• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Browse and search Google Drive and Gmail attachments (plus Dropbox and Slack files) with a unified tool for working with your cloud files. Try Dokkio (from the makers of PBworks) for free. Now available on the web, Mac, Windows, and as a Chrome extension!



BSidesVienna | Ninjacon 11 Schedule


Subject to change.... cos things happen you know ;)


BSidesVienna | Ninjacon 11: Schedule


Name Collin Mulliner
Bio PhD Student, Mobile Phone Hacker
Presentation Title Hacking NFC and NDEF, why I go and look at it again

In 2008 I started looking at NFC (Near Field Communication) mobile

phones and NFC-based services. For some time not much happened with NFC.

Now NFC seems to get a 2nd chance. Therefore it makes sense to go back

and see what has changed and what is new.


In this talk I will give an overview of my and other people's work on

NFC security. I'll present some tools I've written and some bugs I've

found. I'll show how early NFC services worked and how to mess with

them. This should be especially interesting for people from Vienna as

Vienna hosts a variety of NFC field test installations. The talk will

end with stuff thats new and things to look at in the future.


All in all, a mix of old and new. Main goal: getting you interested and


Further Info http://www.mulliner.org/nfc/ (old work)
 Name Franz Lehner

Franz "hamtitampti" Lehner is 37 years old and from Austria.

He has been participating in the Xbox/GameCube Linux project since the very beginning and was member of the Xbox Security Breaking and Reverse Engineering Team.

He works at IKARUS Security Software in the Field of Embedded Security Design and Industrial Security


Presentation Title SmartMeter - Hacking Digital Measuring Devices

"SmartMeter - Hacking Digital Measuring Devices"

- Actual Design Concepts & Problems

- Identity Problems

- Existing Attacks to Digital Meters

- Existing Security Problems and Risks

- Existing and upcoming Attacks & Attack Vectors

Further Info http://events.ccc.de/congress/2003/fahrplan/speaker/448.en.html http://ikarus.at 
Name Aluc
Bio Started in the mid '70s to play with computers and was fas drawn into them. Later run only on *nix systems. in the mid '80s start in the Information Security from 1987 'till 2002 working in the Information Business in both hostile and non-hostile environments. Became freelancer in 1993 -2010 and now CIO in a mid-size company (11000 people in 36 branches). SideProjects: Host of Aluc.TV/Aluc.Radio, Contact Person for Daito-Ryu (a jap. Martial Art) in Germany, organizer of the BerlinSides.
Presentation Title The engineering part of social engineering, or why just lying your way in don't get you anywhere.

All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.




Needed Skillset:

-physical (ie.NLP)

-logical Customer Preparation:

-theoretical models of attack

-check customer needs by his business


Preparation & Reconnaissance:

-threat modeling



Project Planing:


-the target


-fetching data/reaching the target


-backup plans


Find & fetch the data:

Exfiltrate the data:

Writing report:

Business impact analyses:

customer meeting:

Further Info  
Name Iftach Ian Amit
Bio With more than 10 years of experience in the information security industry, Iftach Ian Amit brings a mixture of software development, OS, network and Web security expertise as the VP Consulting of the top-tier security consulting and research firm Security Art. Prior to Security Art, Ian was the Director of Security Research for the Content Security Business Unit at Aladdin Knowledge Systems, where he created the AIRC (Attack Intelligence Research Center). Prior to joining Aladdin, Amit was Director of Security Research at a global Internet security company, leading its security research while positioning it as a leader in the Web security market. Amit has also held leadership roles as founder and CTO of a security startup in the IDS/IPS arena, developing new techniques for attack interception, and director at Datavantage responsible for software development and information security, as well as designing and building a financial datacenter. Prior to Datavantage, he managed the Internet application and UNIX worldwide. Amit holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.
Presentation Title Data Exfiltration - not just for hollywood

The industry is saturated with penetration testing experience and have adapted itself to test organizations using "best practice" methodologies over the past decade or so. With not a lot of changes happening in the field, organizations find themselves on the defense with not a lot to account for when data breaches happen. In this presentation we will offer an alternative view of how a security test is done, with a strong focus on data exfiltration techniques employed by advanced attackers and criminals. After an overview of how the initial phases of how an attacker would infiltrate a business (common knowledge), we will explore the targeting considerations when choosing what to look after, as well as advanced techniques for getting the data out without being detected.


Finally, some approaches to data monitoring and control would be proposed in order to mitigate the techniques that are already in place and have affected large organizations.

Further Info  
Name Michael Kemp
Bio Michael is an experienced UK based security consultant, with a specialization in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), British Telecom, and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for Xiphos Research Labs (which he has no choice in as he is company co-founder). When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person. Mike has previously presented at security conferences in Jakarta, Hawaii, New York, Vienna, Los Angeles, Warsaw, Prague, Holland, Zagreb and London (on subjects as diverse as virtualisation, malware, and why the government sucks), and is always keen to embarass himself in new and exotic locales.
Presentation Title When I Grow Up I want to be a Cyberterrorist

Computer mediated terror is big business. Books get written. New reports get recorded. Every time a teenager discover LOIC and 4chan it makes headlines. 'Experts' have warned for years of the likelihood of an 'electronic pearl harbour'. Even John McClane and Hollywood have got into the fray. So, who are the cyberterrorists, and how will they cause the downfall of civilisation? This talk examines some of the more ridiculous claims made about computer mediated attacks on CNI (Critical National Infrastructure) as well as providing details of how terrorists could actually cause harm should they actually know what they are doing. As well as addressing weaknesses in the critical infrastructure of the UK and further afield, it discusses specific attacks (that may well work) as well as practical countermeasures. The talk also addresses the politics of fear, and how a fundamental misunderstanding (or misappropriation) of both technology and the 'terrorist' mindset is leading to a clampdown on network freedoms, and what can be done about it (other than blowing up power stations and telco backbones).


It should be noted that the author is risking getting on all manner of 'watch' lists to deliver this talk. Talk may contain strong language / nudity and be unsuitable for younger viewers.

Further Info  
Name Bojan Zdrnja
Bio Presentation will be held by Bojan Zdrnja and Branko Spasojevic. Short bio's below: Branko works as a technical security consultant at INFIGO IS, a Croatia based security company. Besides hacking web sites during day, he develops plugins for IDA Pro that aim to help reverse engineers jump over obfuscation obstacles planted by malware authors. Branko previously presented at the 27C3 conference and BSides Berlin. Bojan is a senior security consultant at INFIGO IS. Besides his day job, he is probably most well known for his SANS Internet Storm Center diaries where he has been dissecting various attacks and malware for years. This resulted in Bojan co-authoring SANS' popular GREM course/certificate. Bojan has been speaking at various conferences around the world, including AusCERT and Cybersecurity Malayisa (to name a few). He holds CISSP, GCIH and GCIA certificates.
Presentation Title Staying low: how FakeAV flies under the AV's radar

In last couple of years, FakeAV has arguably become the most prominent rogue application installed on hundreds of thousands of client PCs. At the same time, FakeAV continues to evolve in order to successfully fly under the real AV's radar.


The aim of this presentation is to explore some secrets behind FakeAV.


We will start by analyzing modus operandi of several FakeAV groups: automatic poisoning of search engines with latest search trends in order to drive visitors to their pages as well as multi layered architecture that is used to make their infrastructure as resistant as possible.


Besides this, we will pay special attention to client binaries that get dropped on victim's machines since these are the real cash maker for the FakeAV guys - how do they manage to stay one step in front of the real AV products and what do they really do once a machine is infected.

Further Info http://isc.sans.edu/diary.html?storyid=9085 (and much much more that has not been published yet :)
Name Daniel Peck
Bio Peck is a Research Scientist at BarracudaLabs. His current interest is in applying social media analysis to existing security solutions. Other notable research includes being the co-creator of Caffeine Monkey, a tool for performing behavioural profiling of javascript, and demonstrating arbitrary firmware uploads to control system devices ethernet cards. He has a BS in Computer Science from the Georgia Institute of Technology.
Presentation Title The Dark Side of Social Media: Measuring & Analyzing Malicious Activity On Twitter and Facebook

Social networks are becoming the way that non technical users interact with the rest of the world on the web, using them as forums, search engines, and publishing platforms. This popularity (and explosive growth rate) coupled with the the accessible API and an environment that foster a false sense of trust make it easy to spammers and attackers to exploit.


In this talk, we discuss the scale and history of malicious activity on social media, and, based on a comprehensive research study, we demonstrate how attackers respond rapidly to the large increases of users driven by celebrity attention, as well as review attacks across trending topics, URL shorteners, and applying ML techniques to reveal associations between users and establish the beginnings of a trust model that can be applied to users across multiple social networks.

Further Info http://profileprotector.com http://www.barracudalabs.com/downloads/2010EndyearSecurityReportFINAL.pdf
Name Arron "finux" Finnon
Bio Arron M Finnon, aka "Finux" is now a full-time student at the University of Abertay Dundee's Ethical Hacking and Countermeasures BSc course, and has been involved with ethical hacking for a little over 4 years. After spending some amount of time as an independent security consultant and researcher, in 2010 finux returned to university to resume his studies. During the past 4 years, finux has produced a number of talks and delivered them throughout the UK, in addition to his passion for podcasting. During his podcasting carer he has produced over 40 shows predominately focused on security concepts and its practitioners. In 2009 he was awarded the SICSA Student Open Source Award for his Advocacy of Free and Open Source software. He know runs a weekly podcast show about technology, and security matters named; Finux Tech Weekly, which can be found at www.finux.co.uk
Presentation Title Attack UPnP - The Useful plug and pwn protocol

Attack UPnP - The Useful plug and pwn protocol


Universal Plug and Play protocol (UPnP) can be described as a set of networking protocols that allow a type of seamless discovery and communication between other UPnP devices. Data sharing capabilities are just the beginning of UPnP's remit, in some cases UPnP devices can actually make permanent configuration changes to one and other. The aim is a type of hassle free configuration environment, aiming to give its users that "just works" feeling, like the plug and play technology of hardware. However hassle free configuration can ultimately mean hassle free hacking.


The talk looks at how an attacker can deploy a series of incredibly simple yet effective attacks against a wide range of UPnP devices such as routers found in many homes today, and why those very routers are ill equipped to defend against them. With one simple command it is possible to open an internal port to an external port without authentication or stamp within the routers access logs. Attacking the very fabric of UPnP's implementation to gain a very real presence on a network.


Early in 2008 researchers from the Information Security Think Tank, GNUCitizen.Org developed a blended attack against British Telecoms Home hub routers. The attack used a flash based XSS attack to change the home hubs DNS settings. However exposing a routers DNS requests to an outside server is a trivial process, especially as no authentication is required. In 2009 the conficker worm also used UPnP to break through NAT and to aid in its propagation, we still see very little in the way of mitigation our countermeasures towards these threats.


Its easy to see why many technologically minded people argue turning this protocol off, however it is not always as simple as it would first appear. Much functionality of very popular devices and applications would be lost, in addition for it not being the most user friendly process to be invented. With concerns about this same technology in the future being used in smart homes the threat can only become bigger.

Further Info  
Name Michael J. Graven
Bio Michael J. Graven is a director at MANDIANT, a leading incident response firm for Fortune 500 companies, governments and financial institutions. Michael has worked on internetworks and system security since 1989, in environments as large as AT&T and Netscape and as small as twenty-person start-ups. He earned degrees at Northwestern University and Stanford University. He is a native Californian and a snowboarder, but he does not surf.
Presentation Title Finding evil in live memory using free tools

Live memory forensics is a fun way to find an attacker's footprints on a machine.


I'll provide a brief introduction to the basics of memory forensics on Windows systems, then show how to use several free tools to investigate a running system (or a memory image) for indications that an attacker has compromised it. And not just strings, grep and awk either


I'll show real structured data from the kernel that brings shenanigans to light in a way that can be used on one or thousands of machines.

Further Info  
Name Wolfgang Ettlinger and Stefan Viehböck

Students at University of Applied Sciences Hagenberg (Secure Information Systems) with an interest in low level security and reverse engineering

Presentation Title Evil Core Bootkit - Pwning Multiprocessor Systems

Unlike conventional bootkits the “Evil Core” proof of concept initializes a secondary

CPU/core which runs code to manipulate the physical memory while the operating

system is booted on the first core. No interrupt hooking is used for memory



After the operating system has booted, the "Evil Core" still has access to

the physical memory. By finding binary patterns/strings and replacing them,

the secondary core can insert new code into kernel-/userspace processes.


Our proof of concept works with (but is not limited to) Windows XP/7 (x64)

and comes with several features including PatchGuard (KPP) and Code

Integrity evasion.

Further Info  
Name Maciej Pasternacki
Bio Maciej (http://twitter.com/mpasternacki), freelance programmer-sysadmin (or "a devops guy"), originally based in Poland, currently lives mostly in Vienna. He has managed Linux servers, both metal and cloud, since his teens. Did also a fair amount of programming in various languages (including even Fortran 77 and Common Lisp). Since mid-2009 works with http://www.setjam.com/ and http://www.getrefinder.com/, coding mostly Python and Ruby and maintaining infrastructure for these Django-based Web projects. In November 2010 started a monthly Viennese Devops Meetup in Metalab.
Presentation Title Living In The Cloud

Cloud computing - virtualized computational resources available on demand as a service - is nothing new now. Even so, it can still challenge our assumptions and previous knowledge on system architecture and administration. Programmatic access to infrastructure provides great flexibility and makes dynamic scaling and truly agile infrastructure possible; however, volatility of this infrastructure can be downright scary.


I will give an overview of architectural possibilities and challenges that are specific for cloud infrastructure, based on personal experience and best practices from around the Web.

Further Info  
Name Stefan Friedli
Bio Stefan Friedli is a senior security consultant and leads the red team at scip AG in Switzerland. He is also one of the founders of the PTES (Penetration Testing Execution Standard, http://www.pentest-standard.org) which, much like this talk, tries to fix penetration testing. He also organizes the hashdays conference in Switzerland.
Presentation Title THE 99c HEART SURGEON - How to fix penetration testing.

Let's assume you need heart sugery. I hope you don't, but let's just stick with it for a minute. How much would you be willing for someone to fix it and who would you hire to do it? If you are a suicidal emo kid, please do not answer, you are ruining the point here. Here's the thing: People want someone suitable and knowledgable to cut them open and sew them up again and they are willing to pay good money for it. Here are two things you don't want to do:


1) You don't want to hire some old drunk with a pocket knife and a sewing kit from the dollar shop which claims to fix your heart for 100 bucks.


2) You don't want to hire the same guy for 100'000 bucks when he's wearing a white coat and got shiny high tech tools because the last guy paid in advance...


What does this have to do with penetration testing? More than we like, unfortunately. I have met companies that invested thousands of dollars, expecting a pentest and getting a spiced up Nessus report as a result. More subtle nuances of "crappy pentest" might overlook essential threats and leave customers at risk with a false sense of security.


This talk will explore the common mistakes made when performing pentests, which includes the test itself, as well as pre- and post-engagement matters. Also, it applies for testers and customers alike. Also, it might help saving the rainforests.

Further Info http://www.pentest-standard.org
Name Manuel Acanthephyra
Bio Manuel is employed as an academic information security researcher at a competence center in Vienna. Having been hired out of high school and now working on his BSc in Software and Information Engineering, his previous work focuses on cloud storage, social network forensics and mobile security. In his spare time, he breaks, reverses and/or enhances software after growing annoyed with it and is involved with the European Youth Parliament.
Presentation Title

A Midsummer Droid's Dream (grab a drink, come around, let's 

reverse some malware)



We've seen several dozens of malware targeting Android over the last

year. We've never seen a single malware targeting standard iPhones." -

Mikko H. Hypponen, CRO @ F-Secure


Android malware is, as those who follow security news channels will have

noticed, all the rage. While some are quick to blame the openness of the

Market for recent outbreaks and call for "Walled Garden" style app

reviews, any discussion on prevention mechanisms will have to be based

on observations about the actual malware. And how else would you gain

such knowledge than by reversing it yourself?


"But...I don't know how to reverse engineer!" - cool, neither did I

until a few weeks ago. Don't worry, during this talk, we'll get you

there. Our task is made a lot easier by the fact that current malware on

Android is years behind Windows-focused malware in most areas. So, let's

just grab a sample and indulge in a Club Mate-fueled live session of

finding out what lurks behind the scantily clad models in that paid app

we discovered on a cosy warez forum, shall we?


Talk includes swearing (because reversing ProGuard obfuscated apps is a

bitc^Wslightly annoying task), a rant about the sorry state of Android

AV and a sophisticated procedure in which you throw stuff at me if I am

going too fast, blabbering BS or otherwise deserve it.

Further Info  

Armando Romeo


Armando Romeo is the founder of eLearnSecurity, a penetration testing

training company with students from over 61 countries worldwide. He's been a

penetration tester and a security researcher. In 2001, he has founded the

Hackers Center Security Research Team, active in the web application

security research and with dozens of security advisories published from 2003

to 2006.  He currently makes things happen @ eLearnSecurity and manages a

team of renowned authors and instructors, forging new pentesters worldwide.

Presentation Title

Web Application Testing Workshop



If you would like a bit of applied web app hacking this workshop is for you. We will introduce you to Coliseum Web Application Security Lab, an eLearnSecurity project enabling students and hackers to enjoy 100% hands on learning sessions.


Coliseum is a soon to be released framework that makes it extremely easy for security professionals and trainers, to create web application vulnerabilities proof of concepts as well as 100% hands on educational challenges.


You will be given a free account to the hacking labs and educational hacking challenges to have fun with during (and after) the workshop.


You will also learn how to exploit the framework potential to create new battles to challenge your hacker friends or your local chapter.


Hardware Requirements: Laptop (WIFI Req),  Backtrack (Bootable, or VM... TESTED)

Further Info  
Name Peter Stelzhammer, AV-Comparatives e.V.

DOB: 16th May 1971


Studied applied economics/marketing at the Management Center Innsbruck (MCI)

right now doing his MBA "Security Products for Corporate Users"


First IT experience with Amstrad CPC 464 and acoustic coupler in 1983

1991-1996: IT and logistics employee using mainframes with proprietary operating systems in an enterprise environment; subsequent deployment of Microsoft Windows

1996:     Founder of “Innsbrucker kompetenzzentrum IT” – management and IT security consultancy

serving multinational companiens and public authorities (ongoing)


2003: co-founder of AV-Comparatives (ongoing)


Published Books:

Author: Total Cost of Ownership & Green IT                      ISBN: 9783839100929

Co-author: IT Security Products for Corporate Users             ISBN: 978384233431



Constantinus Award (IT)


AV-Comparatives is an independent security-software testing laboratory, which is known for its demanding and objective antivirus-software tests. It is recognised by the major international manufacturers as a leading institute for the development of new test methodology. AV-Comparatives is situated in the heart of Europe, surrounded by the beautiful Tyrolean Alps. An independent team of experts tests the leading antivirus and IT security software. State sponsorship and support from international enterprises make it possible to provide manufacturer-independent, detailed, high-quality test results, free of charge to the end user.

Presentation Title

The dark side of the cloud!  

Where does malware go?



Nowadays malware is evolving. It is straight moving closer to the customer, and it is much harder to be protected. In future you must be afraid of getting kidnapped by your home automation system or getting killed by car2car communictaion. But, one thing has not cahnged: It is all about MONEY

Further Info  




Comments (0)

You don't have permission to comment on this page.