Programme 2025
The opening and keynote will take place in the Large Assembly Hall.
The following presentations will be divided thematically into different tracks. All sessions related to the same theme will take place in the same room. Overall, the tracks are spread across five different rooms and run simultaneously.
Additionally, the presentations from the Large and Medium Assembly Hall will be streamed live.
General programm:
- Exhibition stands | A.0.19 Main hall A
- Graduate Lounge | A.0.11 Small assembly hall, building A
- Photo Booth | Connecting axis, building A
- Cyber Escape Room | Parking lot St. Pölten UAS
Our event app is online!
Put together the programme of your choice, find out more about our speakers and get an overview of all exhibitors.
Johann Haag | Chief Executive Officer (CEO), St. Pölten UAS
Simon Tjoa | Head of Department of Computer Science and Security, St. Pölten UAS
*** Live stream via YouTube ***
ObstdG Franz Sitzwohl | Österreichisches Bundesheer
Antonis Atlasis | Head of Systems Security Engineering Section, European Space Agency
While importance of space missions for humanity increases, cyber space threats are brought to outer space, and new technologies that are introduced bring not only new opportunities but also new threats. In this talk, This talk will offer an insight on what is changing in outer space missions, what are the implications to their security, the solutions required, and topics needing further research.
Siegfried Hollerer, Simon Rommer, Felix Eberstaller | BMI
*** Live stream via YouTube ***
Felix Eberstaller, Bernhard Rader | Limes Security
The digital transformation of agriculture has led to a change in technology. This includes modernized farming equipment with smart capabilities and the development and widespread adoption of retrofit automation systems for legacy farming equipment to extend the lifespan and use existing legacy resources, similar to security efforts for legacy systems in OT.
This research presents a security analysis of the FJ Dynamics Steering Kit, a leading aftermarket solution for autonomous tractor capabilities, which is sold under different labels in Asia, Europe and the United States. Our investigation revealed critical vulnerabilities enabling unauthorized global tracking of tractors, system manipulation, and potential safety compromises, highlighting significant risks to agricultural operations and public safety.
*** Live stream via YouTube ***
Philipp Kreimel-Haindl | OMV Exploration & Production GmbH
Operational Technology (OT) environments often pose significant challenges when it comes to logging and monitoring. Legacy systems, vendor lock-ins, non-standardized log formats, and forbidden agent installations are just a few of the issues practitioners face when setting up a centralized SIEM. In this talk, we’ll explore the full spectrum of OT log sources – the good (well-structured, accessible logs), the bad (limited, poorly documented outputs), and the ugly (proprietary binaries, CSVs). Based on hands-on experience integrating diverse sources into a SIEM solution, this session will highlight practical strategies, creative workarounds, and key lessons learned. Whether you're just starting your OT monitoring journey or knee-deep in legacy complexity, this talk will help you gain visibility without losing your sanity – or your systems.
*** Live stream via YouTube ***
Herbert Dirnberger | IKARUS Security Software GmbH
*** Live stream via YouTube ***
Thomas Weber | CyberDanube
In this talk, we provide an in-depth look into the internal workings of a commercially available drone. Using our in-house platform MEDUSA ("Scalable Firmware Runtime"), we emulated and analyzed the drone's control system. In the process, both the hardware architecture and critical security vulnerabilities were uncovered. The presentation offers a practical demonstration of how emulation can enable effective security analysis of complex systems like drones. We will showcase real-world attack scenarios, such as manipulating the Wi-Fi communication or taking over the controller. This session is intended for anyone interested in embedded security, (I)IoT forensics, and innovative analysis techniques - from penetration testers to researchers.
*** Live stream via YouTube ***
Ilyas Demirtas, Kai Starik | Deloitte Consulting GmbH
*** Live stream via YouTube ***
Harald Gattermeyer | anapur AG
*** Live stream via YouTube ***
Daniel Haslinger & Christoph Lang-Muhr | UAS St. Pölten
*** Live stream via YouTube ***
Severin Winkler, Benjamin Petermaier | KPMG Security Services GmbH
*** Live stream via YouTube ***
Benjamin Floriani, Patrick Pongratz | SecCore GmbH
As security controls mature, traditional initial access techniques like macros and simple credential phishing are losing their effectiveness. To accurately simulate modern adversaries, red teams must evolve beyond the expected. This presentation dives into lesser-known and highly effective initial access vectors that bypass common defenses by exploiting overlooked file formats and user trust.
The core of this talk is a deep-dive into an attack chain starting with SVG images. We will demonstrate how a seemingly harmless and widely used image file can be weaponized to create a dynamic phishing lure capable of harvesting credentials and, crucially, bypassing Multi Factor Authentication in Microsoft Entra-ID.
*** Live stream via YouTube ***
Johannes Bär | Condignum, Andre Waldhoff
*** Live stream via YouTube ***
Florian Hehenberger, Akashpreet Wedech | PwC Austria
*** Live stream via YouTube ***
Niels Pfau | Mantodea Security GmbH
*** Live stream via YouTube ***
Florian Skopik, Benjamin Akhras, Peter Leitmann, Lukas Linauer |AIT Austrian Institute of Technology
*** Live stream via YouTube ***
Manuel Reinsperger| TU Wien - Interactive Programming & Analysis Lab
*** Live stream via YouTube ***
Gabor Szivos, Darius Beckert | slashsec Red Teaming GmbH
Alexander Aigner, Stephan Hutterer | CyberUp GmbH
Georg Ungerböck, Stephan Bauer |ARCANIX OG
Rainer Poisel, Stefan Riegler | honeytreeLabs Cooperation
Daniel Dorfmeister | Software Competence Center Hagenberg GmbH
Industrial-scale reverse engineering poses a significant threat to manufacturers of modern industrial systems, where replicating complex software is often faster and more cost-effective than developing it from scratch. We thus develop innovative protection mechanisms to safeguard the intellectual property embedded in software and AI models. Our approach binds correct program execution to unique and unclonable hardware properties, making unauthorized replication and reverse engineering significantly more difficult and resource intensive. Unlike traditional protections, our methods do not require specialized security hardware and thus work with legacy systems.
Jakob Heigl-Auer | insitu Software GmbH
Florian Plainer, André Meindorfer | Segmentation Vault St. Pölten
Bina Ramamurthy
Blockchain technology promises decentralization, immutability, sovereignty, trust, and transparency; yet its security landscape remains complex and is continually evolving.
This presentation examines critical vulnerabilities across the blockchain ecosystem, including wallet security and transaction attacks, smart contract exploits, consensus mechanism attacks such as 51% attacks and finality issues, governance vulnerabilities, and rug pulls or exit scams.Key security challenges include crypto wallet protection, smart contract immutability risks, and human factors in decentralized governance.
We present practical mitigation strategies, including secure key and password management, smart contract-based access controls and permissions, and comprehensive smart contract auditing. Drawing on recent security research, personal experiences and practices, real-world incidents, and industry best practices, attendees will gain actionable insights for implementing security-first blockchain development practices in this rapidly maturing ecosystem.
Naghmeh Moradpoor| Edinburgh Napier University
As Connected Autonomous Vehicles (CAVs) become more common on public roads, ensuring the trustworthiness and verifiability of their real-time decisions, especially during coordination scenarios, has emerged as a critical and underexplored challenge.
While federated learning has improved the privacy of model training, it remains unclear how to verify what vehicles do with those models during real-world operation. This talk introduces a novel framework that enables CAVs to reason locally over knowledge graphs and regulatory rules, make context-aware decisions in dynamic environments, and generate zero-knowledge proofs (ZKPs) to attest to the correctness of those decisions without exposing sensitive data.
We present a lightweight, edge-compatible reasoning engine and ZKP module that supports privacy-preserving coordination in critical use cases like intersection negotiation, convoy formation, and emergency rerouting. This work bridges technical gaps between secure learning, explainable AI, and auditable autonomy, paving the way for transparent, compliant, and trustworthy AV ecosystems.
Kristaps Felzenbergs | Vidzeme University of Applied Sciences
The EU NIS2 directive introduces stringent cybersecurity requirements for critical infrastructure, demanding continuous monitoring and rapid incident response capabilities that traditional manual compliance approaches cannot sustain. This presentation explores how organizations can leverage automation technologies to transform NIS2 compliance from a periodic checkbox exercise into a continuous, integrated security posture.
We'll examine practical implementation strategies using Security Orchestration, Automation and Response (SOAR) platforms, automated vulnerability management systems, and AI-driven threat detection to meet NIS2's technical requirements.
The session covers real-world case studies demonstrating automated incident reporting workflows, continuous risk assessment mechanisms, and supply chain monitoring solutions that ensure ongoing regulatory adherence.
Attendees will learn insights of scalable compliance architectures that reduce manual overhead while improving security outcomes, turning NIS2 obligations into competitive advantages through strategic automation implementation.
Constanze Roedig
We believe end users should not be responsible for writing security rules for third-party software, rather, we show how vendors can distribute benign runtime-behavior rules along their supply chain using a “Bill of Behavior” (BoB) inside OCI artifacts.
A BoB is a profile of known syscalls, fileaccess, network and capabilities generated using eBPF, and allows anomaly detection. Thus, users can infer both malicious behavior and tampering without writing/maintaining custom runtime rules.
We detail which parts of the BoB specification translate across ecosystems, languages, stacks, and tools and why the process must be transparent for users. We will also discuss the current scope and ongoing evolution of BoB, laying out a strategic roadmap as it progresses towards a de-facto standard, thus complementing our security ecosystem of seccomp profiles, SBOMs and policy engines.
A public on-demand lab of the reference implementation using well-known cloud native tools will be supplied.
Martin Schmiedecker, Markus Donko-Huber
In this talk we'll give an overview on how to effectively block online ads in 2025.
Not only since AI is allegedly taking over everything & Google changed the extension API for the most popular browser in the world to force-choke ads down their users throat, many still don't realize that they are foremost not a technology company but an online advertisement company before anything else.
We'll present how to block ads on a local machine, on an entire network, and for others.
Reinhard Kugler | SBA Research GmbH
Kernel Space, the final frontier.
These are the voyages of SBA Research and its mission: to explore strange new technologies, to boldly go where only a few have gone before - using eBPF.
The Cyberspace is vast and numerous threats are lurking in the dark. A new trend arises: abusing the Kernel to backdoor and assimilate sane Linux systems using the eBPF technology. The integration of eBPF in the Kernel allows attackers to change the behavior of the system. How can it be exploited and what can an attacker do with those capabilities? This talk explores the attacker's view on the eBPF technology and how to abuse it to their advantage. Set phasers to stun and learn about offensive techniques for defenders and analysts in SOCs.
Tomasz Haberny, Sandra Vrdoljak | German Telekom Security
On July 19th, 2024, a routine CrowdStrike update disrupted (security) operations globally, causing massive outages across all sectors.
As a Managed Security Service Provider (MSSP) responsible for managing a six-digit number of affected endpoints, we were on the front lines of the chaos.
In this talk, we’ll provide a behind-the-scenes look at modern Endpoint Detection and Response (EDR) systems, dissect CrowdStrike’s update mechanism, and analyze what went wrong that day. We’ll walk you through a detailed timeline of the incident from the perspective of an MSSP, share the challenges faced during remediation, highlight the pitfalls encountered, and discuss the tough lessons learned as well as key takeaways for MSSPs, vendors, and customers.
Arshia Reisi |KPMG Security Services GmbH
Modern cloud identity systems promise strong security but attackers know exactly where trust breaks down. This purple team–focused talk explores real-world techniques to bypass Conditional Access, defeat phishing-resistant MFA, and achieve stealthy remote code execution via Custom Script Extension abuse.
For every attack, we’ll cover the detection angles and practical defenses that matter. From covert sign-ins to silent API misuse, you'll see how these threats unfold and how to spot them before they escalate.
Mario Kahlhofer | Dynatrace Research
Techniques to deceive hackers are nothing new. You may be familiar with honeypots, which are used to lure and trick hackers. But are you also familiar with modern cyber deception techniques? This talk will explore how organizations of all sizes can deploy deception techniques within real production environments.
We will demonstrate traps for the application layer, such as fake “passwords.txt” files, or fake API routes like “/admin”, which are designed to attract and detect attackers. Drawing on empirical results from our Honeyquest study, we will invite the audience to interactively identify enticing cyber traps and learn what makes them effective.
We will also demonstrate Koney, our open-source tool that automates the deployment and monitoring of deception assets in Kubernetes using a policy-as-code strategy. Attendees will learn modern methods for tricking hackers and will leave equipped with the knowledge and tools to embed cyber deception into their own systems.
André Meindorfer | NVISO
Security Operations Centers (SOCs) are a cornerstone of modern cybersecurity; at least in theory. In practice, many SOCs fall into the same traps: adopting models and methods that seem promising on paper, but lead to inefficiency, frustration, or burnout when applied uncritically.
This talk takes a critical look at real-world anti-patterns in the SOC world: recurring design or operational choices that tend to fail despite good intentions. It challenges the idea that "more is always better" and questions the blind adoption of frameworks in contexts where they don't belong.
Whether you're planning to work in a SOC, build one, or just want to understand the difference between textbook and real world, this session will help you spot harmful habits before they cause real damage.
Sabine Kölly | EY Austria
Alexander Ressl, Stefan Pfeiffer | Accenture
This presentation critically examines the state of agentic AI by contrasting the ambitious visions of tech giants like Google, Microsoft, and ServiceNow with the practical realities of its current application. We will dissect the selling points of “a world of autonomous agents seamlessly managing our digital lives” and weigh them against the "real-life" challenges of implementation, reliability, and unforeseen consequences.
The session will explore the concerns, questioning the black-box nature of agent decision-making, and the implications of delegating complex tasks to machines. By analyzing what these companies are promising versus what their technology can currently deliver, this talk aims to continue last year’s discussion about the true trajectory of AI with the new agentic AI approach.
Susanne Schön | Materna
Following the presentations "1001 Scan" (2023) and "1001 Logline" (2024), this marks the third installment in our series showcasing the services offered by a Security Operations Center (SOC). Each part sheds light on the hidden corners of network infrastructure.
In recent years, we've observed a growing trend among our customers: Endpoint Detection and Response (EDR) is increasingly viewed as a viable alternative to traditional Network Traffic Monitoring for security purposes.
This presentation explores:
The evolution of network traffic over the past ten years
Shifts in the nature and frequency of network incidents
The development of tools used to monitor and analyze traffic
Finally, we address a key question: Is Network Traffic Analysis still a relevant and effective tool in the SOC toolkit today?