA-Helmholtz Center for Information
              Security.
              In his PhD, Ben focussed on the detection and mitigation of Client-Side Cross-Site Scripting. During his
              PhD, he worked closely with SAP Research and interned with Microsoft Research. After his PhD, he joined
              CISPA as a postdoc, focussing on both Web Security as well as Usable Security research. He currently
              heads
              the Secure Web Applications Group at CISPA and is a regular speaker at academic and non-academic venues
              like CCS, USENIX Security, NDSS, Blackhat, and OWASP AppSec.
               @kcotsneb
            
Sean Heelan (University of Oxford) – Talk
Talk. Greybox Automatic Exploit Generation for Heap Overflows
Video. YouTube
Abstract. In this talk we will introduce a completely grey-box approach to automatic exploit generation for heap overflows. Heap overflows are difficult to generate exploits for as they require reasoning over another dimension not present when considering stack overflows, namely the layout of the heap. We will show how this problem can be compartmentalised and addressed separately from the remainder of the exploit generation task. Furthermore, we will show how dynamic analysis and learning from existing inputs can be used in place of expensive white-box techniques that are traditionally used for exploit generation.
Biography. Sean Heelan is a co-founder of Optimyze and a PhD candidate at the
              University
              of Oxford. In the former role he works on full-stack software optimisation, and in the latter he is
              investigating automated approaches to exploit generation. Previously he ran Persistence Labs, a reverse
              engineering tooling company, and worked as a senior security researcher at Immunity Inc. His primary
              interest is in building program analysis tools that allow the integration of static and dynamic
              techniques
              with expert knowledge.
               @seanhn
            
Marcus Brinkmann (Ruhr University Bochum) and Damian Poddebniak (Münster University of Applied Sciences) – Talk
Talk. "Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails
Video. YouTube
Abstract. OpenPGP and S/MIME are the two major standards to encrypt and digitally
              sign emails. Digital signatures are supposed to guarantee authenticity
              and integrity of messages. We show practical forgery attacks against
              various implementations of OpenPGP and S/MIME email signature
              verification in five attack classes: (1) We analyze edge cases in
              S/MIME's container format. (2) We exploit in-band signaling in the GnuPG
              API, the most widely used OpenPGP implementation. (3) We apply MIME
              wrapping attacks that abuse the email clients' handling of partially
              signed messages. (4) We analyze weaknesses in the binding of signed
              messages to the sender identity. (5) We systematically test email
              clients for UI redressing attacks.
              
              Our attacks allow the spoofing of digital signatures for arbitrary
              messages in 14 out of 20 tested OpenPGP-capable email clients and 15 out
              of 22 email clients supporting S/MIME signatures. While the attacks do
              not target the underlying cryptographic primitives of digital
              signatures, they raise concerns about the actual security of OpenPGP and
              S/MIME email applications. Finally, we propose mitigation strategies to
              counter these attacks.
            
Biography.  Marcus Brinkmann is a PhD student at the Ruhr University Bochum, and
              interested in end-to-end security. He is a free software enthusiast with
              contributions in the Debian and GnuPG projects.
               @lambdafu
              
              Damian Poddebniak is a PhD student at the University of Applied Sciences in Münster. He is co-author of
              the Efail attack paper and interested in email security, cryptography and privacy-related topics.
               @dues__
            
Abdullah Joseph (Adjust) – Talk
Talk. Reversing Fraudulent Apps
Video. YouTube
Abstract. Wherever there is money, there is fraud. Companies invest massive amounts on
              their ad campaigns to showcase their product to the world. In reality, however, most of that money goes
              to
              fraudsters and malicious app makers.
              
              In this talk, the speaker will demonstrate how a popular app with over 100 million downloads conducts
              their mobile fraud operation and performs a commonplace mobile fraud technique: Click Injection.
            
Biography.  Abdullah Joseph works as a security specialist at Adjust, a mobile
              analytics
              company, as part of the company’s fraud team. His responsibilities include researching current and
              future
              mobile fraud schemes, reversing malicious apps and developing appropriate countermeasures. He is the
              holder of both GREM and GMOB certifications.
               @malwarecheese
            
Christina Lekati (Cyber Risk GmbH) – Talk
Talk. Social Engineering through Social Media: profiling, scanning for vulnerabilities and victimizing
Video. YouTube
Abstract. Online presence is undeniably important. But despite the benefits social networking can create, a strong online presence can also create vulnerabilities. Christina will explain how the online presence of a company's employees on social media can attract social engineers to target them and victimize them to "open doors" through the organizational security. The talk covers the topic of information gathering through social media and explains how even seemingly innocent information can be used to manipulate targets, and in what way. Case studies will be provided. A two-part demonstration is included on how a hacker's mind works when harvesting information on social media; The first part includes real examples of posts that expose vulnerabilities, attract attackers and ultimately lead to security breaches. The second part includes a demonstration on how personal information provided online are gathered, categorized, analyzed and then used to craft an attack, as well as how one ends up revealing online more than he intends to. The talk closes with practical recommendations and best practices. The purpose on this talk is not to make everyone delete their online presence but rather, to urge them to use it responsibly. Training and awareness are often a catalytic factor between a successful and an unsuccessful attack attempt.
Biography.  Christina Lekati is a psychologist and a social engineer. With her
              background and degree in psychology, she learned the mechanisms of behavior, motivation, decision
              making,
              as well as manipulation and deceit. She became particularly interested in human dynamics and passionate
              about social engineering.
              
              Contrary to typical career paths, her history and involvement in the cybersecurity field started quite
              early in her life. Being raised by George Lekatis, a sought-after cyber security expert, she found
              herself
              magnetized by the security field at a very young age. Growing up, she was able to get involved in
              different projects that were often beyond her age, that gave her an edge in her own knowledge and
              experience.
              
              Christina has participated among other things in penetration tests, in training to companies and
              organizations, and in needs and vulnerability assessments.
              
              She is working with Cyber Risk GmbH as a social engineering expert and trainer. Christina is the main
              developer of the social engineering training programs provided by Cyber Risk GmbH. Those programs are
              intertwining the lessons learned from real life cases and previous experiences with the fields of
              cybersecurity, psychology and counterintelligence. They often cover unique aspects while their main goal
              is to inspire delegates with a sense of responsibility and a better relationship with security.
               @ChristinaLekati
            
Priv.-Doz. Dr. Edgar Weippl (SBA Research) – Keynote
Talk. Securing the Development Lifecycle in Productions Systems Engineering
Video. YouTube
Abstract. Power plants and many other industrial plants are an integral part of a country’s critical infrastructure. As systems become more automated and networked and complicated software systems control entire systems, IT security is playing an increasingly important role. Previous attacks have mostly exploited existing vulnerabilities, future attackers will strive to intervene in the development process to build in vulnerabilities themselves.
Biography.  After graduating with a Ph.D. from the TU Wien, Edgar worked in a research
              startup for two years. He then spent one year teaching as an Assistant Professor at Beloit College, WI.
              From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant in New York,
              NY
              and Albany, NY, and in Frankfurt, Germany. In 2004 he joined the TU Wien and founded the research center
              SBA Research together with A Min Tjoa and Markus Klemen. Edgar R. Weippl (CISSP, CISA, CISM, CRISC,
              CSSLP,
              CMC) is member of the editorial board of Computers & Security (COSE), organizes the ARES conference and
              is
              General Chair of SACMAT 2015, PC Chair of Esorics 2015, General Chair of ACM CCS 2016, and PC Chair of
              ACM
              SACMAT 2017.
               @weippl
            
Thomas Dullien (Halvar Flake) (Google) – Keynote
Talk. Weird machines, exploitability and unexploitability
Video. YouTube
Abstract. In spite of being central to everything that is going on in IT security, the concept of "exploit" is surprisingly poorly formalized and understood only on an intuitive level by security practitioners. This lack of clear definition has all sorts of negative side-effects: From ineffictive teaching to muddled thinking about mitigations. In this talk, I will make an attempt to more clearly define what it is that attackers do when they write an exploit – and then talk about what this means for mitigations and secure coding.
Biography.  Thomas Dullien / Halvar Flake started work in reverse engineering and
              digital rights management in the mid-90s, and began to apply reverse engineering to vulnerability
              research
              shortly thereafter. He pioneered early windows heap exploitaiton, patch diffing / bindiffing and various
              other reverse engineering techniques. In 2004, he started zynamics, a company focused on reverse
              engineering technologies. He continued to publish about reverse engineering, ROP gadget search, and
              knowledge management technologies in relation to reverse engineering. In 2011, zynamics was acquired by
              Google, and Halvar spent the next few years working on defensive technologies that leveraged the then
              hot
              buzzwords "big data" and "machine learning". In summer 2015, Halvar received the lifetime achievement
              Pwnie, and decided to take a year off to travel, read, and surf. Since November 2016, he is back at
              Google.
               @halvarflake
            
Paul Rösler (Ruhr University Bochum) – Talk
Talk. Consequences of Complexity in Group Instant Messaging using the Example of WhatsApp and Signal
Video. YouTube
Abstract. Group instant messaging is a complex primitive – due to the number of involved users and dynamic modifications to groups – that at the same time needs to provide high efficiency – for providing instant delivery of messages. As we show in our paper (Roesler, Mainka, Schwenk EuroS&P '18), most widespread messengers do not reach expected and required security guarantees for this primitive. This talk aims to provide an overview on the underlying reasons for this lack of security as well as on approaches how this issue can be solved, both on the constructive side and for the developers' view. After presenting the most severe attacks on WhatsApp and Signal, we aim to shed a light on the topic in a more general way. Thereby we want to motivate the reasons for end-to-end encryption more intuitively, provide an overview on what future secrecy means and how ratcheting can be used to reach this property. Of course the talk will include the protocol descriptions of the analyzed protocols and the respective attacks, but the focus will be more constructive. The talk will conclude with outlook questions (and answers): What are the expectable problems of intensive key protocols? How might they be solved by protocol and software developers? Is there a sensible threshold on which security guarantees should be achieved and which attacks can be disregarded when designing a protocol for instant messaging?
Biography.  Paul Rösler is PhD student at the Chair for Network and Data Security,
              Ruhr University Bochum. Instant messaging protocols and key exchange
              with special properties such as forward and future secrecy are some of
              his research topics. During his bachelor and master studies he worked
              for Qabel – a cloud software that converts established protocols via
              proxies into a security preserving wrapper-protocol.
               @roeslpa
            
Sebastian Lekies (Google) – Talk
Talk. Don't trust the DOM: Breaking XSS mitigations via Script Gadgets
Video. YouTube
Abstract. Cross-Site Scripting is a constant problem of the Web platform. Over the
              years many techniques have been introduced to prevent or mitigate XSS. Most
              of these techniques, thereby, focus on script tags and event handlers. HTML
              sanitizers, for example, aim at removing potentially dangerous tags and
              attributes. Another example is the Content Security Policy, which forbids
              inline event handlers and aims at white listing of legitimate scripts.
              
              In this talk, we present a novel Web hacking technique that enables an
              attacker to circumvent most XSS mitigations. In order to do so, the
              attacker abuses so-called script gadgets. A script gadget Is a legitimate
              piece of JavaScript in a page that reads elements from the DOM via
              selectors and processes them in a way that results in script execution. To
              abuse a script gadget, the attacker injects a benign looking element into
              the page that matches the gadget's selector. Subsequently, the gadget
              selects the benign-looking element and executes attacker-controlled
              scripts. As the initially injected element is benign it passes HTML
              sanitizers and security policies. The XSS only surfaces when the gadget
              mistakenly elevates the privileges of the element.
              
              In this talk, we will demonstrate that these gadgets are present in almost
              all modern JavaScript libraries, APIs and applications. We will present
              several case studies and real-world examples that demonstrate that many
              mitigation techniques are not suited for modern applications. As a result,
              we argue that the Web should start focusing more on preventive mechanisms
              instead of mitigations.
            
Biography.  Sebastian Lekies is a senior software engineer and a web security
              researcher
              at Google. He is specializing in client-side web application security and automated web application
              security testing. At Google, Sebastian is a Tech Lead of the web security scanning and the security
              inventory teams. Before joining Google, Sebastian was part of SAP’s Security Research team, where he
              conducted academic research in the area of client-side Web application security. He is regularly
              speaking
              at academic and non-academic security conferences such as BlackHat US/EU/Asia, OWASP AppSec EU, DeepSec,
              Usenix Security, CCS, and many more.
               @slekies
            
Christian Dresen and Damian Poddebniak (Münster University of Applied Sciences) – Talk
Talk. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
Video. YouTube
Abstract. OpenPGP and S/MIME are the two prime standards for providing end-to-end
              security for emails. We describe novel attacks built upon a technique we call malleability gadgets to
              reveal the plaintext of encrypted emails. We use CBC/CFB gadgets to inject malicious plaintext snippets
              into encrypted emails that abuse existing and standard conforming backchannels, for example, in HTML,
              CSS,
              or x509 functionality, to exfiltrate the full plaintext after decryption. The attack works for emails
              even
              if they were collected long ago, and is triggered as soon as the recipient decrypts a single maliciously
              crafted email from the attacker. The attack has a large surface, since for each encrypted email sent to
              n recipients, there are n+1 mail clients that are susceptible to our attack.
              We devise working attacks for both OpenPGP and S/MIME encryption, and show that exfiltration channels
              exist for 23 of the 35 tested S/MIME email clients and 10
              of the 28 tested OpenPGP email clients. While it is necessary to change the OpenPGP and S/MIME standards
              to fix these vulnerabilities, some clients had even more severe implementation flaws allowing
              straightforward exfiltration of the plaintext.
            
Biography. Christian Dresen is PhD student at the University of Applied Sciences in
              Muenster and Ruhr University Bochum. His field of research is IT security and he is also an enthusiastic
              CTF player.
               @dr4ys3n
              
              Damian Poddebniak is a PhD student at the University of Applied Sciences in Münster. During his master's
              thesis he worked on fault attacks and applied them against deterministic signature schemes. He is
              interested in cryptography and privacy-related topics.
               @dues__
            
Petr Svenda (Masaryk University) – Talk
Talk. Exploring ROCA: Fun & troubles with RSA keypairs
Video. YouTube
Abstract. The talk will cover our recent work which resulted in the discovery of an algorithmic flaw (CVE-2017-15361) in the construction of primes for RSA key generation in a widely-used library of a major manufacturer of cryptographic hardware. The primes generated by the library suffer from an entropy loss so severe, that practical factorization of commonly used key lengths up to 2048 bits is possible. Our method based on an extension of Coppersmith’s factorization attack requires no additional information except for the value of the public modulus and does not depend on a weak or a faulty random number generator. The library in question is found in NIST FIPS 140-2 and CC EAL 5+ certified devices used for a wide range of real-world applications, including citizens identity cards, Trusted Platform Modules, secure email, and tokens for authentication or software signing. The findings directly resulted in the revocation of millions of certificates in Estonia, Slovakia, Spain and other countries and major security update rolled by Microsoft, Google, HP, Lenovo, and others. The talk will discuss how the vulnerability was found, our experience from the responsible disclosure process and an options for mitigation including the systematic prevention using the secure multiparty computation efficient enough to run on cryptographic smartcards.
Biography.  Petr is a security researcher at Masaryk University, Czech Republic. He
              engages in the area of cryptographic protocols for resource-limited devices like smartcards or wireless
              sensor networks including use and
              misuse of random number generators. He pushes for more openness and support for FOSS development on
              JavaCard platform and smartcards in general. He also focuses on a utilization of cryptographic
              smartcards
              in the complex scenarios and the development of secure applications on such platforms in Enigma Bridge,
              Cambridge, UK.
               @rngsec
            
Rene Freingruber (SEC Consult) – Talk
Talk.
Video. YouTube
Abstract. Fuzzing is a very powerful technique to detect flaws and vulnerabilities in software. The aim of this talk is to demonstrate different techniques which can be used to fuzz applications or libraries. Choosing the correct and most effective fuzzing technique will be discussed with real-world examples. Moreover, hints according common problems and pitfalls during fuzzing will be given. The first part of the talk discusses general concepts of fuzzing whereas the second part covers important areas which influent the fuzzing results. A special focus of the talk will be the difference of fuzzing applications with source code available versus fuzzing closed-source applications.
Biography.  René Freingruber has been working as a professional security consultant
              for
              SEC Consult for several years. He operates research in the fields of malware analysis, reverse
              engineering
              and exploit development. He also studies modern mitigation techniques and how they can be bypassed by
              attackers. In the course of that research he came across Microsofts Enhanced Mitigation Experience
              Toolkit
              and gave various talks about the (in)security of it at conferences such as RuxCon, ToorCon, ZeroNights,
              IT-Secx, DeepSec, 31C3 and NorthSec.
               @renefreingruber
            
Ben Stock (CISPA Helmholtz Center i.G.) – Talk
Talk. From Discovering Vulnerabilities to Getting Them Fixed At Scale
Video. YouTube
Abstract. Security researchers are often faced with a dilemma once they have
              discovered
              a new type of flaw, potentially affecting many servers or Web sites in the wild. On the one hand, their
              discovery may allow adversaries to find such flawed systems with ease and attack them quickly (as
              famously
              shown by the Drupageddon attack). On the other hand, there are no well-established channels which can be
              used reliably to notify the affected administrators.
              
              In this talk, we will first discuss how the Web’s security evolved over time, highlighting that the need
              for notifications at scale is bigger then ever. Afterwards, we present results from two experiments on
              notifications at scale, trying to help site operators to secure their sites from nefarious attackers. We
              also discuss numerous roadblocks, starting from a complete lack of a usable email address to issues of
              trust arising when a non-native speakers calls people in the US.
            
Biography.  Ben Stock is a Tenure-Track Faculty at the newly founded CISPA Helmholtz
              Center i.G., which is built from the Center for IT-Security, Privacy and Accountability (CISPA) at
              Saarland University. In his PhD, Ben focussed on the detection and mitigation of Client-Side Cross-Site
              Scripting. During his PhD, he worked closely with SAP Research and interned with Microsoft Research.
              After
              his PhD, he joined CISPA as postdoc, focussing on both Web Security as well as Usable Security research.
              He currently heads the Security Web Applications Group at CISPA and is a regular speaker at academic and
              non-academic venues like CCS, USENIX Security, NDSS, Blackhat, and OWASP AppSec.
               @kcotsneb
            
Robert Gawlik (Ruhr University Bochum) – Talk
Talk. How client-side compilers help attackers to gain code execution
Video. YouTube
Abstract. Compilers of interpreter languages aim at speeding up execution in the race
              for
              web browser performance. Various compilers and analysis stages are involved to
              turn JavaScript code into machine code of the architecture the browser runs on.
              In order to maximize the performance of our indispensable browsers,
              Just-In-Time (JIT) compilation gained widespread adoption. It achieves
              near-native run time for otherwise slowly interpreted JavaScript code. But it
              is only the beginning, and Ahead-of-Time (AOT) compilers such as ASM.JS and its
              successor WebAssembly are emerging and won't disappear any time soon. Despite
              the intended performance gain, security concerns arise.
              
              Attackers started to abuse JIT compilers by emitting desired machine code
              derived from controlled script constants. Armed with the ability to fill
              predictable address regions with hidden assembly instructions, they invented
              the JIT-Spray technique. Since then, many client-side JIT-Spray primitives were
              developed to ease the exploitation of various memory errors, which we'll
              revisit in the beginning of this presentation. Furthermore, we analyze flaws we
              found in ASM.JS of Mozilla Firefox, tracked as CVE-2017-5375 and CVE-2017-5400,
              allowing an attacker to jump to "JIT" sprayed executable code. Moreover, we
              take a look at three different Firefox CVEs and demonstrate alternative
              exploitation with ASM.JS JIT-Spray. On the road to remote code execution, we
              show how arbitrary ASM.JS payloads are generated and transformed automatically,
              allowing you to run your favorite code implant on vulnerable Firefox versions.
            
Biography. Robert is a security researcher at the Ruhr University Bochum. He obtained his PhD in 2016 at the Systems Security Chair where he is currently working as PostDoc. His work focuses on various aspects of fuzzing, memory corruption vulnerabilities, and static/dynamic analysis of binary programs. He is experienced in low-level security such as detecting and analyzing client-side bugs, exploit development, and bypassing exploit mitigations.
David Oswald (University of Birmingham, Kasper & Oswald) – Talk
Talk. Is there any Security (and Privacy) in the Internet of Things?
Video. YouTube
Abstract. Embedded (IoT) devices have become commonplace in many areas of our
              daily life, ranging from smart home assistants to resource-constrained
              medical devices. Unfortunately, the firmware of such devices is often
              closed-source and thus, the vendor's security and privacy promises
              cannot be independently verified. In this talk, we will discuss
              techniques to address this issue, for example by means of firmware
              extraction and analysis.
              
              In the first of two case studies, we focus on the Amazon Echo product
              line and cover methods to extract complete filesystem images from both
              newer and older devices. We then describe the (solid) security measures
              implemented in the Echo (e.g. for software updates), and will also
              outline how Amazon handles the transmission of voice data from and to
              the backend.
              
              Our second example is the Dexcom G4, a wide-spread continous blood
              glucose meter used in the treatment of diabetes. Through black-box
              analysis of the RF interface, we find that the Dexcom G4 does not
              implement cryptographic protections, which enables a range of attacks,
              including malicious modification of the transmitted measurements.
              
              The talk concludes with lessons learned from these (and other) case
              studies and with ideas how the security and privacy of future embedded
              devices can be improved.
            
Biography. David Oswald is a lecturer (assistant professor) in the Security and Privacy Group at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. On the other hand, David is working on the practical realization of security systems in embedded applications. He is co-founder of the Kasper & Oswald GmbH, offering innovative products and services for security engineering. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, electronic locks, and VW/Hitag2 RKE systems) has created awareness for the crucial importance of security among developers of embedded devices.
Falko Strenzke (cryptosource GmbH) – Talk
Talk. Revisiting the X.509 Certification Path Validation
Video. YouTube
Abstract. In this work we present a new testing tool for the X.509 certification path validation that was developed for the German Federal Office for Information Security (BSI). Furthermore, we report on the errors that were uncovered by applying the tool's default test suite to various test subjects such as cryptographic libraries and applications. The tool is free and open source, and allows the dynamic creation of test cases involving certificate chains and certificate revocation lists based on XML test specifications. It also facilitates the testing of TLS and IPsec applications as well as e-mail clients supporting S/MIME. The errors uncovered by the tool range from compatibility issues to actual security vulnerabilities.
Biography. After his physics diploma from TU Darmstadt in 2006, Falko Strenzke entered FlexSecure GmbH, where he worked in the areas of of trust center software, security certifications, cryptographic implementations and embedded security. He also led a number of security-oriented research projects. In 2013, he received his PhD in computer science for a work on efficient and secure cryptographic implementations, which he conducted in parallel to his job. Since 2014 Falko is the founder and managing director of cryptosource GmbH, a small start-up that focusses on software development and analysis in the areas of cryptography and security. His activities since then are various consulting and development projects in different industries and the development of a new TLS library for embedded systems.
Hanno Böck (Freelancer) – Talk
Talk. The ROBOT Attack
Video. YouTube
Abstract. 20 years ago Daniel Bleichenbacher discovered an attack against RSA as it was used in SSL and the padding mode PKCS #1 v1.5. Obviously such an old attack doesn't work any more today, because everyone has fixed it. Okay... That was a joke. It still works. With some minor modifications we were able to discover the ROBOT attack (Return Of Bleichenbachers Oracle Threat). It affected nine different vendors and we were able to sign a message with the private key from facebook.com. More info at https://robotattack.org/ and in the full paper at https://eprint.iacr.org/2017/1189
Biography.  Hanno Böck is a freelance journalist and regularly covers IT security
              topics for Golem.de and other publications. He also writes the monthly
              Bulletproof TLS Newsletter. In 2014 he started the Fuzzing Project, an
              effort to improve the security of free software applications. This work
              is supported by the Linux Foundation's Core Infrastructure Initiative.
               @hanno
            
Daniel Gruss (Graz University of Technology) and Jann Horn (Google Project Zero) – Talk
Talk. The Story of Meltdown and Spectre
Video. YouTube
Abstract. In this talk we will tell the story of Meltdown and Spectre. We will outline how research from the past two decades was the foundation of the discovery of these vulnerabilities while providing preliminary information. We will point out and illustrate how what the root causes of Meltdown and Spectre are. In the main part of the talk we will describe how Meltdown and Spectre work. We will discuss different attack scenarios and the impact of these attacks. Finally, we will outline countermeasures against the attacks.
Biography. Daniel Gruss is a PhD Student at Graz University of Technology. He has done
              his master's thesis on identifying and minimizing architecture dependent code in operating system
              kernels.
              Daniel's research focuses on software-based side-channel attacks that exploit timing differences in
              hardware and operating system. In July 2015, he and his colleagues demonstrated the first hardware fault
              attack performed through a remote website, known as Rowhammer.js.
               @lavados
              
              Jann Horn is a security researcher working with Google Project Zero. He focuses primarily on kernel and
              hypervisor security.
            
David Jardin (Joomla!) – Talk
Talk. Vulnerability handling process at Joomla!
Video. YouTube
Abstract. In this talk, I will give you some first-hand insights into the work that the Joomla security team does. You will learn what attack vectors we are facing, how real-world exploits in popular web apps work and how we as a team try to keep up with these ongoing threats to keep millions of our users secure.
Biography.  Born and living in Cologne, Germany, David got in touch with web
              development
              during school in 2002. After a few years working with plain HTML sites, he started to develop his own
              CMS
              in 2004 and switched to Mambo shortly after. He quickly became an active member of the German community
              and met them in person for the first time during JoomlaDay Germany 2006. After school, he started his
              business as a freelance webdeveloper and quickly got more involved in the community by giving support in
              the forums, co-organizing the German JoomlaDay and the J&Beyond conference, starting a Joomla Usergroup
              in
              his home town, developing own extensions and joining the board of the German Joomla association
              "J&Beyond
              e.V.". In 2012, he joined the Bug Squad and started contributing to the CMS code.
              In late 2012, he co-founded the CMS-Garden project, which is cooperation of 12 opensource CMS. In the
              CMS-Garden, volunteers from all participating systems combine their forces to improve their marketing
              and
              reach new potential users.
               @SniperSister
            
Prof. Dr. Christof Paar (Ruhr University Bochum) – Keynote
Talk. How to Build Hardware Trojans
Video. YouTube
Abstract. Countless systems ranging from consumer electronics to military equipment
              are
              dependent on integrated circuits (ICs). A surprisingly large number of embedded systems are already
              security-critical, e.g., medical devices, automotive electronics, SCADA systems or network routers. If
              the
              underlying ICs in an applications are maliciously manipulated through hardware Trojans, the security of
              the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of
              governments and the scientific community.
              
              Even though hardware Trojans have been studied over the last 10 years or so, little is known about how
              they might look, especially those that are particularly designed to avoid detection. In this talk we
              introduce several approaches with which a sophisticated attacker could insert Trojan into hardware
              platforms. We will look at hardware Trojans realized on both, ASICs (application specific integrated
              circuits) and FPGAs, i.e., programmable hardware.
            
Biography. Christof Paar has the Chair for Embedded Security at Ruhr University Bochum, Germany, and is research professor at the University of Massachusetts Amherst. He co-founded CHES (Cryptographic Hardware and Embedded Systems), the leading international conference on applied cryptography. His research interests include efficient crypto implementations, hardware security, and security analysis of real-world systems. He also works on applications of embedded security, e.g., in cars or consumer devices. He holds an ERC Advanced Grant in hardware security and is spokesperson for the doctoral training school SecHuman. Christof has over 180 peer-reviewed publications and he is co-author of the textbook Understanding Cryptography (Springer, 2009). Christof is Fellow of the IEEE and the IACR and has given invited talks at MIT, Yale, Stanford, IBM Labs and Intel. Christof co-founded ESCRYPT GmbH, a leading system provider for automotive security, which is now part of Bosch.
Prof. Dr. Kenny Paterson (Royal Holloway, University of London) – Keynote
Talk. SSH: Beyond Confidentiality and Integrity in Practice
Video. YouTube
Abstract. This talk presents a systematic analysis of symmetric encryption modes for
              SSH
              that are in use on the Internet, providing deployment statistics, new attacks, and security proofs for
              widely used modes. We will also look at the on-going development of new encryption modes for SSH that
              offer superior
              security to the currently deployed modes at low additional cost.
              
              Joint work with Martin Albrecht, Jean Paul Degabriele and Torben Brandt Hansen.
            
Biography.  Prof Kenneth Paterson obtained a BSc in 1990 from the University of
              Glasgow
              and a PhD from the University of London in 1993, both in Mathematics. He was then a Royal Society Fellow
              at Institute for Signal and Information Processing at the Swiss Federal Institute of Technology, Zurich,
              from 1993 to 1994. After that, he was a Lloyd's of London Tercentenary Foundation Research Fellow at
              Royal
              Holloway, University of London from 1994 to 1996. In 1996, he joined Hewlett-Packard Laboratories
              Bristol,
              becoming a project manager in 1999. He then joined the Information Security Group at Royal Holloway in
              2001, becoming a Reader in 2002 and Professor in 2004. From March 2010 to May 2015, he was an EPSRC
              Leadership Fellow working on a project entitled "Cryptography: Bridging Theory and Practice". In May
              2015,
              he reverted to being a Professor of Information Security.
              
              Kenny was program chair of Eurocrypt 2011, invited speaker at Asiacrypt 2014, and currently serves as
              Editor-in-Chief for the Journal of Cryptology. He is a co-founder of the "Real World Cryptography"
              workshop series. He also serves on the Executive Steering Board of the IoT Security Foundation, as
              co-chair of the Crypto Forum Research Group of the IRTF, and on the technical advisory board of
              SkyHighNetworks.
              
              His research over the last decade has mostly been in the area of Cryptography, with a strong emphasis
              being on the analysis of deployed cryptographic systems and the development of provably secure solutions
              to real-world cryptographic problems. He is a winner of an Applied Networking Research Prize from the
              IRTF
              for his work on the Lucky 13 attack on TLS; a PETS award for Outstanding Research in Privacy Enhancing
              Technologies for
              his work with Mihir Bellare and Phil Rogaway on the Security of symmetric encryption against mass
              surveillance published at CRYPTO 2014; and a winner of a best paper award at ACM CCS 2016, with Martin
              Albrecht, Jean Paul Degabriele and Torben Hansen, for their work on SSH.
            
Tibor Jager (University Paderborn) – Talk
Talk. 0-RTT Key Exchange with Full Forward Secrecy
Video. YouTube
Abstract. Reducing latency overhead while maintaining critical security guar- antees
              like forward secrecy has become a major design goal for key exchange (KE) protocols, both in academia
              and
              industry. Of particular interest in this re- gard are 0-RTT protocols, a class of KE protocols which
              allow
              a client to send cryptographically protected payload in zero round-trip time (0-RTT) along with the very
              first KE protocol message, thereby minimizing latency. Prominent ex- amples are Google’s QUIC protocol
              and
              the upcoming TLS protocol version 1.3. Intrinsically, the main challenge in a 0-RTT key exchange is to
              achieve forward secrecy and security against replay attacks for the very first payload message sent in
              the
              protocol. According to cryptographic folklore, it is impossible to achieve forward secrecy for this
              message, because the session key used to protect it must depend on a non-ephemeral secret of the
              receiver.
              If this secret is later leaked to an attacker, it should intuitively be possible for the attacker to
              compute the session key by performing the same computations as the receiver in the actual
              session.
              We show that this belief is actually false. We construct the first 0-RTT key exchange protocol which
              provides full forward secrecy for all trans- mitted payload messages and is automatically resilient to
              replay attacks. In our construction we leverage a puncturable key encapsulation scheme which permits
              each
              ciphertext to only be decrypted once. Fundamentally, this is achieved by evolving the secret key after
              each decryption operation, but without modifying the corresponding public key or relying on shared
              state.
              Our construction can be seen as an application of the puncturable encryption idea of Green and Miers
              (S&P
              2015). We provide a new generic and standard- model construction of this tool that can be instantiated
              with any selectively secure hierarchical identity-based key encapsulation scheme.
Biography.  Tibor Jager teaches IT security and cryptography at Paderborn University.
              His research interests include applied and theoretical cryptography, with emphasis on the design and
              security analysis of digital signatures, public-key encryption schemes, and protocols, as well as
              practical attacks and countermeasures. He contributed to the discovery of security weaknesses in and
              practical attacks on major cryptographic standards and software libraries, including TLS, EAP-TLS, the
              W3C
              XML Encryption standard, and JSON Web Encryption/Web Signature.
               @tibor_jager
            
Frederik Braun (Mozilla) – Talk
Talk. Advanced SSL/TLS Deployment Strategies
Video. YouTube
Abstract. The web has evolved from hypertext to a powerful application platform.
              Powerful features like Geolocation, Push Notifications and Service Workers raise the stakes for
              application security.
              
              Only HTTPS can guarantee integrity, confidentiality and authenticity of those web applications. We will
              cover deployment best practices that to strike a practical balance between security and compatibility.
              This includes a small digression into the inner guts of TLS to discuss cipher suites as well as
              certificate switching.
              
              This talk also covers major deficiencies of the certificate ecosystems and demonstrates how to thwart
              the
              risks of misbehaving or even compromised Certificate Authorities with techniques like HTTPS Public Key
              Pinning or Certificate Transparancy.
              
              Following this overview, common bypasses and shortcomings of these security mechanisms will also be
              discussed.
            
Biography.  Frederik Braun is a Senior Security Engineer who works on Mozilla Firefox.
              Besides enhancing the built-in security checks, he has also been involved in web and mobile security.
              Frederik contributes to the W3C Web Application Security Working Group and co-authored the Subresource
              Integrity standard. He's also a former student of the Ruhr University in Bochum and co-founded the CTF
              team Fluxfingers. When not working on computer security, Frederik spends time with his family in
              Berlin.
               @freddyb
            
Joeri de Ruiter (Radboud University) – Talk
Talk. Black-Box Security Analysis of State Machine Implementations
Video. YouTube
Abstract. State machines play an important role when implementing any protocol. They
              specify which messages are to be sent at which state and how incoming messages should be processed at
              different stages of the protocol. Especially in security protocols, when mistakes are made in the
              implementation of the state machine this can lead to serious issues. In this talk we will show how
              black-box analysis techniques can be used to extract state machines from implementations and what kind
              of
              security issues this can reveal.
              
              We applied this analysis on several protocols, including EMV and TLS. The analysis of TLS resulted, for
              example, in the discovery of a serious vulnerability in Java's TLS implementation, which made it
              possible
              to bypass encryption and certificate verification. The technique was also applied on 145 different
              version
              of OpenSSL and LibreSSL, which gave an interesting insight in the evolution of the implemented state
              machine and showed how several severe issues in the past can be observed.
              
              The technique can also be used to analyse devices where physical input is required: with the help of a
              Lego robot we analysed handheld readers used for online banking. This could identify a vulnerability in
              the device where it is possible to bypass the acknowledgement from the user used to authorise a
              transaction.
              
              The tool used in this research (StateLearner) is available as open source, and can easily be extended to
              support more protocols and systems.
            
Biography.  Joeri de Ruiter is a researcher in the Digital Security group at the
              Radboud
              University in Nijmegen, The Netherlands. His research interests are in the analysis and design of
              real-world security protocols, such as TLS and EMV.
               @cypherpunknl
            
Martin Grothe (Ruhr University Bochum) – Talk
Talk. Breaking and Fixing a Cryptocurrency
Video. YouTube
Abstract. Bitcoin has been hailed as a new payment mechanism, and is currently accepted by millions of users. One of the major drawbacks of Bitcoin is the resource intensive Proof-of-Work computation. Proof-of-Work is used to establish the blockchain, but otherwise it does not bring any benefits and arguably is a waste of energy. To address this problem, several alternative cryptocurrencies have been presented. One of them is Gridcoin which rewards the users for solving BOINC problems. In our work we conducted the first security analysis of Gridcoin. We identified two critical security issues. The first issue allows an attacker to reveal all the e-mail addresses of the registered Gridcoin users. Even worse, the second issue gives an attacker the ability to steal the work performed by a BOINC user, and thus effectively steal his Gridcoins. These attacks have severe consequences and completely break the Gridcoin cryptocurrency. We practically evaluated and confirmed both attacks, and responsibly disclosed them to the Gridcoin maintainers, together with the proposed countermeasures.
Biography.  Martin Grothe is a research assistant at the Chair for Network and Data
              Security at the Ruhr University Bochum. Martin's research focuses on attacks against real-world
              protocols
              and security implementations. In August 2016, he and his colleagues demonstrated the first attacks
              against
              Microsofts Enterprise Rights Management (ERM) System, well known as Active Directory Rights Management
              Services (RMS). Further, in joined work with his colleagues at the Chair for Network and Data Security,
              he
              showed a new attack against PPTP VPNs, which utilizes RADIUS authentication.
               @ashitaka007
            
Sven Bugiel (Saarland University) – Talk
Talk. Five Years of Android Security Research: the Good, the Bad, the Ugly
Video. YouTube
Abstract. Android security and privacy research has boomed in recent years, far outstripping investigations of other "appified" platforms. In this talk, we present an overview of the different research areas that have emerged around the Android ecosystem, their current state and outlook, as well as the lessons learned we can draw from Android for other contemporary or future appified platforms. In particular, in the last part of this talk, we will take a short look at ongoing investigations of third party code and tool-chain providers and their partly significant impact on the overall security state of the Android ecosystem.
Biography.  Sven Bugiel is an Independent Research Group Leader and head of the
              Trusted
              Systems Group at the Center for IT-Security, Privacy and Accountability (CISPA), Saarland University.
              His
              research interests lie in the area of systems security and secure computing, where a particular focus is
              on mobile security, e.g., Android. In the past years, Sven’s research put a strong emphasis on novel
              access control solutions across the various layers of mobile software stacks, while more recently the
              ecosystem surrounding mobile platforms, such as third-party libraries, is of particular interest to
              him.
               @svebug
            
Jens Müller (Ruhr University Bochum) – Talk
Talk. How to Hack Your Printer
Video. YouTube
Abstract. The idea of a paperless office has been dreamed for more than three decades.
              However, nowadays printers are still one of the most essential devices for daily work and private
              people.
              Instead of getting rid of them, printers evolved from simple printing devices to complex network
              computer
              systems installed directly in company networks, and carrying lots of confidential data in their print
              jobs. This makes them to an attractive attack target.
              
              In this paper we conduct a large scale analysis of printer attacks and systematize our knowledge by
              providing a general methodology for security analyses of printers. Based on our methodology we
              implemented
              an open-source tool called PRinter Exploitation Toolkit (PRET). We used PRET to evaluate 20 printer
              models
              from different vendors and found all of them to be vulnerable to at least one of the tested attacks.
              These
              attacks included, for example, simple Denial-of-Service (DoS) attacks or skilled attacks extracting
              print
              jobs and system files.
              
              On top of our systematic analysis we reveal novel insights that enable attacks from the Internet by
              using
              advanced cross-site printing techniques combined with printer CORS-Spoofing. Finally, we show how to
              apply
              our attacks to systems beyond typical printers like Google Cloud Print or document processing websites.
              We
              hope that novel aspects from our work will become the foundation for future researches, for example, for
              the analysis of IoT security.
            
Biography.  Jens Müller received his M.Sc. degree in IT Security / Networks and
              Systems
              from the Ruhr University Bochum in 2016. He has experience as a freelancer in network penetration
              testing
              and security auditing. In his spare time he develops free open source software, at present tools related
              to network printer exploitation.
               @jensvoid
            
David Oswald (Kasper & Oswald) – Talk
Talk. The (In)Security of Automotive Remote Keyless Entry Systems revisited
Video. YouTube
Abstract. Remote keyless entry (RKE) systems, usually based on so-called rolling codes, are the most widespread way of (un)locking vehicle doors, opening the trunk, and disarming the alarm system. RKE is based on the unidirectional transmission of an (increasing) counter value, authenticated by means of symmetric cryptography. There are two major ways of attacking RKE systems: (i) by exploiting vulnerable key distribution schemes, and (ii) by making use of cryptographical weaknesses in the employed ciphers. In this talk, we will give practical example for both cases (based on our Usenix Security 2016 paper). First, we show that the RKE system used by the VW group (Audi, Seat, Skoda, Volkswagen) was based on only a handful global keys over the past 20 years. By extracting these keys from ECU firmware, an adversary is able to clone the owner's remote control from a distance of up to 100m, using a single rolling code. Second, we present novel attacks on the Hitag2 RKE scheme (employed by Alfa Romeo, Peugeot, Lancia, Opel, Renault, and Ford among others). Based on black-box reverse-engineering of the protocol, we devise a new cryptanalytical attack on Hitag2 for full key recovery, requiring four to eight rolling codes and negligible computation. Finally, our talk also includes a brief survey of the state of automotive security in general, a discussion of the responsible disclosure process, and recommendations for designing more secure RKE systems.
Biography. David Oswald is a lecturer (assistant professor) in the Security and Privacy Group at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. On the other hand, David is working on the practical realization of security systems in embedded applications. He is co-founder of the Kasper & Oswald GmbH, offering innovative products and services for security engineering. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, electronic locks, and VW/Hitag2 RKE systems) has created awareness for the crucial importance of security among developers of embedded devices.
Veelasha Moonsamy (Radboud University) – Talk
Talk. A new categorization system for Side-channel attacks on mobile devices & more
Video. YouTube
Abstract. Side-channel attacks on mobile devices have gained increasing attention
              since
              their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and
              electromagnetic analysis attacks, required physical presence of the attacker as well as expensive
              equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern
              mobile devices. Given the vast amount of sensitive information that are stored on smartphones, the
              ramifications of side-channel attacks affect both the security and privacy of users and their
              devices.
              
              In this talk, I will begin with an overview of existing side-channel attacks on mobile devices and argue
              for the need of a new categorization system as side-channel attacks have evolved significantly since
              their
              introduction during the smartcard era. I will explain how our proposed categorization system will help
              to
              facilitate the development of novel countermeasures and provide insights into possible future research
              directions.
              
              In the second part of my talk, I will present our latest work on how an adversary can exploit
              side-channel
              information, in this case power from the phone battery, to maliciously control a public charging station
              in order to exfiltrate data from a smartphone via a USB charging cable (i.e. without using the data
              transfer functionality).
            
Biography.  Veelasha Moonsamy is a postdoctoral researcher in the Digital Security
              group
              at Radboud University in The Netherlands. She obtained her PhD from Deakin University in Melbourne
              (Australia), under the supervision
              of Prof. Lynn Batten. Her research interests revolves around security and privacy on mobile devices, in
              particular side- and covert-channel attacks, malware detection and mitigation of information leaks at
              application and hardware level.
               @veelasha_m
            
Clémentine Maurice and Daniel Gruss (Graz University of Technology) – Talk
Talk. Rowhammer Attacks: A Walkthrough Guide
Video. YouTube
Abstract. In the past 2 years the so-called Rowhammer bug has caught the attention of
              many academic and non-academic researchers. The scary aspect of the Rowhammer bug is that is entirely
              invalidates software security assumptions. Isolation mechanisms are ineffective to a degree where an
              attacker can run in a website and compromise the entire host system.
              
              In this walkthrough guide I will walk you through all Rowhammer attacks that have been presented so far.
              We will start with the seminal work by Kim. et. al. 2014 and discuss the basic idea of triggering
              bitflips
              in software. Subsequently we will discuss how to use their findings in exploits, as demonstrated by
              Google
              researchers in 2015. The results from the works of these two groups is still of vital interest for the
              discussion of countermeasures that now may find their way into the Linux kernel.
              
              Subsequently, we will discuss several attacks that are derived from these initial Rowhammer attacks. We
              will discuss attacks that lower requirements: Rowhammer.js, non-temporal-access-based attacks, DRAMA and
              Drammer. These attacks move Rowhammer from the strictly x86 native setting on DDR3 memory to new
              environments like the JavaScript sandbox, DDR4, or even mobile devices.
              
              Another branch of attacks combine Rowhammer with other attack primitives. We will discuss attacks using
              deduplication (Dedup est Machina, Flip Feng Shui) and their impact. Furthermore, we will discuss the
              first
              Rowhammer attacks on cryptographic primitives that have been presented in 2016.
              
              Finally, we will discuss countermeasures, i.e. Rowhammer detection and Rowhammer mitigation. While
              several
              countermeasures have been discussed and some have even been deployed, the problem is widely unsolved. We
              will shed light on the ongoing discussion amongst Linux kernel developers and point out dead ends that
              should be avoided in the future.
            
Biography.  Clémentine Maurice is a postdoctoral researcher in the Secure Systems
              group
              at the Graz University of Technology, in Austria. She obtained her PhD from Telecom ParisTech in October
              2015 while working at Technicolor
              in Rennes, jointly with the S3 group of Eurecom in Sophia Antipolis. Among other topics, she is
              interested
              in microarchitectural covert and side channels and reverse-engineering processor parts. Her research
              aims
              at finding new attack vectors on modern commodity devices such as servers, laptops, desktops and mobile
              devices. She also led the research
              on Rowhammer hardware fault attacks in JavaScript through a remote website, an attack also known as
              Rowhammer.js. She presented her work at several academic conferences and venues like the 32nd CCC and
              BlackHat Europe.
               @BloodyTangerine
              
              Daniel Gruss is a PhD Student at Graz University of Technology. He has done his master's thesis on
              identifying and minimizing architecture dependent code in operating system kernels. Daniel's research
              focuses on software-based side-channel attacks that exploit timing differences in hardware and operating
              system. In July 2015, he and his colleagues demonstrated the first hardware fault attack performed
              through
              a remote website, known as Rowhammer.js.
               @lavados
            
Krzysztof Kotowicz (Google) – Talk
Talk. Secrets of the Google Vulnerability Reward Program
Video. YouTube
Abstract. In Google VRP, we receive and process over 600 vulnerability reports a
              month.
              While the majority of them end up being invalid, some of the vulnerabilities reported by our bughunters
              from all over the world are amazing, in terms of their severity, impact and/or the difficulty of
              patching
              them on a Google scale. While some of them were already described in the past at various security
              conferences or writeups, most of them remain unknown to the security community.
              
              In this presentation, we'll highlight the most interesting bug reports submitted through Google VRP,
              with
              the root causes both in our products, open source libraries or common software stacks. We'll analyze the
              security patches to the libraries we helped create, and reveal the full story behind them. For example,
              you'll get to know what has the reason behind a couple of Angular security releases.
              
              Additionally, we'll give insights on how we evaluate and deal with vulnerability reports internally.
              Special focus will be put on the remediation process - making sure that a given vulnerability is not
              only
              patched, but prevented from happening ever again.
            
Biography.  Krzysztof Kotowicz is an Information Security Engineer at Google and a
              panel
              member of Google's Vulnerability Rewards Program. He's a web security researcher specialized in
              Javascript, browser extensions and client-side security. Author of multiple open-source pentesting
              tools,
              and recognized HTML5/UI redressing attack vectors. Speaker at international IT security conferences &
              meetings (Black Hat, BruCON, Hack In Paris, CONFidence, SecurityByte, HackPra, OWASP AppSec,
              Insomni'Hack).
               @kkotowicz
            
Armin Buescher (Symantec) – Talk
Talk. Teach a Man to Phish and You Feed Him for a Lifetime
Video. YouTube
Abstract. Phishing might seem like a simple attack vector relying on gullible users to
              happily give up their credentials. When digging deeper into the topic however, one will find many
              interesting aspects of phishing that have not been widely reported.
              
              This talk will dive into the analysis of so-called phishing kits: archives of server-side (mostly PHP)
              code that can be used to quickly turn a compromised or launched server into a phishing ground for the
              selected target. Leveraging the phishing detection capabilities of our team, we crawled known
              compromised
              servers and were able to download over five thousand phishing kits over the last couple of months.
              
              Being able to analyze the server-side source code of phishing pages at large scale yields insights into
              the workings of phishing campaigns and opens new possibilities to the motivated security
              researcher:
              - Finding and abusing bugs in the kits
              - Evading evasion
              - Automating the creation of robust detection
              - Geographically tracking the phishers
            
Biography.  Armin Buescher is a security researcher focused on the analysis of attack
              trends and transferring research results into the development of novel detection/prevention technologies
              and analysis tools. He has over 8 years of experience working in the security industry for companies
              with
              changing points of view ranging from the endpoint and malware sandboxes to network security and web
              gateways.
               @armbues
            
Anders Fogh (GDATA Advanced Analytics) – Talk
Talk. Using Microarchitectural Design to Break KASLR and More
Video. YouTube
Abstract. Typically, hackers focus on software bugs to find vulnerabilities in the
              trust
              model of computers. In this talk, however, we'll focus on, how the micro architectural design of
              computers
              and how they enable an attacker to breach trust boundaries. Specifically, we'll focus on how an attacker
              with no special privileges can gain insights into the kernel and how these insights can enable further
              breaches of security. We will focus on the x86-64 architecture. Unlike software bugs, micro
              architectural
              design issues have applications across operating systems and are independent of easily fixable software
              bugs. In modern operating systems the security model is enforced by the kernel. The kernel itself runs
              in
              a processor supported and protected state often called supervisor or kernel mode. Thus the kernel itself
              is protected from introspection and attack by hardware. We will present a method that'll allow for fast
              and reliable introspection into the memory hierarchy in the kernel based on undocumented CPU behavior
              and
              show how attackers could make use of this information to mount attacks on the kernel and consequently of
              the entire security model of modern computers. Making a map of memory and breaking KASLR Modern
              operating
              systems use a number of methods to prevent an attacker from running unauthorized code in kernel mode.
              They
              range from requiring user-privileges to load drivers, over driver signing to hardware enabled features
              preventing execution in memory marked as data such as DEP (Data Execution Prevention) or more resonantly
              SMEP that prevents execution of user allocated code with kernel level privileges. Often used bypasses
              modify either page tables or use so called code reuse attacks. Either way an attacker needs to know
              where
              the code or page tables are located. To further complicate an attack modern operating system is equipped
              with "Kernel Address Space Randomized Layout" (KASLR) that randomizes the location of important system
              memory.
              
              We'll present a fast and reliable method to map where the kernel has mapped pages in the kernel mode
              area.
              Further, we'll present a method for locating specific kernel modules thus by passing KASLR and paving
              the
              way for classic privileged elevation attacks. Neither method requires any special privileges and they
              even
              run from a sandboxed environment. Also relevant is that our methods are more flexible than traditional
              software information leaks, since they leak information on the entire memory hierarchy. The core idea of
              the work is that the prefetch instructions leaks information about the caches that are related to
              translating a virtual address into a physical address. Also significant is that the prefetch instruction
              is unprivileged and does not cause exceptions nor does it have any privilege verification. Thus it can
              be
              used on any address in the address space. Physical to virtual address conversion A number of
              micro-architectural attacks is possible on modern computers. The Row hammer is probably the most famous
              of
              these attacks. But attacks methodologies such as cache side channel attacks have proven to be able to
              exfiltrate private data, such as private keys, across trust boundaries. These two attack methodologies
              have in common that they require information about how virtual memory is mapped to physical memory. Both
              methodologies have thus far either used the "/proc/PID/pagemap" which is now accessible only with
              administrator privileges or by using approximations. We will discuss a method where an unprivileged user
              is able to reconstruct this mapping. This goes a long way towards making the row hammer attack a
              practical
              attack vector and can be a valuable assistance in doing cache side channel attacks. Again we use the
              prefetch's instructions lack of privilege checking, but instead of using the timing that it leaks we now
              use the instructions ability to load CPU caches and that timing of memory access instructions depend
              heavily on the cache state. Finally, we will shortly outline a possible defense.
            
Biography.  Anders Fogh has led numerous low level engineering efforts in the past 11
              years. Prior to that he worked at VOB GmbH and Pinnacle System where he was responsible for major
              developments in video and CD/DVD recording software. Since 1993 he has been an avid malware hobbyist and
              has reverse engineering experience with operating systems from DOS to present day OSs as well as devices
              ranging from DVD players to USB sticks. He holds a master's degree in economics from the University of
              Aarhus. He was the first to suggest a software solution to the row hammer bug and spoke at Black Hat
              2015
              with Nishat Herath on the topic of using performance counters for security out comes.
               @anders_fogh
            
Prof. Dr. Thorsten Holz (Ruhr University Bochum) - Keynote
Talk. Code-Reuse Attacks and Beyond
Video. YouTube
Abstract. Code-reuse attacks have become a prevalent technique to exploit memory corruption vulnerabilities in software programs. The focus of most attacks is on modifying code pointer and a variety of corresponding defenses has been proposed, of which many have already been successfully bypassed — and the arms race continues. In this talk, we provide an overview of some recent work we performed at Ruhr University Bochum towards code-reuse attacks with and without modifying code pointers. On the one hand, we present some recent results on a technique called counterfeit object-oriented programming (COOP). We demonstrate that many existing defenses that do not consider object-oriented C++ or Objective-C semantics precisely can be generically bypassed in practice. On the other hand, we focus on non-control data attacks. We demonstrate some potential attacks and focus on data-only attacks that can bypass many of the existing defenses. We conclude the talk with an overview of potential other targets of code-reuse attacks and an outlook of future challenges.
Biography. Thorsten Holz is a professor in the Faculty of Electrical Engineering and
              Information Technology at Ruhr University Bochum, Germany. His research interests include systems
              oriented
              aspects of secure systems, with a specific focus on applied computer security. Currently, his work
              concentrates on automated analysis of malicious software, reverse engineering, and studying latest
              attack
              vectors. He received the Dipl.-Inform. degree in Computer Science from RWTH Aachen, Germany (2005), and
              the Ph.D. degree from University of Mannheim (2009). Prior to joining Ruhr University Bochum in April
              2010, he was a postdoctoral researcher in the Automation Systems Group at the Technical University of
              Vienna, Austria.
               @thorstenholz
            
Prof. Dr. Jörg Schwenk (Ruhr University Bochum) - Keynote
Talk. Transport Layer Security – TLS 1.3 and backwards security issues
Video. YouTube
Abstract. Since the publication of CRIME and BEAST, many new attacks on TLS implementations surfaced each year. It turned out that some of the basic designs of TLS were flawed, e.g. the MAC-then-PAD-then-ENCRYPT construction of the TLS Record Layer. The IETF has therefore initiated work on TLS version 1.3, a major revision of the TLS standard. This new standard is influenced by Google's QUIC protocol, has lower latency, and improved security features.
In this talk, the outlines of the new standard will be sketched, and the current state of standardization described. In addition, we will have a look at backwards compatibility attacks, and ask if simply adding a new TLS version without deactivating the older ones will really improve security.
Biography. Since September 2003, Prof. Dr. Jörg Schwenk is the owner of the Chair for
              Network and Data Security at the Ruhr University Bochum. The chair belongs to the renowned Horst Görtz
              Institute for IT Security. Professor Schwenk is an internationally recognized expert in the areas of
              cryptography and IT security. After completing his doctorate in the Department of Mathematics at the
              University of Giessen he moved in 1993 to Darmstadt, where he worked at the Telekom Technology center
              for
              applied research in the field of IT security. Professor Schwenk is an author of numerous international
              publications in renowned conferences (for example Eurocrypt, Asiacrypt or Communications and Multimedia
              Security), author of textbooks on cryptography and Internet security, and about 60 patents in the field
              of
              IT security.
               @JoergSchwenk
            
Mario Heiderich (Cure 53) - Talk
Talk. An Abusive Relationship with AngularJS v2
Video. YouTube
Abstract. Some voices claim that "Angular is what HTML would have been if it had been designed for building web applications". While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away.
This talk will have a stern, very stern look at AngularJS 1.x in particular and shed light on the
              security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow
              its
              own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web
              application? How does AngularJS play along with the Content Security Policy, and was it a good idea to
              combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0?
Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base?
This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more,
              not
              necessarily for the best for developers and users. We will conclude in deriving a general lesson
              learnt and hopefully agree that progress doesn't invariably mean an enhancement.
Biography. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Other than that, Mario is a very simple person and only parses three-word sentences so don’t even bother addressing him with complex topics or rhetoric.
Marco Balduzzi (Trend Micro Research) - Talk
Talk. Automatic Extraction of Indicators of Compromise for Web Applications
Video. YouTube
Abstract. Indicators of Compromise (IOCs) are forensic artifacts that are used as signs that a system has been compromised by an attack or that it has been infected with a particular malicious software. In this paper we propose for the first time an automated technique to extract and validate IOCs for web applications, by analyzing the information collected by a high-interaction honeypot. Our approach has several advantages compared with traditional techniques used to detect malicious websites. First of all, not all the compromised web pages are malicious or harmful for the user. Some may be defaced to advertise product or services, and some may be part of affiliate programs to redirect users toward (more or less legitimate) online shopping websites. In any case, it is important to detect those pages to inform their owners and to alert the users on the fact that the content of the page has been compromised and cannot be trusted. Also in the case of more traditional drive-by-download pages, the use of IOCs allows for a prompt detection and correlation of infected pages, even before they may be blocked by more traditional URLs blacklists. Our experiments show that our system is able to automatically generate web indicators of compromise that have been used by attackers for several months (and sometimes years) in the wild without being detected. So far, these apparently harmless scripts were able to stay under the radar of the existing detection methodologies – resisting for long time on public web sites.
Biography. Marco Balduzzi holds a Ph.D. in applied IT security from
              Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His
              interests concern all aspect of computer security, with particular emphasis on real problems that affect
              systems and networks. Some topics on which he worked on are web and browser security, code analysis,
              botnets detection, cybercrime investigation, privacy and threats in social networks, malware and
              intrusion
              detection systems.
               @embyte
            
Ralf Hund (VMRay GmbH) - Talk
Talk. The beast within - Evading dynamic malware analysis using Microsoft COM
Video. YouTube
Abstract. Microsoft Common Object Model (COM) is technology which aims at providing binary programming interface for Windows programs. Despite its age almost ancient age, it still forms the internal fundament of many new Microsoft technologies such as .NET. However, in more than twenty years of further development, the inevitable pressure to retain backwards compatibility have turned the COM runtime into a obscure beast. These days, many COM interfaces exist that mirror almost the same functionality provided by common Windows APIs. Malware authors can easily execute almost any operation (creating files, starting new processes, etc.) only using COM calls. Dynamic malware analyzers must deal with this accordingly without getting lost in the shadowy depths of the COM runtime. The talk presents various aspects of automated dynamic COM malware analysis and shows which approaches are actually realizable and which ones are hopeless.
Biography. Ralf achieved his Ph.D. in computer science / IT-security at the Ruhr University of Bochum in 2013. During his studies he focused on new analysis methods for binary software, with a strong focus on malware. Since then, he has been one of the co-founders and the CTO of VMRay GmbH, a Bochum-based IT-security company focusing on 3rd generation threat analysis and detection using advanced hypervisor-based dynamic analysis. He has experience in malware research and software development for more than 15 years and is an active speaker at various academic and industrial conferences. His special interests lie in virtualization techniques and its application to software analysis.
Daniel Gruss (University Of Technology Graz) - Talk
Talk. Cache Side-Channel Attacks and the case of Rowhammer
Video. YouTube
Abstract. Software security relies on isolation mechanisms provided by hardware and operating system. However, isolation mechanisms are often insufficient, for instance due to the existence of caches in hardware and software. Caches keep frequently used data in faster memory to reduce access time and to reduce the access frequency on slower memory. This introduces timing differences that can be exploited in side-channel attacks.
The first half of this talk is about state-of-the-art cache side-channel attacks. Most cache attacks target cryptographic implementations and even full key recovery attacks cross-core, cross-VM in public clouds have been demonstrated. We recently found that cache attacks can be fully automatized, cache attacks are not limited to specific architectures, and cache attacks can be implemented based on a variety of hardware features. This broadens the field of cache attacks and increases their impact significantly.
The second half of this talk is about the so-called Rowhammer effect, which can be exploited to gain unrestricted access to systems. Recent studies have found that in most DDR3 DRAM modules random bit flips can occur due to the Rowhammer effect. These hardware faults can be triggered by an attacker without accessing the corresponding memory location, but by accessing other memory locations in a high frequency. The first attacks used cache maintenance operations as caches would prevent such frequent accesses. Frequent accesses from JavaScript would allow a remote attacker to exploit the Rowhammer effect. For this purpose it is necessary to defeat the complex cache replacement policies. We showed that this is possible last year. In this talk we will detail how to evaluate the huge parameter space of eviction strategies, discuss intuitive and counter-intuitive timing effects, and thereby close the gap between local Rowhammer exploits in native code and remote Rowhammer exploits through websites.
Biography. Daniel Gruss is a PhD Student at Graz University of Technology. He has done
              his master's thesis on identifying and minimizing architecture dependent code in operating system
              kernels. Daniel's research focuses on software-based side-channel attacks that exploit timing
              differences in hardware and operating system. In July 2015, he and his colleagues demonstrated the first
              hardware fault attack performed through a remote website, known as Rowhammer.js.
               @lavados
            
Marion Marschalek (G Data) - Talk
Talk. Cheshire Cat's Grin
Video. N.A.
Abstract. There is malware, and then, there is m.a.l.w.a.r.e. Last year we got our fingers on a set of exquisite binaries which were definitely not the usual kind. No I'd never call malware sophisticated, after all thats not what it takes to be dangerous; or interesting. But those were a challenging beast, unusually intriguing.
For the lack of a better name, and given all the whacky traits the binaries come with, we dubbed the family CheshireCat. Thats the pink cat in Alice's wonderland with the most stupid grin. The CheshireCat binaries have been around since 2002, some are built for workstations as old as Windows NT4, they support dial-up connections and executable header checks for the NewExecutable file format. Go figure. We came to the conclusion, someone very dedicated has built CheshireCat for very special networks and kept his operation under the radar for more than a decade.
This talk will introduce CheshireCat's implementation traits, stealth tactics and wonderous functionalities. The term attribution might appear, once, to leave some clues about where CheshireCat might have come from.
Biography. Marion Marschalek is Principal Malware Researcher at GData AdvancedAnalytics, focusing on the analysis of emerging threats. Marion startedher career within the anti-virus industry and also worked on advancedthreat protection systems where she built a thorough understanding ofhow threats and protection systems work and how both occasionally fail.Next to that Marion teaches malware analysis at University of AppliedSciences St. Pölten and frequently contributes to articles and papers.She has spoken at international conferences around the globe, amongothers Blackhat, RSA, SyScan, hack.lu and Troopers. Marion came off aswinner of the Female Reverse Engineering Challenge 2013, organized by REprofessional Halvar Flake. She practices martial arts and has a vividpassion to take things apart. Preferably, other people's things.
Sebastian Schinzel (Münster University of Applied Sciences) - Talk
Talk. The DROWN Attack
Video. YouTube
Abstract. We present DROWN, a novel cross-protocol attack thatcan decrypt passively collected TLS sessions from up-to-dateclients by using a server supporting SSLv2 as aBleichenbacher RSA padding oracle. We implemented theattack and can decrypt a TLS 1.2 handshake using 2048-bit RSA in under 8 hours using Amazon EC2, at a costof $440. Using Internet-wide scans, we find that 33% ofall HTTPS servers and 22% of those with browser-trustedcertificates are vulnerable to this protocol-level attack,due to widespread key and certificate reuse.
Biography. Sebastian is a professor for computer security at Münster University
              of
              Applied Sciences since 2013. His research topics include penetrationtesting techniques, applied
              cryptography, side channel attacks, and he speaks regularly at information security conferences.
               @seecurity
            
Martin Johns (SAP Research) - Talk
Talk. Eavesdropping on WebRTC Communication with Funny Cat Pictures
Video. YouTube
Abstract. WebRTC is one of the newest additions to the ever growing arsenal of Web browser-based technologies. In a shift away from the Web's classic Server-client architecture, WebRTC enables the creation of peer-to-peer channels between browsers, that do not traverse the Web server after initialization, allowing direct data transfer as well as audio/video chat. Well established protocols, such as HTTPS and DTLS/SCTP, outfit WebRTC's network communication (Both the browser-server as well as the browser-to-browser connections) with strong security guarantees, that render Man-in-the-Middle attacks virtually impossible. But -- not uncommon in Web scenarios -- the weakest link of the chain can be found on the JavaScript layer in the browser.
In this talk, we will show how a single Cross-site Scripting vulnerability, a compromised signaling server, or a malicious CDN can be utilized to fully intercept Web RTC communication and leak video & audio of both participants of the communication to a malicious third party. The attack is fully hidden from the compromised parties and requires no server infrastructure on the attacker's site.
Biography. Dr. Martin Johns is a Research Expert in the Security and Trust group
              within
              SAP AG, where he leads the web application security team. Furthermore, he serves on the board of the
              German OWASP chapter. Before joining SAP, Martin studied Mathematics and Computer Science at the
              Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990s and the early years of the new
              millennium, he earned his living as a software engineer in German companies (including Infoseek Germany,
              and TC Trustcenter). He holds a diploma in Computer Science from the University of Hamburg and a
              Doctorate
              from the University of Passau. Martin has a track record of over eight years applied WebAppSec research,
              published more than 20 papers on the subject, and is a regular speaker at international security
              conferences, including Black Hat, the OWASP AppSec series, CCS, ACSAC, ESORICS, PacSec, HackInTheBox,
              RSA
              Europe, and the CCC Congress.
               @datenkeller
            
Mathias Bynens (Opera) - Talk
Talk. Hacking with Unicode in 2016
Video. YouTube
Abstract. This presentation explores common mistakes made by programmers whendealing with Unicode support and character encodings on the Web. Foreach mistake, I explain how to fix/prevent it, but also how it couldpossibly be exploited.
Biography. Mathias is a Belgian web standards freak. He likes HTML, CSS, JavaScript,
              Unicode, performance, and security. At Opera Software he’s a member of the Developer Relations
              team.
               @mathias
            
Matthias Kaiser (Code White GmbH) - Talk
Talk. Java deserialization vulnerabilities - The forgotten bug class
Video. YouTube
Abstract. Java deserialization vulnerabilities are a bug class on its own. Although several security researchers have published details in the past, still the bug class is fairly unknown. This talk is about finding and exploiting deserialization flaws in Java. Details on a new gadget will be disclosed, allowing Remote Code Execution. And several vulnerabilities discovered by Code White will be shown as Case Studies including a 0day.
Biography. Matthias is the Head of Vulnerability Research at Code White. He enjoys
              bug-hunting in Java Software because it's so easy. He found vulnerabilities in products of Oracle,
              IBM, SAP, Symantec, Apache, Adobe, Atlassian, etc. Currently, he enjoys researching deserialization and
              looking into COM/OLE.
               @matthias_kaiser
            
Nicolas Golubovic (Ruhr University Bochum) - Talk
Talk. On the Security of Browser Extensions
Video. YouTube
Abstract. In an everlasting struggle to find the balance between security, privacy and that toolbar which slipped in after you've installed Java, browser extension systems constantly evolve. Three years after Kotowicz has pwned our stuff, we will explore old and new attack techniques for both Firefox and Chrome. Finally, we will engage in a jolly expedition to long-forgotten extension types and convince them to exploit the browser itself.
Biography. Nicolas is a soon-to-be former student of the Ruhr University Bochum. After
              finishing his master's degree, he will move to Zurich to join Google's web security efforts. Due
              to being a HackPra supervisor for roughly three years, Nicolas had the pleasure of listening to many
              great
              speakers and is eager to show that he has learned quite a few tricks of their trade over time.
               @_qll_
            
Lucas Vincenzo Davi (Technical University of Darmstadt) - Talk
Talk. On Securing Legacy Software Against Code-Reuse Attacks
Video. YouTube
Abstract. Code-Reuse attacks such as return-oriented programming constitute a powerful exploitation technique that is frequently leveraged to compromise software on a wide range of architectures. These attacks generate malicious computation based on existing code (so-called gadgets) residing in linked libraries. Both academia and industry have recently proposed defense techniques to mitigate code-reuse attacks. However, a continuous arms race has evolved between attacks and defenses. In this talk, we will elaborate on the evolution of code-reuse attacks. In particular, we explore prominent defense techniques that are based on control-flow integrity (CFI) enforcement and code randomization. Further, we discuss promising research directions such as hardware-assisted defenses and protection against these attacks at the kernel layer.
Biography. Lucas Davi is an independent Claude Shannon research group leader of the Secure and Trustworthy Systems group at Technische Universität Darmstadt, Germany. He received his PhD from Technische Universität Darmstadt, Germany in computer science. He is also a researcher at the Intel Collaborative Research Institute for Secure Computing (ICRI-SC). His research focuses on software exploitation technique and defenses. In particular, he explores modern software exploitation attacks such as return-oriented programming (ROP) for ARM and Intel-based systems.
Timo Kasper (Kasper & Oswald GmbH) - Talk
Talk. Security Nightmares in the Internet of Things: Electronic Locks and More
Video. N.A.
Abstract. Wireless embedded devices have become omnipresent in applications such as access control (to doors or to PCs), identification, and payments. The talk reviews the security of several commercial devices that typically employ cryptographic mechanisms as a protection against ill-intended usage or to prevent unauthorized access to secured data. A combination of side-channel attacks, reverse-engineering and mathematical cryptanalysis helps to reveal and exploit weaknesses in the systems that for example allow opening secured doors in seconds. At hand of the real-world examples, the implications of a key extraction for the security of the respective contactless application are illustrated. As a powerful tool for security-analyzing and pentesting NFC and RFID systems, the open source project "ChameleonMini" is presented: Besides virtualization and emulation of contactless cards, the device allows to log the NFC communication, and in its latest revision acts as an active RFID reader.
Biography. Timo Kasper studied electrical engineering and information technology at the Ruhr University Bochum and at the University of Sheffield, UK. In 2006, his Diploma thesis "Embedded Security Analysis of RFID Devices" won the first place award for IT security (CAST, Darmstadt). Timo Kasper has been research assistant at the Chair for Embedded Security of the Horst Görtz Institute for IT Security (HGI) since October 2006. He completed his studies 2011 with a PhD in Engineering. In 2012, his PhD thesis "Security Analysis of Pervasive Wireless Devices - Physical and Protocol Attacks in Practice" won the first place award for IT security (CAST, Darmstadt). Timo is co-founder of Kasper & Oswald GmbH offering innovative products and services for security engineering.