Over one of the recent long weekends I attended the 17th “Gulaschprogrammiernacht”, or “GPN17” for short, in Karlsruhe, the largest CCC Event after the Chaos Communication Congress with roughly a thousand attendees. The name literally translates to “goulash programming night”, which makes about as much sense as the German version. Despite the name it lasted from Thursday to Sunday, had a much wider scope than just coding and offered various other (incl. vegan) dishes besides goulash. As an active member of the CCC community I planned on attending it anyway, but submitted my talk about Automated Binary Analysis in case there was interest. I didn’t anticipate that much interest given that it was a fairly theoretical IT-Security topic at an event that was not focused on IT-Security, but nonetheless the hall was filled with people from various backgrounds like math, formal verification and software optimization. The talk was an improved version of the one I gave at Bsides Ljubljana, incorporating feedback I received and new things I had learned since then. The English slides are available here, the recording of the talk in German can be found here.Continue reading
At CSA, I was talking about hypervisors, breakouts and an overview of security measures to protect the host. (Slides)
This ranged from the basic features some hypervisors provide out of the box to advanced features like SELinux, device domain models and XSM-FLASK. Continue reading “CSA Summit CEE and BSides Ljubljana 2017”
This was one of the few technical talks at 33c3 I managed to see, by that I mean live-stream during an access control shift, by Clémentine Maurice and Moritz Lipp.
The talk gave an overview of some already known possible information leaks by abusing certain x86 instructions(the same concept applies to ARM too though) and demonstrating the various ways an attacker could use them. Continue reading “33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?”Continue reading