Ehemalige Referenten
Besten Dank geht nochmals an folgende Referenten aus Industrie und Forschung, die bereits im Rahmen des HackerPraktikums einen Vortrag gehalten haben:
| Referent |
Firma |
Titel |
Download |
| Mario Heiderich | Business IN Inc. | XSS-Würmer | 1 2 3 |
| Andreas Kurtz | Cirosec Gmbh | Live-Hacking 2.0 - Aktuelle Angriffstechniken auf Web-Applikationen | 1, Vortrag |
| Stefan Esser, Ben Fuhrmannek, fukami |
SektionEins GmbH | Advanced Web Hacking | 1 2, Vortrag |
| Armin Büscher | G DATA Software AG | MonkeyWrench: ein low-interaction Honeyclient zur Analyse der Ausnutzung von Javascript-basierten Verwundbarkeiten | 1 |
| Jan Kästle , Stefan Hölzner |
KPMG AG | Webapplikations-Sicherheit - Erfahrungen aus der Praxis | 1 |
| Dr. Johannes Mainusch |
XING AG | XING - how to operate a large Website | 1 |
| Alexander Kornbrust |
Red-Database-Security GmbH | Advanced SQL-Injection | 1 |
| Patrick Hof, Jens Liebchen |
RedTeam Pentesting GmbH | Apache Tomcat - Who's the JBoss now? | 1 Vortrag |
| Christian Bockermann |
TU Dortmund | Jenseits von Angriffsmustern - Positive Sicherheitsmodelle in Web-Anwendungen | 1 |
| Dr. Martin Johns | SAP Research | Cross-site Requests: One mechanism, many attacks | 1 Vortrag |
| Steffen Tröscher |
cirosec GmbH | Web Application Firewalls | 1 Vortrag |
| Moritz Jodeit | n.runs AG | Attacking Adjacent Layers | 1 Vortrag |
| Mario Heiderich | Business IN Inc. | HTML 5: The good, the bad, the ugly | 1 |
| Felix Gröbert | From XSS to Ring 0 | 1 | |
| Sebastian Schinzel | Virtual Forge GmbH | Side Channel Attacks im Web - Software Security für SAP Systeme | 1 2 3 Vortrag |
| Eray Basar | 9elements | Ninja Webtechnologies | 1 Vortrag |
| Karsten Tellmann | G Data Software AG | Exploiting Adobe's PDF | 1 2 Vortrag |
| Ronny Sackmann |
cirosec GmbH | Apple iPhoneund iPad im Unternehmen | 1 Vortrag |
| Alexios Fakos |
n.runs AG | Secure by design - It's a bug, not a feature | 1 |
| Stefan Esser Ben Fuhrmannek |
SektionEins GmbH | Sicherheitsprobleme in Webapplikation fernab der üblichen Injektionsverwundbarkeiten | 1 Vortrag |
| Collin Mulliner | Technische Universität Berlin | Random tales from a mobile phone hacker | 1 |
| Marcus Niemietz | RUB | UI Redressing: Attacks and Countermeasures Revisited | 1 |
| Andreas Schmidt | siberas | WATOBO - The Web Application Toolbox | 1 Vortrag |
| Gregor Kopf | Recurity Labs GmbH | Non-Obvious Bugs by Example | Vortrag |
| Aleksandr Matrosov Eugene Rodionov |
ESET | Defeating x64: Modern Trends of Kernel-Mode Rootkits | Vortrag |
| Krzysztof Kotowicz | SecuRing | HTML5: Something wicked this way comes | |
| Erlend Oftedal | Bekk Consulting AS | Practical attacks on web crypto | Vortrag |
| Stefano Di Paola | Minded Security | Analysis and Identification of DOM Based XSS Issues | 1 Vortrag |
| Gareth Heyes | Non alphanumeric code with JavaScript & PHP; Shazzer - Shared online fuzzing | Vortrag | |
| John Wilander | Svenska Handelsbanken | The Developer Part of the Problem, Buffer Overflows, Modeling Security Bugs, Safety & Liveness Properties, CSRF Against RESTful Services, Multi-Ste, Semi-Blind CSRF | |
| Abraham Aranguren | Legal And Efficient Web App Testing Without Permission | Vortrag | |
| Alexey Sintsov | ERPscan | Lotus Domino: Penetration Through the Controller | Vortrag |
| Vladimir Vorontsov | ONsec | Blind XXE injections | Vortrag |
| Michele Orru | Trustwave SpiderLabs | Beef, what a tasty piece of meat | Vortrag |
| Paul Stone | Context Information Security | Browser Timing Attacks via the Graphics Stack | Vortrag |
| Nicolas Gregoire | Agarri | Attacking <?xml?> processing | Vortrag |
| Arthur Gerkis | Dynamic PHP web-appliaktion analysis | Vortrag | |
| Roberto Suggi Liverani | Cross Context Scripting (XCS) - Attacks and Exploitation | Vortrag | |
| Soroush Dalili | File in the hole! | [1], Vortrag | |
| Tuomas Kärkkäinen | Fuzzing at Scale and in Style | Vortrag | |
| Ange Albertini | A challenge in your pocket, an introduction to brainteasers | Vortrag | |
| Sandro Gauci | Webapp Exploit Payloads - tools built for & during the job | Vortrag | |
| Svetlana Gaivoronski | Lomonosov Moscow State University | Shellcode detection techniques | Vortrag |
| Felix 'FX' Lindner | Recurity Labs | Security is Privacy - Future Research | Vortrag |
| Jürgen Pabel | Deutsche Post | Information Security Management - A Hacker's Perspective | 1 Vortrag |
| Matthias Kaiser | Daimler TSS | Recent Java Exploitation Techniques | 1 Vortrag |
| Jeremiah Grossman | WhiteHat Security | The Real State of Website Security and The Truth About Accountability and "Best-Practices" | Vortrag |
| Giorgio Maone | InformAction | Defending the Indefensible - The Unsung Battles and Legacy of NoScript | Vortrag |
| Karsten Nohl | Security Research Labs | In-depth crypto attacks - It always takes two bugs | Vortrag |
| Andreas Kurtz | NESO Security Labs GmbH | Pentesting iOS Apps - Runtime Analysis and Manipulation | Vortrag |
| Fabian Yamaguchi | Georg-August-Universität Göttingen | Information Retrieval and Machine Learning for Interactive Bug Hunting | Vortrag |
| Miroslav Stampar | Curious Case of SQLi | Vortrag | |
| Stefan Esser | SektionEins | iOS 7 Security Overview | Vortrag |
| Mike West | Locking Down the User Agent | Vortrag | |
| Felix Gröbert | Security Analysis of Apple FileVault2 | Vortrag | |
| Mathias Bynens | Opera | Hacking with Unicode | Vortrag |
| Mathias Karlsson | Detectify | Polyglot payloads in practice | Vortrag |
| Collin Mulliner | Northeastern University | Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in GUIs | Vortrag |
| Johannes Dahse | Ruhr University Bochum | Static Detection of Vulnerabilities in Modern PHP Applications | Vortrag |
| Sebastian Schinzel | Fachhochschule Münster | Remote Timing Attacks | Vortrag |
| Joern Schneeweisz | Recurity Labs GmbH | Bug Tales | Vortrag |
| Thomas Patzke | Near Field Communication Security | Vortrag | |
| Sebastian Lekies | 25 Million Flows Later: Detection and Exploitation of DOM-based XSS vulnerabilities at scale | Vortrag | |
| Jan Kopecky | ING Regional IT headquarters | Exploitation – from past to nowadays | 1 |
| Christian Schneider | Security DevOps - Free pentesters' time to focus on high-hanging fruits | Vortrag | |
| Matthias Kaiser | Code White GmbH | Exploiting Deserialization Vulnerabilities in Java | Vortrag |
| Michele Orru | Dark FairyTales from a Phisherman (Vol. III) | Vortrag | |
| Ibrahim Köse | CSPi | Managing Security Testing | Vortrag |
| Dirk Wetter | Intricacies testing SSL: sockets, schools, threa{t,d}s and sometimes no shake-hands | Vortrag | |
| Sven Schlueter | Context Information Security | Modern penetration testing | Vortrag |
| Hanno Böck | TLS - the most important crypto protocol | Vortrag | |
| Christian Rossow | Saarland University | Zeus P2PWNED: Monitoring and Disrupting Modern P2P Botnets | Vortrag |
| Ben Stock | Saarland University | From Facepalm to Brain Bender - Exploring Client-Side Cross-Site Scripting | Vortrag |
| Tom Van Goethem | University of Leuven | Breaking privacy and security by abusing cross-origin resource size | Vortrag |
| Clémentine Maurice | Graz University of Technology, | Reverse-engineering CPUs for fun and profit | Vortrag |
| Anders Fogh | G-DATA Advanced Analytics GmbH | Covert shotgun: Automatically finding covert channels in SMT | Vortrag |
| Martin Schmiedecker | SBA Research | Turning Incident Response to Eleven | Vortrag |
| Johannes Dahse | RIPS Technologies | An Advent Calendar full of PHP Security Bugs | Vortrag |
| Victor van der Veen | Vrije Universiteit Amsterdam | Drammer: The Making-Of | Vortrag |
| Mario Heiderich | Cure53, RUB | My Sweet Innocence Exposed - Eleven Reasons why we will all miss you, 'e' | Vortrag |
| Nicolas Gregoire | Nearly generic fuzzing of XML-based formats | Slides | |
| Enno Rey | ERNW | Properties of IPv6 and Their Implications for Offense & Defense | Vortrag |
| Matthias Schmidt | 1&1 | Technical Security at a large ISP | Slides |
| Florian Kohlar | KPMG | Tales from an IT-Security consultant | Vortrag |
| Ange Albertini | Beyond your studies - You studied X at Y. Now what? | Vortrag | |
| Mathy Vanhoef | KU Leuven | KRACKing WPA2 and Mitigating Future Vulnerabilities | Vortrag |
| Johannes Dahse | RIPS | State-of-the-art PHP Exploitation Techniques | Vortrag |
| Michele Orrù | All your sessions are belong to us | Vortrag | |
| Gertjan Franken | KU Leuven | Who left open the cookie jar? | Vortrag |
| Rene Freingruber | SEC Consult | An overview on modern fuzzing techniques | Vortrag |
| Jens Müller | RUB | "Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails | No recording |
| Hauke Gierow & Tim Berghoff | G Data | "How not to get the Cybers" - Talking with media representatives about infosec | No recording |
| Christian Becker | Context | Red Team Exercises - A case study | Vortrag |