BSides Berlin 2022

26 November c-base Berlin
A community-driven information security conference and community.
BSides Berlin is an event for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Stay tuned by following us on Twitter (@SidesBer), or subscribing to our mailing list.

BSides Berlin is part of the Security BSides organization. This event is organized by Natalie Pistunovich (@NataliePis) and Sina Yazdanmehr (@SinaYazdanmehr).


The first ever Berlin BSides took place in 2010, and the second ever one made a comeback in 2020 after a decade!


Mate Soos
Formal Verification Engineer
@ Ethereum Foundation
Read more →
Frederik Braun
Staff Security Engineer
@ Mozilla
Read more →
Daniel Schmidt
Computer Science Student
@ TU Berlin
Read more →
Christoph Wolff
Information Security Analyst
@ modzero
Read more →
Nils Ole Timm
Security Researcher
@ --
Read more →
Tzouriel Saadoun
Ethical Hacker
@ --
Read more →
Jorge Gimenez
Security Consultant
@ Security Research Labs
Read more →


09:30 - 09:50


09:50 - 10:00

Welcome Words


10:00 - 10:45

Opening Keynote

What can IT security professionals learn from safety literature?
When airplanes crash, mines explode, or dams are breached, extensive public investigations usually follow. The immense human suffering that has been caused by these accidents has lead to serious work put into understanding how and why these accidents happen (and happen, again). It turns out that most accidents are not as straightforward as we'd like to imagine them to be. Consequently, dealing with them in an effective way is also not straightforward: e.g. there is rarely, if ever, a single cause one could "just fix".
Can we use the learnings from these domains to better deal with issues in IT security? In this talk I will try to point to a new, emerging paradigm of looking at IT security as a system that should aim to be Resilient/Observable, rather than Robust/Reliable, as put so neatly by Mario Platt, following the footsteps of "Safety Differently" by Sydney Dekker, itself based on the work of Diane Vaughan, Charles Perrow, Barry Turner, and others.

10:45 - 11:30

Security Considerations for an HTML Sanitizer

We will talk about mXSS as background and then also explain why the XSS Auditor didn’t work (as a prime example of a browser-controlled XSS mitigation). Using examples from recent mXSS attacks against sanitizers, we are explaining the root cause of these issues and the solution (e.g., parsing statefully within a context-element).
Then we will explain how a built-in Sanitizer API can fill the existing gap and what it can and can not protect against (e.g., DOM Clobbering and script gadgets are tricky).

11:30 - 12:00

Coffee Break

11:30 - 12:00

The issues a self-taught cyber security practitioner might encounter

You have to start somewhere. Which topics, what should come first, and how deep should I dig into the topic? There are many questions that arise when learning without a curriculum. Hopefully, I will solve some of the newcomers' problems and remind the veterans of the passion that brought them to this profession in the first place.

12:00 - 12:45

False Positive to 0-day: LPE in Lenovo Update Service

This talk goes step by step from a false positive flagged by automated tools to a full local privilege escalation in the Lenovo Vantage service. Experience the twists, turns and despair of security research until the sweet release of a SYSTEM shell.
The talk focusses mainly on the thought process and showing both successes and failures. The goal is to try and make the subject approachable and less intimidating, even if the final exploit chain is relatively complicated involving a path traversal, TOCTOU and NTFS shenanigans.

12:45 - 14:00

Networking & Lunch Break

14:00 - 14:45

Smart-Contradiction - Finding Consensus Bugs in Novel EVM Implementations with LibAFL

Consensus bugs between Ethereum’s multiple clients have already caused the loss of about 30 blocks that transferred ETH valued at about 8.6 million USD at the time. Rooting them out is essential to Ethereum's security. This talk will present an approach to do so, so-called "differential fuzz-testing". You will be guided through our differential fuzz testing setup between Geth, the most-widely used Ethereum execution client, and evmone, a promising, performant EVM implementation. We will showcase the components we utilized to create such a differential fuzzing setup using LibAFl.

14:45 - 15:30

EDR Evasion Primer

EDRs are everywhere, but relatively little is known about how the tools work and how to effectively circumvent them. We are effectively trusting black boxes to protect our endpoints. This presentation discusses insights on EDR inner workings and evasion options gathered over several years of intense red teaming.
We will cover:
Test lab results: The wide range of EDR choices from terrible to effective; bonus: ZERO DAYS!
Reverse engineering results: How EDRs work internally
Successful attack techniques: EDR evasion methodologies; including:
Leverage Windows APIs for injection attacks
Unhook functions
Implement and masquerade your own syscalls
These insights help defenders and testers: Blue teamers will better understand how much to rely on EDR; and red teamers will find an organization’s weakest link more quickly.

15:30 - 16:00

Coffee Break

16:00 - 16:45

Meet Hot Owls In Your Area!

Hoot hoot! As part of an evaluation of video conferencing devices, my company took a look at the Meeting Owl, a 360° USB camera. While it looks mostly harmless and seemed to only have a very limited attack surface at first, the research led to numerous security vulnerabilities, some of which were pretty astounding. In the end, we could access customers’ personal data, including the approximate location of their Owl’s. In addition to that, we were able to turn nearby Owls into an access point to the connected (corporate) network (neat, when you know their location), by circumventing security features such as a PIN. When the company behind the Meeting Owl launched a service to share images captured during meetings, we were able to access these as well…
This talk will be 50% owl pictures, 40% security vulnerabilities and 10% bad passwords.

16:45 - 17:00

Closing Remarks


17:00 - 19:00




Regular - €15
In-person and online tickets available

Review committee

Luca Melette
Head of Research Team
@ Security Research Labs GmbH
Read more →
Pascal Zenker
Senior Information Security Analyst
@ modzero
Read more →
Vincent Ulitzsch
PhD Student
@ Berlin Institute of Technology
Read more →
Balthasar Martin
Head of Redteaming Team
@ Security Research Labs GmbH
Read more →
David Jaeger
Cyber Security Architect
@ Airbus

Read more →


c-base Berlin

c-base is the oldest crashed space station on earth...

Address: Rungestraße 20, 10179 Berlin, Germany


Sponsors & Partners

Blaze Information Security