9:00 am–9:15 am
Opening Remarks and Awards
Program Co-Chairs: Jiska Classen, Hasso Plattner Institute; Alyssa Milburn, Intel
10:15 am–10:45 am
Coffee and Tea Break
10:45 am–12:00 pm
Hardware Security
Security through Transparency: Tales from the RP2350 Hacking Challenge
Marius Muench, University of Birmingham; Aedan Cullen and Kévin Courdesses, Independent; Thomas 'stacksmashing' Roth, Hextree; Andrew Zonenberg, IOActive
Extraction of Secrets from 40nm CMOS Gate Dielectric Breakdown Antifuses by FIB Passive Voltage Contrast
Andrew D. Zonenberg, Antony Moor, Daniel Slone, Lain Agan, and Mario Cop, IOActive
GlitchGlück: Enabling Software Vulnerabilities through Guided Hardware Fault Injection
Zhenyuan Liu, Dillibabu Shanmugam, and Patrick Schaumont, Worcester Polytechnic Institute
1:30 pm–2:45 pm
Hacking at a Distance
Bluetooth Security Testing with BlueToolkit: a Large-Scale Automotive Case Study
Vladyslav Zubkov, ETH Zurich; Tommaso Sacchetti and Daniele Antonioli, EURECOM; Martin Strohmeier, armasuisse Science & Technology
No Key, No Problem: Vulnerabilities in Master Lock Smart Locks
Chengsong Diao, Danielle Dang, Sierra Lira, Angela Tsai, Miro Haller, and Nadia Heninger, UC San Diego
Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms' "Typo" Correction
Seyyed Ali Ayati and Jin Hyun Park, Texas A&M University; Yichen Cai, University of Toronto; Marcus Botacin, Texas A&M University
2:45 pm–3:15 pm
Coffee and Tea Break
3:15 pm–4:30 pm
Network Security
DeepRed: A Deep Learning-Powered Multi-stage Red Teaming Operations to Reveal Vulnerabilities of ML-based Network Anomaly Detection
Mehrdad Hajizadeh and Pegah Golchin, TU-Chemnitz; Ehsan Nowroozi, Centre for Sustainable Cyber Security (CS2), University of Greenwich; Maria Rigaki and Veronica Valeros, Czech Technical University in Prague; Sebastian García, Stratosphere Laboratory the at Czech Technical University in Prague; Mauro Conti, University of Padua; Thomas Bauschert, TU-Chemnitz
Stealth BGP Hijacks with uRPF Filtering
Haya Schulmann, Goethe-Universität Frankfurt and National Research Center for Applied Cybersecurity ATHENE; Shujie Zhao, Technische Universität Darmstadt and Fraunhofer SIT
FUZZVPN: Finding Vulnerabilities in OpenVPN
Anqi Chen and Cristina Nita-Rotaru, Northeastern University
9:00 am–10:15 am
Physical Attacks
Be Write Back: An In-Depth Study of Fault Injection Effects on FRAM Technology
Valentin Huber and Marc Schink, Fraunhofer Institute for Applied and Integrated Security (AISEC)
Reality Check on Side-Channels: Lessons Learnt from Breaking AES on ARM Cortex-A72 Processor with Out-of-Order Execution
Boyapally Harishma and Dirmanto Jap, Temasek Laboratories, Nanyang Technological University, Singapore. National integrated Centre For Evaluation, Nanyang Technological University, Singapore.; Qianmei Wu, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, China; Fan Zhang, School of Cyber Science and Technology, College of Computer Science and Technology, Zhejiang University, China; Shivam Bhasin, Temasek Laboratories, Nanyang Technological University, Singapore; National integrated Centre For Evaluation, Nanyang Technological University, Singapore.
Oops, It Halted Again: Exploiting PLC Memory for Fun and Profit in Industrial Control Systems
Wooyeon Jo and Irfan Ahmed, Virginia Commonwealth University
10:15 am–10:45 am
Coffee and Tea Break
10:45 am–12:00 pm
Application Security
Prekey Pogo: Investigating Security and Privacy Issues in WhatsApp's Handshake Mechanism
Gabriel Karl Gegenhuber, University of Vienna; Philipp Frenzel, SBA Research; Maximilian Günther, Intigriti; Aljosha Judmayer, University of Vienna
Comma Separated Vulnerabilities: Detecting Formula Injection in the Wild
Manuel Karl, Louis Bettels, Martin Johns, and David Klein, TU Braunschweig
Extract: A PHP Foot-Gun Case Study
Jannik Hartung, Simon Koch, and Martin Johns, TU Braunschweig
1:30 pm–2:45 pm
Exploit All the Things
SecurePoC: A Helping Hand to Identify Malicious CVE Proof of Concept Exploits in GitHub
Soufian El Yadmani, Robin The, and Olga Gadyatskaya, Leiden University
SoK: Automating Kernel Vulnerability Discovery and Exploit Generation
Anil Kurmus, Andrea Mambretti, and Alessandro Sorniotti, IBM Research Europe - Zurich; Vincent Lenders, Damian Pfammatter, and Bernhard Tellenbach, armasuisse – Cyber-Defence Campus
BOOTKITTY: A Stealthy Bootkit-Rootkit Against Modern Operating Systems
Junho Lee, Mokpo National University; Jihoon Kwon, Korea University; HyunA Seo, Sungshin Women's University; Myeongyeol Lee, Chosun University; Hyungyu Seo, Keimyung University; Jinho Jung, Ministry of National Defense; Hyungjoon Koo, Sungkyunkwan University