Troopers15 – Second Round of Talks Selected

As we promised some days ago when we published the first round, here we go with the second:

Mike Ossmann: RF Retroreflectors, Emission Security and SDR

Synopsis: The leaked pages from the NSA ANT catalog provided a glimpse into the modern world of emission security. Extending beyond passive monitoring of unintentional emissions, today’s spooks employ active attacks with tools such as RF retroreflectors. I’ll report on my experiments to reproduce such techniques with open source hardware and software, primarily using SDR.

Bio: Michael Ossmann is a wireless security researcher with more than a decade of experience teaching network management, information security, and software radio courses. He has spoken at hacker conferences such as ShmooCon, DEF CON, and ToorCon, and he founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.

At Troopers13 he presented on “Introducing Daisho – Monitoring Multiple Communication Technologies at the Physical Layer“.
And, of course, at Troopers15, again, he will give his great 2-day “Software Defined Radio” workshop.


Ivan Pepelnjak: Automating Network Security         FIRST TIME MATERIAL

Synopsis: Networking and security vendors love to talk about their software-defined solutions and automation… but can we really deploy the products they’re advertising, and if we can, will we get the benefits the vendors and industry press promise?
This session will describe typical real-life deployment scenarios, from cloud orchestration systems to Puppet- or Ansible-driven device configurations, and x86-based open source solutions. It will also point out typical pitfalls including the need for application deployment process reengineering, and lack of scale-out management and auditing tools.

Bio: Ivan Pepelnjak, CCIE#1354 Emeritus, has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He’s the author of several Cisco Press books, prolific blogger and writer, occasional consultant, and creator of a series of highly successful webinars.

At Troopers15 he will also give a talk about “IPv6 Microsegmentation Done Right ” at the IPv6 Security Summit and a 1-day workshop “Software Defined Data Center” on Mar 17th (Tuesday).
At Troopers14 he gave the “Software Defined Networking and Security” talk and contributed to the IPv6 Security Summit with a talk on “IPv6 High Availability Strategies“.


Eric Vyncke: Routing Header Is back… Should We Panic?          IPv6 Security Summit

Synopsis: Segment routing is a new Working Group at the IETF, its goal is to make traffic engineering more scalable by removing state on the service providers core routers. There are two flavors of segment routing: one for MPLS and one for IPv6. The IPv6 segment routing uses a new version of the routing header which of course raises security concerns. The talk will briefly explain how segment routing for IPv6 works, why Routing Header type 0 was deprecated by the IETF with RFC 5095, why other types of routing header are safe for use. Then, the security aspect of segment routing for IPv6 will be detailed.

Bio: Eric Vyncke is a Distinguished Engineer based in the Brussels office of Cisco Systems. His main current technical focus is about security and IPv6. He has designed several secured large IPsec networks and other security related designs.
In his work for the IETF, he co-authored RFC 3585, 5514, 7381 and 7404 and is active in V6OPS, 6MAN and OPSEC working groups. His recent works are related to IPv6 including co-authoring a book on IPv6 Security; he also authored a book on layer-2 security.
Eric is the current co-chair of the Belgian IPv6 Council. is well-known for several years to collect statistics about IPv6 deployment.
He is also a visiting professor for security topics at the University of Mons. He is an adjunct professor at HEC, the business school of University of Liège, Belgium and he holds a CISSP certification, is a member of ISSA and speaks frequently at international conferences.

At the Troopers14 IPv6 Security Summit he gave a talk on “How to Securely Operate an IPv6 Network“.


Andreas Wiegenstein & Xu Jia: I know what You Coded last Summer         SAP Security Track

Synopsis: Are you aware that each of your SAP production systems statistically contains 9 security vulnerabilities in your own ABAP code that allow attackers to gain SAP_ALL privileges and thus take over complete control?
This talk deals with an area usually ignored in SAP security concepts: custom code. It unveils unpleasant statistical results based on a code study of more than 200 large companies across the world that run
SAP. It shows the most common and most critical security defects that exist in ABAP applications and provides guidance on how to deal with them.

Bios: Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed countless SAP security audits and received credit for more than 70 SAP security patches related to vulnerabilities he discovered in the SAP standard.
As CTO, he leads the Virtual Forge Research Labs, a team focusing on SAP specific research and security solutions.
Andreas has trained large companies and defense organizations on SAP security and has spoken at multiple SAP-specific conferences (like TechEd and SAPience) as well as at general security conferences such as
Troopers, Black Hat, HITB, DeepSec and RSA. He researched the ABAP Top 20 Risks published by the German Federal Office for Information Security (BSI), is co-author of the first book on ABAP security (SAP Press 2009) and wrote the security chapter of the ABAP Best Practices Guideline for DSAG, the German SAP User Group. He is also member of, the Business Security Community.

At Troopers11 he gave a legend talk on “SAP GUI Hacking” which is constantly among the Top10 most downloaded presentations from the Troopers archives since then.
At Troopers12 he talked about “Real SAP Backdoors“.
At Troopers13 he gave the “Ghost In The Shell” talk, together with Xu Jia.
In the course of the SAP Security Track of Troopers14 he presented on “Risks in Hosted SAP Environments“, together with Xu Jia.

Xu Jia is researching SAP security topics since 2006. His focus is on static code analysis for ABAP and he is the lead architect for a commercial SCA tool.
Working in the CodeProfiler Research Labs at Virtual Forge, he also analyzes (ABAP) security defects in SAP standard software.
Xu has received credit for more than 30 security advisories where he reported 0-days to SAP, including multiple new forms of attack that are specific to SAP software. He already presented some of his research at Troopers 2013 and 2014 in Heidelberg.


Attila Marosi: Hacking FinSpy  – a Case Study about how to Analyse and Defeat an Android Law-enforcement Spying App        FIRST TIME MATERIAL

Synopsis: Most possibly there is no need to make a long introduction when speaking about the famous FinSpy application, a product of the company FinFisher from Gamma Group.
In this case study I will present how I reverse engineered this law-enforcement tool and I also will share the results of the analysis in detail (configuration and installation process, cryptography solutions, control mechanism). Because it is a case study I will present which techniques and tools I used during the analysis. How to analyze an Android application quickly to get a basic view from it and after then how to analyze it deeply, how to patch it, and how to defeat obfuscations and the self-checks. Walking on this way I had some successes and mistakes as well, both are good to share to learn from it.
The result of this analysis was quite disappointing because this tool has several serious weaknesses on multiple part of it, which is unacceptable from a law-enforcement spying tool.
A test/analysis without proof-of-concept codes are nothing so at the end of the lecture I will present my scripts to demonstrate how to hijack the control of the application perfectly and to show how to loot the collected data from the phone (call logs, SMS, contacts, every what the app has collected on the device).

Bio: Attila Marosi has always been working in information security field since he started in IT. As a lieutenant of active duty he worked for almost a decade on special information security tasks occurring within the Special Service for National Security. Later he was transferred to the newly established GovCERT-Hungary, which is an additional national level in the internationally known system of CERT offices. Now he works for the SophosLab as a Senior Threat Researcher in the Emerging Thread Team to provid novel solution for the newest threats.
Attila has several international certificates such as CEH, ECSA, OSCP, OSCE. During his free time he is reading lections and does some teaching on different levels; on the top of them for white hat hackers. He presented on many security conferences including HackerHalted, DeepSEC, AusCERT, Troopers, and Ethical Hacking.

At Troopers14 he presented on “Easy Ways To Bypass Anti-Virus Systems“.


More talks to follow in a few days, so stay tuned ;-).

See you @Troopers & have a great weekend everybody




Leave a Reply

Your email address will not be published. Required fields are marked *