Speakers at Security Fest 2019

These were the speakers at Security Fest 2019.
Thanks for helping us make this conference awesome!

Alex Inführ

Exploring Macros in (Open|Libre)office - Why you should care

In this talk we will explore how file formats can be abused to target the security of an end user or server, without harming a CPU register or the memory layout with a focus on the OpenDocument file format. At first a short introduction to file...

Dave Lewis

Zero Trust & The Flaming Sword of Justice!

Security breaches pervade the headlines. What was seen as a rare instance just 5 years ago now seems to occupy the daily news cycle. A lot of these data breaches are made possible due to missteps and misconfigurations. There are many security issues...

Denis Kolegov

A dive in to SD-WAN Insecure Designs and Vulnerabilities

Today, SD-WAN is a very hot and an attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN). According to Gartner’s predictions study, more than 50% of routers...

Olle Segerdahl

DOMXSS is not Dead

DOMXSS is definitely still "a thing" on the Internet and can be hard to detect, especially if buried in third party JS libraries or under 4 layers of JQuery abstractions. The publicly available tools to detect DOMXSS don't seem to have evolved much...

Hanno Böck

Don't Sniff the MIME

Both browsers and popular web servers include so-called MIME-sniffing functionality. This is an underestimated security risk and a vector for Cross Site Scripting vulnerabilities. When web applications allow file uploads and the web server cannot...

David Fiser

Falling Out of the Sky: Security Risks that can Bring Your Cloud Down to the Ground

As containerized solutions like Docker and Kubernetes started gaining ground, containers were used by organizations as on-premise solutions. They allow developers to spend more time fine-tuning their applications without having to dwell on...

Christoffer Jerkeby

Load Balancer with RCE, Hacking F5

This talk will open up with the question have you heard of F5 load balancing? Or did you ever write code in TCL in your youth? The two questions relate because the language used for defining F5 iRule is a fork of TCL-8.4. Pain: The language have...

Csaba Fitzl

macOS - Gaining root with Harmless AppStore Apps

This talk is about my journey from trying to find dylib hijacking vulnerability in a particular application to finding a privilege escalation vulnerability in macOS. During the talk I will try to show the research process, how did I moved from one...

Samit Anwer

Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it

Since the beginning of distributed personal computer networks, one of the toughest problem has been to provide a seamless and secure SSO experience between unrelated servers/services. OAuth is an open protocol to allow secure authorization in a...

Mazin Ahmed

[CANCELED] Practical Approaches for Testing and Breaking JWT Authentication

Unfortunately, due to an unexpected delay in the visa process, Mazin Ahmed had to cancel his talk at Security Fest. JWT (JSON Web Token) is a popular authentication protocol for delivering stateless authentication. It has been highly popular in...

Harshit Agrawal

Himanshu Mehta

RF Exploitation: Demystifying IoT/OT hacks with SDR

Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols. While other non-WiFi RF protocols remain a...

Calle Svensson

Software Obfuscation with LLVM

Software obfuscation is a method to make programs more difficult to reverse engineer. There are multiple reasons why this is done such as protecting intellectual property, defense in depth or hiding bugs. No matter the reason, there are multiple ways...

Calle Svensson

TRAINING: Basics of Binary Exploitation

Overview Binary exploitation is the topic concerning the finding and exploitation of vulnerabilities in low-level code, particularly machine level code. It is usually considered one of the more complex areas of IT security and some of the exploits...

Jonas Magazinius

TRAINING: CAN Hack! Hands-On Automotive Security Training

Jonas Magazinius (Assured AB) offers an automotive security training called “CAN Hack!”, aimed at anyone interested in the security of connected vehicles. The training combines theoretical lectures with hands-on challenges against a physical, simulated...

Hugo Hirsh

Trust and Sugar

This talk is about two of the cheapest security tools available. We’ll walk through ancient Rome, Greece, and Modern America in search of truths for one of the most prolific, yet invisible problems in IT Security. Without giving too much away, everyone...

Shira Shamban

Your internet is down? It’s cyber warfare, stupid

So you have a firewall, an anti-virus, a sandbox, a super-sophisticated SIEM, but you still don’t feel safe? You’re absolutely right! The reference threat for enterprises, large organizations, infrastructure, and suppliers today is not the random...

See all speakers at Security Fest

SUBSCRIBE TO OUR NEWSLETTER

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.

Get newsletter →