Ehemalige Referenten

Besten Dank geht nochmals an folgende Referenten aus Industrie und Forschung, die bereits im Rahmen des HackerPraktikums einen Vortrag gehalten haben:

Mario HeiderichBusi­ness IN Inc.XSS-Wür­mer1 2 3
An­dre­as KurtzCi­ro­sec GmbhLi­ve-Ha­cking 2.0 – Ak­tu­el­le An­griffs­tech­ni­ken auf Web-Ap­pli­ka­tio­nen1, Vortrag
Ste­fan Esser,
Ben Fuhr­man­nek,
Sek­tionEins GmbHAd­van­ced Web Ha­cking1 2, Vortrag
Armin Bü­scherG DATA Soft­ware AGMon­key­Wrench: ein low-in­ter­ac­tion Ho­ney­cli­ent zur Ana­ly­se der Aus­nut­zung von Ja­va­script-ba­sier­ten Ver­wund­bar­kei­ten1
Jan Käst­le ,
Ste­fan Hölz­ner
KPMG AGWeb­ap­pli­ka­ti­ons-Si­cher­heit – Er­fah­run­gen aus der Pra­xis1
Dr. Jo­han­nes
XING AGXING – how to ope­ra­te a large Web­site1
Red-Data­ba­se-Se­cu­ri­ty GmbHAd­van­ced SQL-In­jec­tion1
Pa­trick Hof,
Jens Lieb­chen
Red­Team Pen­tes­ting GmbHApa­che Tom­cat – Who’s the JBoss now?1 Vortrag
TU Dort­mundJen­seits von An­griffs­mus­tern – Po­si­ti­ve Si­cher­heits­mo­del­le in Web-An­wen­dun­gen1
Dr. Mar­tin JohnsSAP Re­se­archCross-si­te Re­quests: One me­cha­nism, many at­tacks1 Vortrag
ci­ro­sec GmbHWeb Ap­p­li­ca­ti­on Fire­walls1 Vortrag
Mo­ritz Jo­d­eitn.runs AGAt­ta­cking Ad­ja­cent Lay­ers1 Vortrag
Mario HeiderichBusi­ness IN Inc.HTML 5: The good, the bad, the ugly1
Felix GröbertGoogleFrom XSS to Ring 01
Sebastian SchinzelVirtual Forge GmbHSide Channel Attacks im Web – Software Security für SAP Systeme1 2 3 Vortrag
Eray Basar9elementsNinja Webtechnologies1 Vortrag
Karsten TellmannG Data Software AGExploiting Adobe’s PDF1 2 Vortrag
ci­ro­sec GmbHApple iPhoneund iPad im Unternehmen1 Vortrag
n.runs AGSecure by design – It’s a bug, not a feature1
Stefan Esser
Ben Fuhrmannek
Sek­tionEins GmbHSi­cher­heits­pro­ble­me in Web­ap­pli­ka­ti­on fern­ab der üb­li­chen In­jek­ti­ons­ver­wund­bar­kei­ten1 Vortrag
Collin MullinerTechnische Universität BerlinRandom tales from a mobile
phone hacker
Marcus NiemietzRUBUI Redressing: Attacks and Countermeasures Revisited1
An­dre­as Schmidtsi­be­rasWATOBO – The Web Application Toolbox1 Vortrag
Gre­gor KopfRe­cu­ri­ty Labs GmbHNon-Obvious Bugs by Example Vortrag
Aleksandr Matrosov
Eugene Rodionov
ESETDefeating x64: Modern
Trends of Kernel-Mode Rootkits
Krzysztof KotowiczSecuRingHTML5: Something wicked this way comes 
Erlend OftedalBekk Consulting ASPractical attacks on web crypto Vortrag
Ste­fa­no Di PaolaMinded SecurityAnalysis and Identification of DOM
Based XSS Issues
1 Vortrag
Ga­reth Heyes Non alphanumeric code with JavaScript & PHP;
Shazzer – Shared online fuzzing
John Wi­lan­derSvenska HandelsbankenThe Developer Part of the
Problem, Buffer Overflows, Modeling Security Bugs, Safety & Liveness
Properties, CSRF Against RESTful Services, Multi-Ste, Semi-Blind CSRF
Abraham Aranguren Legal And Efficient Web App Testing Without Permission Vortrag
Alexey SintsovERPscanLotus Domino: Penetration Through the Controller Vortrag
Vladimir VorontsovONsecBlind XXE injections Vortrag
Michele OrruTrustwave SpiderLabsBeef, what a tasty piece of meat Vortrag
Paul StoneContext Information SecurityBrowser Timing Attacks via the Graphics Stack Vortrag
Nicolas GregoireAgarriAttacking processing Vortrag
Arthur Gerkis Dynamic PHP web-appliaktion analysis Vortrag
Roberto Suggi Liverani Cross Context Scripting (XCS) – Attacks and Exploitation Vortrag
Soroush Dalili File in the hole![1], Vortrag
Tuomas Kärkkäinen Fuzzing at Scale and in Style Vortrag
Ange Albertini A challenge in your pocket, an introduction to brainteasers Vortrag
Sandro Gauci Webapp Exploit Payloads – tools built for & during the job Vortrag
Svetlana GaivoronskiLomonosov Moscow State UniversityShellcode detection techniques Vortrag
Felix ‚FX‘ LindnerRecurity LabsSecurity is Privacy – Future Research Vortrag
Jürgen PabelDeutsche PostInformation Security Management – A Hacker’s Perspective1 Vortrag
Matthias KaiserDaimler TSSRecent Java Exploitation Techniques1 Vortrag
Jeremiah GrossmanWhiteHat SecurityThe Real State of Website Security and The Truth About Accountability and „Best-Practices“ Vortrag
Giorgio MaoneInformActionDefending the Indefensible – The Unsung Battles and Legacy of NoScript Vortrag
Karsten NohlSecurity Research LabsIn-depth crypto attacks – It always takes two bugs Vortrag
Andreas KurtzNESO Security Labs GmbHPentesting iOS Apps – Runtime Analysis and Manipulation Vortrag
Fabian YamaguchiGeorg-August-Universität GöttingenInformation Retrieval and Machine Learning for Interactive Bug Hunting Vortrag
Miroslav Stampar Curious Case of SQLi Vortrag
Stefan EsserSektionEinsiOS 7 Security Overview Vortrag
Mike WestGoogleLocking Down the User Agent Vortrag
Felix GröbertGoogleSecurity Analysis of Apple FileVault2 Vortrag
Mathias BynensOperaHacking with Unicode Vortrag
Mathias KarlssonDetectifyPolyglot payloads in practice Vortrag
Collin MullinerNortheastern UniversityHidden GEMs: Automated Discovery of Access Control Vulnerabilities in GUIs Vortrag
Johannes DahseRuhr University BochumStatic Detection of Vulnerabilities in Modern PHP Applications Vortrag
Sebastian SchinzelFachhochschule MünsterRemote Timing Attacks Vortrag
Joern SchneeweiszRecurity Labs GmbHBug Tales Vortrag
Thomas Patzke Near Field Communication Security Vortrag
Sebastian LekiesGoogle25 Million Flows Later: Detection and Exploitation of DOM-based XSS vulnerabilities at scale Vortrag
Jan KopeckyING Regional IT headquartersExploitation – from past to nowadays1
Christian Schneider Security DevOps – Free pentesters‘ time to focus on high-hanging fruits Vortrag
Matthias KaiserCode White GmbHExploiting Deserialization Vulnerabilities in Java Vortrag
Michele Orru Dark FairyTales from a Phisherman (Vol. III) Vortrag
Ibrahim KöseCSPiManaging Security Testing Vortrag
Dirk Wetter Intricacies testing SSL: sockets, schools, threa{t,d}s and sometimes no shake-hands Vortrag
Sven SchlueterContext Information SecurityModern penetration testing Vortrag
Hanno Böck TLS – the most important crypto protocol Vortrag
Christian RossowSaarland UniversityZeus P2PWNED: Monitoring and Disrupting Modern P2P Botnets Vortrag
Ben StockSaarland UniversityFrom Facepalm to Brain Bender – Exploring Client-Side Cross-Site Scripting Vortrag
Tom Van GoethemUniversity of LeuvenBreaking privacy and security by abusing cross-origin resource size Vortrag
Clémentine MauriceGraz University of Technology,Reverse-engineering CPUs for fun and profit Vortrag
Anders FoghG-DATA Advanced Analytics GmbHCovert shotgun: Automatically finding covert channels in SMT Vortrag
Martin SchmiedeckerSBA ResearchTurning Incident Response to Eleven Vortrag
Johannes DahseRIPS TechnologiesAn Advent Calendar full of PHP Security Bugs Vortrag
Victor van der VeenVrije Universiteit AmsterdamDrammer: The Making-Of Vortrag
Mario HeiderichCure53, RUBMy Sweet Innocence Exposed – Eleven Reasons why we will all miss you, ‚e‘ Vortrag
Nicolas Gregoire Nearly generic fuzzing of XML-based formatsSlides
Enno ReyERNWProperties of IPv6 and Their Implications for Offense & Defense Vortrag
Matthias Schmidt1&1Technical Security at a large ISP Slides
Florian KohlarKPMGTales from an IT-Security consultant Vortrag
Ange AlbertiniGoogleBeyond your studies – You studied X at Y. Now what? Vortrag
Mathy VanhoefKU LeuvenKRACKing WPA2 and Mitigating Future Vulnerabilities Vortrag
Johannes DahseRIPSState-of-the-art PHP Exploitation Techniques Vortrag
Michele Orrù All your sessions are belong to us Vortrag
Gertjan FrankenKU LeuvenWho left open the cookie jar? Vortrag
Rene FreingruberSEC ConsultAn overview on modern fuzzing techniques Vortrag
Jens MüllerRUB„Johnny, you are fired!“ – Spoofing OpenPGP and S/MIME Signatures in EmailsNo recording
Hauke Gierow & Tim BerghoffG Data„How not to get the Cybers“ – Talking with media representatives about infosecNo recording
Christian BeckerContextRed Team Exercises – A case study Vortrag