Departments and centres[ edit ] Department of Economics[ edit ] The Economics Department provides teaching and supervision to PhD students.
Virtualization software capable of running OVA. This course will teach attendees how to use advanced attack methods against mobile applications, how to reverse engineer their code to look for vulnerabilities and use this information for complex attacks.
At the end of this course attendees will be able to use advanced mobile penetration testing tools, carry out injection attacks and use reverse engineering methods to deconstruct the advanced defences of modern mobile applications.
What not to expect? They both have several years of experience in performing penetration tests such Saarland university master thesis in the areas of application testing, infrastructure testing, testing of mobile applications and devices as well as others.
Weird machines, exploitability and unexploitability Abstract. In spite of being central to everything that is going on in IT security, the concept of "exploit" is surprisingly poorly formalized and understood only on an intuitive level by security practitioners.
This lack of clear definition has all sorts of negative side-effects: From ineffictive teaching to muddled thinking about mitigations.
In this talk, I will make an attempt to more clearly define what it is that attackers do when they write an exploit — and then talk about what this means for mitigations and secure coding.
Inhe started zynamics, a company focused on reverse engineering technologies.
He continued to publish about reverse engineering, ROP gadget search, and knowledge management technologies in relation to reverse engineering. Inzynamics was acquired by Google, and Halvar spent the next few years working on defensive technologies that leveraged the then hot buzzwords "big data" and "machine learning".
In summerHalvar received the lifetime achievement Pwnie, and decided to take a year off to travel, read, and surf. Since Novemberhe is back at Google. As systems become more automated and networked and complicated software systems control entire systems, IT security is playing an increasingly important role.
Previous attacks have mostly exploited existing vulnerabilities, future attackers will strive to intervene in the development process to build in vulnerabilities themselves. After graduating with a Ph. Obviously such an old attack doesn't work any more today, because everyone has fixed it.
That was a joke. It affected nine different vendors and we were able to sign a message with the private key from facebook. More info at https: In he started the Fuzzing Project, an effort to improve the security of free software applications. We describe novel attacks built upon a technique we call malleability gadgets to reveal the plaintext of encrypted emails.
The attack works for emails even if they were collected long ago, and is triggered as soon as the recipient decrypts a single maliciously crafted email from the attacker.
Finding security vulnerabilities with modern fuzzing techniques Abstract. Fuzzing is a very powerful technique to detect flaws and vulnerabilities in software. The aim of this talk is to demonstrate different techniques which can be used to fuzz applications or libraries.
Choosing the correct and most effective fuzzing technique will be discussed with real-world examples. Moreover, hints according common problems and pitfalls during fuzzing will be given. The first part of the talk discusses general concepts of fuzzing whereas the second part covers important areas which influent the fuzzing results.
A special focus of the talk will be the difference of fuzzing applications with source code available versus fuzzing closed-source applications.
He operates research in the fields of malware analysis, reverse engineering and exploit development. He also studies modern mitigation techniques and how they can be bypassed by attackers. How client-side compilers help attackers to gain code execution Abstract. Compilers of interpreter languages aim at speeding up execution in the race for web browser performance.
JS and its successor WebAssembly are emerging and won't disappear any time soon. Despite the intended performance gain, security concerns arise.
Attackers started to abuse JIT compilers by emitting desired machine code derived from controlled script constants. Armed with the ability to fill predictable address regions with hidden assembly instructions, they invented the JIT-Spray technique.Vehicles, like automobiles, trains, ships or aircraft, rotating machinery, reactors and microelectronic devices, but also constructions like dams, towers and bridges need a maximum of reliability, security and long-living function as criteria for their quality.
RuhrSec is the non-profit IT security conference at the Ruhr University Bochum (Germany). It is a high-quality and low-priced security conference in the heart of Bochum near the river Ruhr.
Saarland University. Josef van Genabith is a Full Professor Full Professor and Chair of Translation-Oriented Language Technologies at the University of Saarland, Germany since Heriot-Watt University Alana Alana.
Our international team of 8 PhD students and faculty advisors has a wide range of experience from both academic and industrial research, and is based in the Interaction Lab at Heriot-Watt University in Edinburgh UK, which has a long history of building data-driven dialogue systems using machine learning methods.
The name Germany is derived from the Latin word Germania, which, at the time of the Gallic War (58–51 B.C.E.), was used by the Romans to designate various peoples occupying the region east of the pfmlures.com German-language name Deutschland is .
Dr Meghan Hughes. Meghan graduated from the University of Strathclyde in Glasgow with an MSci in Forensic and Analytical Chemistry, which incorporated a years industrial placement in .