Besten Dank geht nochmals an folgende Referenten aus Industrie und Forschung, die bereits im Rahmen des HackerPraktikums einen Vortrag gehalten haben:
Referent | Firma | Titel | Download |
Mario Heiderich | Business IN Inc. | XSS-Würmer | 1 2 3 |
Andreas Kurtz | Cirosec Gmbh | Live-Hacking 2.0 – Aktuelle Angriffstechniken auf Web-Applikationen | 1, Vortrag |
Stefan Esser, Ben Fuhrmannek, fukami | SektionEins GmbH | Advanced Web Hacking | 1 2, Vortrag |
Armin Büscher | G DATA Software AG | MonkeyWrench: ein low-interaction Honeyclient zur Analyse der Ausnutzung von Javascript-basierten Verwundbarkeiten | 1 |
Jan Kästle , Stefan Hölzner | KPMG AG | Webapplikations-Sicherheit – Erfahrungen aus der Praxis | 1 |
Dr. Johannes Mainusch | XING AG | XING – how to operate a large Website | 1 |
Alexander Kornbrust | Red-Database-Security GmbH | Advanced SQL-Injection | 1 |
Patrick Hof, Jens Liebchen | RedTeam Pentesting GmbH | Apache Tomcat – Who’s the JBoss now? | 1 Vortrag |
Christian Bockermann | TU Dortmund | Jenseits von Angriffsmustern – Positive Sicherheitsmodelle in Web-Anwendungen | 1 |
Dr. Martin Johns | SAP Research | Cross-site Requests: One mechanism, many attacks | 1 Vortrag |
Steffen Tröscher | cirosec GmbH | Web Application Firewalls | 1 Vortrag |
Moritz Jodeit | n.runs AG | Attacking Adjacent Layers | 1 Vortrag |
Mario Heiderich | Business IN Inc. | HTML 5: The good, the bad, the ugly | 1 |
Felix Gröbert | From XSS to Ring 0 | 1 | |
Sebastian Schinzel | Virtual Forge GmbH | Side Channel Attacks im Web – Software Security für SAP Systeme | 1 2 3 Vortrag |
Eray Basar | 9elements | Ninja Webtechnologies | 1 Vortrag |
Karsten Tellmann | G Data Software AG | Exploiting Adobe’s PDF | 1 2 Vortrag |
Ronny Sackmann | cirosec GmbH | Apple iPhoneund iPad im Unternehmen | 1 Vortrag |
Alexios Fakos | n.runs AG | Secure by design – It’s a bug, not a feature | 1 |
Stefan Esser Ben Fuhrmannek | SektionEins GmbH | Sicherheitsprobleme in Webapplikation fernab der üblichen Injektionsverwundbarkeiten | 1 Vortrag |
Collin Mulliner | Technische Universität Berlin | Random tales from a mobile phone hacker | 1 |
Marcus Niemietz | RUB | UI Redressing: Attacks and Countermeasures Revisited | 1 |
Andreas Schmidt | siberas | WATOBO – The Web Application Toolbox | 1 Vortrag |
Gregor Kopf | Recurity Labs GmbH | Non-Obvious Bugs by Example | Vortrag |
Aleksandr Matrosov Eugene Rodionov | ESET | Defeating x64: Modern Trends of Kernel-Mode Rootkits | Vortrag |
Krzysztof Kotowicz | SecuRing | HTML5: Something wicked this way comes | |
Erlend Oftedal | Bekk Consulting AS | Practical attacks on web crypto | Vortrag |
Stefano Di Paola | Minded Security | Analysis and Identification of DOM Based XSS Issues | 1 Vortrag |
Gareth Heyes | Non alphanumeric code with JavaScript & PHP; Shazzer – Shared online fuzzing | Vortrag | |
John Wilander | Svenska Handelsbanken | The Developer Part of the Problem, Buffer Overflows, Modeling Security Bugs, Safety & Liveness Properties, CSRF Against RESTful Services, Multi-Ste, Semi-Blind CSRF | |
Abraham Aranguren | Legal And Efficient Web App Testing Without Permission | Vortrag | |
Alexey Sintsov | ERPscan | Lotus Domino: Penetration Through the Controller | Vortrag |
Vladimir Vorontsov | ONsec | Blind XXE injections | Vortrag |
Michele Orru | Trustwave SpiderLabs | Beef, what a tasty piece of meat | Vortrag |
Paul Stone | Context Information Security | Browser Timing Attacks via the Graphics Stack | Vortrag |
Nicolas Gregoire | Agarri | Attacking processing | Vortrag |
Arthur Gerkis | Dynamic PHP web-appliaktion analysis | Vortrag | |
Roberto Suggi Liverani | Cross Context Scripting (XCS) – Attacks and Exploitation | Vortrag | |
Soroush Dalili | File in the hole! | [1], Vortrag | |
Tuomas Kärkkäinen | Fuzzing at Scale and in Style | Vortrag | |
Ange Albertini | A challenge in your pocket, an introduction to brainteasers | Vortrag | |
Sandro Gauci | Webapp Exploit Payloads – tools built for & during the job | Vortrag | |
Svetlana Gaivoronski | Lomonosov Moscow State University | Shellcode detection techniques | Vortrag |
Felix ‚FX‘ Lindner | Recurity Labs | Security is Privacy – Future Research | Vortrag |
Jürgen Pabel | Deutsche Post | Information Security Management – A Hacker’s Perspective | 1 Vortrag |
Matthias Kaiser | Daimler TSS | Recent Java Exploitation Techniques | 1 Vortrag |
Jeremiah Grossman | WhiteHat Security | The Real State of Website Security and The Truth About Accountability and „Best-Practices“ | Vortrag |
Giorgio Maone | InformAction | Defending the Indefensible – The Unsung Battles and Legacy of NoScript | Vortrag |
Karsten Nohl | Security Research Labs | In-depth crypto attacks – It always takes two bugs | Vortrag |
Andreas Kurtz | NESO Security Labs GmbH | Pentesting iOS Apps – Runtime Analysis and Manipulation | Vortrag |
Fabian Yamaguchi | Georg-August-Universität Göttingen | Information Retrieval and Machine Learning for Interactive Bug Hunting | Vortrag |
Miroslav Stampar | Curious Case of SQLi | Vortrag | |
Stefan Esser | SektionEins | iOS 7 Security Overview | Vortrag |
Mike West | Locking Down the User Agent | Vortrag | |
Felix Gröbert | Security Analysis of Apple FileVault2 | Vortrag | |
Mathias Bynens | Opera | Hacking with Unicode | Vortrag |
Mathias Karlsson | Detectify | Polyglot payloads in practice | Vortrag |
Collin Mulliner | Northeastern University | Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in GUIs | Vortrag |
Johannes Dahse | Ruhr University Bochum | Static Detection of Vulnerabilities in Modern PHP Applications | Vortrag |
Sebastian Schinzel | Fachhochschule Münster | Remote Timing Attacks | Vortrag |
Joern Schneeweisz | Recurity Labs GmbH | Bug Tales | Vortrag |
Thomas Patzke | Near Field Communication Security | Vortrag | |
Sebastian Lekies | 25 Million Flows Later: Detection and Exploitation of DOM-based XSS vulnerabilities at scale | Vortrag | |
Jan Kopecky | ING Regional IT headquarters | Exploitation – from past to nowadays | 1 |
Christian Schneider | Security DevOps – Free pentesters‘ time to focus on high-hanging fruits | Vortrag | |
Matthias Kaiser | Code White GmbH | Exploiting Deserialization Vulnerabilities in Java | Vortrag |
Michele Orru | Dark FairyTales from a Phisherman (Vol. III) | Vortrag | |
Ibrahim Köse | CSPi | Managing Security Testing | Vortrag |
Dirk Wetter | Intricacies testing SSL: sockets, schools, threa{t,d}s and sometimes no shake-hands | Vortrag | |
Sven Schlueter | Context Information Security | Modern penetration testing | Vortrag |
Hanno Böck | TLS – the most important crypto protocol | Vortrag | |
Christian Rossow | Saarland University | Zeus P2PWNED: Monitoring and Disrupting Modern P2P Botnets | Vortrag |
Ben Stock | Saarland University | From Facepalm to Brain Bender – Exploring Client-Side Cross-Site Scripting | Vortrag |
Tom Van Goethem | University of Leuven | Breaking privacy and security by abusing cross-origin resource size | Vortrag |
Clémentine Maurice | Graz University of Technology, | Reverse-engineering CPUs for fun and profit | Vortrag |
Anders Fogh | G-DATA Advanced Analytics GmbH | Covert shotgun: Automatically finding covert channels in SMT | Vortrag |
Martin Schmiedecker | SBA Research | Turning Incident Response to Eleven | Vortrag |
Johannes Dahse | RIPS Technologies | An Advent Calendar full of PHP Security Bugs | Vortrag |
Victor van der Veen | Vrije Universiteit Amsterdam | Drammer: The Making-Of | Vortrag |
Mario Heiderich | Cure53, RUB | My Sweet Innocence Exposed – Eleven Reasons why we will all miss you, ‚e‘ | Vortrag |
Nicolas Gregoire | Nearly generic fuzzing of XML-based formats | Slides | |
Enno Rey | ERNW | Properties of IPv6 and Their Implications for Offense & Defense | Vortrag |
Matthias Schmidt | 1&1 | Technical Security at a large ISP | Slides |
Florian Kohlar | KPMG | Tales from an IT-Security consultant | Vortrag |
Ange Albertini | Beyond your studies – You studied X at Y. Now what? | Vortrag | |
Mathy Vanhoef | KU Leuven | KRACKing WPA2 and Mitigating Future Vulnerabilities | Vortrag |
Johannes Dahse | RIPS | State-of-the-art PHP Exploitation Techniques | Vortrag |
Michele Orrù | All your sessions are belong to us | Vortrag | |
Gertjan Franken | KU Leuven | Who left open the cookie jar? | Vortrag |
Rene Freingruber | SEC Consult | An overview on modern fuzzing techniques | Vortrag |
Jens Müller | RUB | „Johnny, you are fired!“ – Spoofing OpenPGP and S/MIME Signatures in Emails | No recording |
Hauke Gierow & Tim Berghoff | G Data | „How not to get the Cybers“ – Talking with media representatives about infosec | No recording |
Christian Becker | Context | Red Team Exercises – A case study | Vortrag |