Speakers at Security Fest 2017

Steve Lord

KEYNOTE: Of Unicorns and Replicants

Early in the 21st Century, connected sensor evolution advanced into the economic bubble phase – a term assigned to almost every kind of device imaginable – known as the Internet of Things. Industry unicorns lead the way. Commerce is their goal. More convenient than convenient is their motto. The light that burns twice as bright, burns twice as long, and the unicorns burn so very very brightly. Read more

Aaron Guzman

Don’t Get Caught Em-bed: Finding and Preventing Vulns at its Lowest Level

It’s no secret that embedded systems surround and control our daily lives. Embedded device and system manufactures have long prioritized code quality and/or user experience over application security. As devices become more interconnected to each other, it is becoming apparent that change is needed throughout the industry. Read more

Csaba Fitzl

How to convince a malware to avoid us?

Malware authors try to hide from malware analysts or security researchers with plenty of techniques. They can seriously make it hard to analyze their code or simply run the malware on automated tools for mass scale analysis. People are developing more and more tools, ideas about how to overcome all of these challenges. However there has been very little public research about how we could utilize this against the malware itself for our benefits. Read more

Frans Rosén

DNS hijacking using cloud providers – No verification needed

A few years ago, Frans and his team posted an article on Detectify Labs regarding domain hijacking using services like AWS, Heroku and GitHub. These issues still remains and are still affecting a lot of companies. Jonathan Claudius from Mozilla even calls “Subdomain takeover” “the new XSS”. Since then, many tools have popped up to spot these sorts of vulnerabilities. Read more

Calle Svensson

When all else fails – Reverse engineering with determination

There is a Swedish proverb, “All methods are good except for the bad ones” which applies very well to reverse engineering. Sometimes targets elude the usual methodologies of reverse engineering and the need for alternative ways to the goal arises. This lightning talk is a sample of war stories from the fields (or playgrounds) of picking apart and understanding systems. The targets give rise to methods ranging from unusual to plain silly and shows that with determination and some creativity, even the most strange of challenges can be mastered. It will feature reverse engineering hardware curcuits as well as compilers created for the sole purpose of messing with people foolish enough to try to reverse engineer it and possibly some strange architecture or two. Read more

Mathias Karlsson

Self XSS: we’re not so different, you and I

Self-XSS is a type of XSS defined by the fact that it only affects the currently authenticated user. Harmless at first sight, but with the right premises Self-XSS is just as dangerous as good old regular XSS. Read more

Emma Lilliestam

Internet of Scientific Curiosity – What I found out using my home and body as an IoT test lab

Internet of Things is a toolbox, and as any tool it can be used for good and for bad. Applying a
hacker mindset and using my own home and body, I’ve explored the prerequisites for doing IoT in
an ethical and secure – and fun – way. Issues range from insecure components and privacy invading
business models to issues about regulation and lack of regulation. And – most importantly – culture. Read more

Ulf Lundin

SWEMAL – automated malware analysis on the whole Swedish web

This software visits all domains on the Swedish web and examines the HTML/JS code for malware like redirect gateways and URL
patterns related to exploit kits. The talk will cover how to retrieve and shorten the URL list, how the main program works, lessons learned
during the project, and how the results were verified. Read more

Dave Lewis

When the Walls Fell: Barbarians in the Throne Room

Often defenders worry about the intangible security problems. Defenders need to concentrate their efforts defending the enterprise by focusing on the fundamentals. Too often issues such as patching or system configuration failures lead to system compromise. These along with issues such as SQL injection are preventable problems. Defenders can best protect their digital assets by first understanding the sheer magnitude that a data breach can have on an enterprise. Read more

More information about Security Fest

Please sign up now to recieve information as soon as it becomes available.