Troopers 2012 – Final round of talks selected

It’s done. The exciting (and demanding) process of selecting talks for Troopers is complete (for the record: second round of talk selection was here, the first here).

We’re quite happy and looking forward to the event 😉



Rodrigo Branco: Into the Darkness – Dissecting Targeted Attacks

The current threat landscape around cyber attacks is complex and hard to understand even for IT pros. The media coverage on recent events increases the challenge by putting fundamentally different attacks into the same category, often labeled as advanced persistent threats (APTs). The resulting mix of attacks includes everything from broadly used, exploit-kit driven campaigns driven by cyber criminals, to targeted attacks that use 0-day vulnerabilities and are hard to fend off – blurring the threat landscape, causing confusion where clarity is most needed.

This presentation analyzes a specific incident, last March’s RSA breach, explaining the techniques used by the attackers and detailing the vulnerability used to gain access to the network. It further explores the possible mitigation techniques available in current software on the OS and application level to prevent such attacks from reoccurring.

Bio: Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previously, as the Chief Security Research at Check Point he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America.



Carsten Amann: Security can not only Be Managed by Numbers – You Need More

Abstract: From “the management’s perspective” IT security is usually reduced to key performance indicators. Those indicators tend to leave some room for interpretation, especially for top management people. This room for interpretation can lead to decisions which do not only not improve the security level, but might actually decrease it.

The presentation will give an overview how IT security should be “managed by numbers”, to provide transparency and to gain the trust of the top management.

Bio: After his business information systems studies Carsten Amann started his career with a very large consulting company. He was assigned in managerial positions to software implementation projects for different clients. In 2007 he continued his career with a global supplier for technology and services. There he was initially responsible for the global IT security operations (virus protection, encryption, anti-spam etc.). After this assignment he took over the responsibility for the IT-Client topic (operating system, software distribution). Then he took over the responsibility for services within a product area.



Manuel Leithner: Cloud Storage and Its Implications on Security and Privacy

Abstract: With everything moving to the cloud nowadays, security and privacy is often left behind. An ever increasing number of cloud storage operators offer low cost online storage. In this talk we will present our results on the popular service Dropbox, which relied heavily on data deduplication for better user experience. While data deduplication is a straight forward way to decrease costs in terms of bandwidth and storage, it has implications on privacy and security of user data if done wrong – there ain’t no such thing as a free lunch. We will furthermore present methods how data deduplication can work correctly.

Bio: Manuel was introduced to information security while graduating from a technical college and has done research in the areas of mobile security, cloud computing and compile-time obfuscation. He has appeared on national television, podcasts and possibly Chinese security blacklists.

Furthermore, he’s known to use presentations with an average of 0.3 words per slide.



Piotr Cofta: Security professionals  – plumbers of trust

Abstract: Trust is a foundation of security, so that it is often overlooked. The presentation analyses trust from the perspective of an information security professional. It discusses what trust is, how it is structured and what can be done about it, beyond the familiarity of trust assessment or trust management. As a result, participants will develop professional insight into trust.

Bio: Dr. Piotr Cofta is managing Security Transformation, having moved from his role as a Chief Researcher, Identity and Trust. Before that, he has been working for many years for Nokia and for Media Lab Europe, concentrating on the relationship between trust, risk, technology and society.

Dr. Cofta is a contributor to several international standards; he publishes and speaks frequently. He is an author of several patents and publications, from areas such as trust management, identity and privacy, digital rights management and electronic commerce. He is a CISSP and a senior member of IEEE. You can contact him at or at



Frank Block & Michael Thumann: Some Notes on Web Application Firewalls or Why You still Get Owned

Abstract: This talk illuminates Web Application Firewalls (WAFs), with particular focus on the negative detection model. It will present methods how they can be fingerprinted and circumvented in order to demonstrate the wrong feeling of security they might create. Furthermore the tool tsakwaf (The Swiss Army Knife for Web Application Firewalls) will be covered, a little script written in perl that includes various code generation functions for circumventing WAFs and a fingerprinting routine to identify supported WAFs.

Of course there will be some nice demos to prove the point and the speakers will also share their experience from daily web application pentest tasks. Finally, as a special gift, an enhanced version of TSAKWAF will be released at Troopers.

Bios: Frank Block is a security consultant working for ERNW GmbH and penetration tester focusing on web application pentests. One of his passions is the analysis of security mechanisms to find ways to circumvent those.

Michael Thumann is the Chief Security Officer and the head of the ERNW’s application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and buffer overflows in web servers or VPN software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first German book on pentesting that has become a recommended reading at German universities.

In addition to his daily pentesting tasks he is a regular conference-speaker (incl. several Black Hat events, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and to reverse almost everything to understand the inner workings.



Johnny Deutsch: The Social Map

Abstract: In our talk we will discuss about the threats that social networks pose on organizations. We will display case studies from our clients that have encountered unwanted exposure on account of their employees or social network applications. The talk addresses issues, such as using the social network as a bed for corporate intelligence gathering, how do users interact with their co-workers and how can we infer from usage trends on the corporate social network policy.

We will demonstrate a variety of issues that corporations must think of when deciding to go on to the social networks. One of the most relevant usages on these networks is to harvest personal data and perform some data visualization tools, such as “Touch Graph”. This application performs this by mapping your friends, dissecting them into groups and creating a map of the employee’s social connections. The map is a good indicator of “closed groups”, a reference that indicated from where these people connect\relate to the employee. A tool that we manufactured for our cyber-services department can achieve a unique feature that enables intelligence gathering on people that user is directly related to or has social ties with. This tool creates a visualization of social circles that are not directly related to your profile, by gathering information that is open for the pubic on Facebook and displays it as a map of connections. In our talk we will display usage cases of the tool and how it relates to our social policy methodology.

Bio: Johnny Deutsch is a manager in the Advisory Services practice of Ernst & Young LLP. Johnny leads the cyber warfare and crime section at Ernst & Young?s Hacktics Advanced Security Center (HASC) based in Tel Aviv, Israel. This cutting-edge security team is dedicated to conducting attack and penetration assessments for EY clients. In this role Johnny is in charge of developing new methodologies and performs cyber vulnerability assessments for HASC clients. Johnny has over 10 years of experience in the field of IT systems and security specializing in large scale VoIP systems and data networking. Prior to Johnny`s employment at HASC, he was a consultant at the Israeli Ministry of Defense and managed large scale projects in the field of IRM (Information Rights Management) and NAC (Network Access Control) systems. Prior to the MoD, Johnny was employed by an American sub contractor for the American Department of Defense and managed projects in the field of cellular communication and its integration of VoIP based PBXs. Prior to the DoD, Johnny served in the Israeli Defense Force and managed integration projects in the field of enterprise storage systems (Netapp) and enterprise WAN communications. Johnny is an active reserve duty officer in the Israeli army at the rank of Lieutenant.




See you @Troopers, take care


Leave a Reply

Your email address will not be published. Required fields are marked *