Please find details for all talks here.

Two Days of Trainings (27./28. November)

Workshop 01 Workshop 02 Workshop 03 Workshop 04 Workshop 05
Fundamentals of Routing and Switching for Blue and Red Team
Paul Coggin (Financial Institution)
Security Risks in Cellular Networks: Phone, RAN, and Core (closed)
David Burgess (YateBTS)
Malware Analysis Intro
Christian Wojner
Attacking Internet of Things with Software Defined Radio
Johannes Pohl (Hochschule Stralsund)
Hunting with OSSEC
Xavier Mertens (Freelance Cyber Security Consultant / SANS ISC)
Workshop 06 Workshop 07 Workshop 08 Workshop 09 Workshop 10
Mobile App Attack 2.0 (closed)
Sneha Rajguru
Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation
Dawid Czagan (Silesia Security Lab)
Advanced Infrastructure Hacking
Anant Shrivastava (NotSoSecure)
ERP Security: Assess, Exploit and Defend SAP Platforms
Pablo Artuso & Yvan Genuer (Onapsis)
Advanced Penetration Testing in the Real World
Davy Douhine & Guillaume Lopes (RandoriSec)

All Trainings cover two days (from 09:30 to 18:30 every day) and include Lunch and two Coffee Breaks.

Two Days of Conference (29./30. November)

Throughout the conference you will get the opportunity of meeting experts at the Hacker's Lounge to discuss security issues and see demonstrations.

Conference, day 1 - Thu, 29 Nov
Left Pirouette Right Pirouette Riding School (ROOTS)
08:00 Registration opens
09:00   Opening DeepSec 2018
DeepSec Organisation Team (DeepSec In-Depth Security Conference)
09:10   Keynote: We're All Gonna Die
Peter Zinn
10:00 Uncovering Vulnerabilities in Secure Coding Guidelines
Fernando Arnaboldi (IOActive)
Without a Trace – Cybercrime, Who are the Offenders?
Edith Huber & Bettina Pospisil (Donau-Universität Krems)
Keynote: Automatic Exploitation - The DARPA Cyber Grand Challenge, what came after, and what is next
Kevin Borgolte (Princeton University)
10:50 Coffee Break
11:10 IoD - Internet of Dildos, a Long Way to a Vibrant Future
Werner Schober (SEC Consult)
Moving Money: Inside the Global Watchlist for Banking across Borders
Jasmin Klofta & Tom Wills (Investigative Reporter NDR/ARD (Germany) & Datajournalist The Times of London (UK))
How Android's UI Security is Undermined by Accessibility
Anatoli Kalysch (Friedrich-Alexander-Universität Erlangen-Nürnberg)
12:00 Suricata and XDP, Performance with an S like Security
Eric Leblond (OISF)
Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel (Assured Information Security)
The Swift Language from a Reverse Engineering Perspective
Malte Kraus & Vincent Haupert (Friedrich-Alexander University Erlangen-Nuremberg)
12:50 Lunch
14:00 Efail and other Failures with Encryption and E-Mail
Hanno Böck (-)
Defense Informs Offense Improves Defense: How to Compromise an ICS Network and How to Defend It
Joe Slowik (Dragos)
Library and Function Identification by Optimized Pattern Matching on Compressed Databases
Maximilian von Tschirschnitz (Technical University of Munich)
14:50 SS7 for INFOSEC
Paul Coggin (Financial Institution)
Security Response Survival Skills
Benjamin Ridgway (Microsoft)
Kernel-Assisted Debugging of Linux Applications
Tobias Holl, Philipp Klocke, Fabian Franzen (Technical University of Munich)
15:40 Coffee Break
16:00 New Attack Vectors for the Mobile Core Networks
Dr. Silke Holtmanns (Nokia Bell Labs)
Injecting Security Controls into Software Applications
Katy Anton (CA Technologies | Veracode)
16:50 Offpath Attacks Against PKI
Markus Brandt (Fraunhofer Institute for Secure Information Technology SIT)
Blinding the Watchers: The Growing Tension between Privacy Concerns and Information Security
Mark Baenziger (FireEye Deutschland GmbH)
17:40 Open Source Network Monitoring
Paula de la Hoz Garrido (Student)
Attacks on Mobile Operators
Aleksandr Kolchanov (n/a)
20:00 Speaker's Dinner
Conference, day 2 - Fri, 30 Nov
Left Pirouette Right Pirouette Riding School (ROOTS)
09:00 Everything is connected: how to hack Bank Account using Instagram
Aleksandr Kolchanov (-)
How to Communicate about IT Security without Getting the Cybers
Hauke Gierow & Tim Berghoff (G DATA Software AG)
09:50 Cracking HiTag2 Crypto - Weaponising Academic Attacks for Breaking and Entering
Kevin Sheldrake (Not representing employer)
A Tour of Office 365, Azure & SharePoint, through the Eyes of a Bug Hunter
Dr.-Ing Ashar Javed (Hyundai AutoEver Europe GmbH)
Project Introduction: Data over Sound - Risks and Chances of an emerging Communication Channel
Matthias Zeppelzauer (St. Pölten University of Applied Sciences)
10:40 Coffee Break
11:00 Building your Own WAF as a Service and Forgetting about False Positives
Juan Berner (
Information, Threat Intelligence, and Human Factors
John Bryk (Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC, North America))
11:50 Pure In-Memory (Shell)Code Injection in Linux Userland
reenz0h (Sektor7)
RFID Chip Inside the Body: Reflecting the Current State of Usage, Triggers, and Ethical Issues
Ulrike Hugl (Innsbruck University, Faculty of Business and Management)
Discussion: Mobile Network Security
DeepSec Speaker & Digital Guardian (Security Community)
12:40 Lunch
14:00 DNS Exfiltration and Out-of-Band Attacks
Nitesh Shilpkar (PwC Singapore)
Global Deep Scans - Measuring Vulnerability Levels across Organizations, Industries, and Countries
Luca Melette & Fabian Bräunlein (Security Research Labs)
14:50 Leveraging Endpoints to Boost Incident Response Capabilities
Francisco Galian, Mauro Silva (Nirvan and IBM X-Force IRIS, Telefonica UK (O2))
Orchestrating Security Tools with AWS Step Functions
Jules Denardou & Justin Massey (Datadog)
15:40 Coffee Break
16:00 Drones, the New Threat from the Sky
Dom (D#FU5E) Brack (Reputelligence)
Security as a Community Healthcare: Helping Small Non-Profit Organisations Stay Secure
Eva Blum-Dumontet (Privacy International)
16:50 Anomaly Detection of Host Roles in Computer Networks
Yury Kasimov (Stratosphere IPS / Avast)
Can not See the Wood for the Trees - Too Many Security Standards for Automation Industry
Frank Ackermann (Yokogawa Deutschland GmbH)
17:40 Mapping and Tracking WiFi Networks / Devices without Being Connected
Caleb Madrigal (Mandiant/FireEye)
Manipulating Human Memory for Fun and Profit
Stefan Schumacher (Magdeburger Institut für Sicherheitsforschung)
18:20 Closing Ceremony
18:30 - .:.
19:00 - T.B.A.