{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/schedule/", "version": "0.5", "base_url": "https://cfp.ringzer0.training", "conference": {"acronym": "ringzer0-bootstrap25-austin", "title": "Ringzer0 BOOTSTRAP25 Austin", "start": "2025-03-18", "end": "2025-03-22", "daysCount": 5, "timeslot_duration": "00:05", "time_zone_name": "US/Central", "colors": {"primary": "#3b3535"}, "rooms": [{"name": "San Jac Saloon", "slug": "4005-san-jac-saloon", "guid": "20b01805-b577-511b-b3c2-fddd9f036d88", "description": "300 E. 6th St. Austin, TX 78701", "capacity": null}, {"name": "TCC\ud83d\udccdAuditorium 1.110", "slug": "4006-tccauditorium-1110", "guid": "e837fe30-b4b2-544d-8a44-273dc4032c9c", "description": null, "capacity": null}, {"name": "TCC\ud83d\udccdRoom 1.124", "slug": "4004-tccroom-1124", "guid": "9356c6cf-9ad3-597d-9739-90355cdfd798", "description": "Thompson Conference Center, 2405 Robert Dedman Dr, Austin, TX 78712", "capacity": null}, {"name": "TCC\ud83d\udccdRoom 1.124", "slug": "4007-tccroom-1124", "guid": "56b318bd-49b2-50d7-91c3-8937cc191b7f", "description": "Thompson Conference Center, 2405 Robert Dedman Dr, Austin, TX 78712", "capacity": null}, {"name": "TCC\ud83d\udccdRoom 1.126", "slug": "4008-tccroom-1126", "guid": "3e6a70cd-6083-51b0-865e-ec14f135eedc", "description": "Thompson Conference Center, 2405 Robert Dedman Dr, Austin, TX 78712", "capacity": null}], "tracks": [], "days": [{"index": 1, "date": "2025-03-18", "day_start": "2025-03-18T04:00:00-05:00", "day_end": "2025-03-19T03:59:00-05:00", "rooms": {}}, {"index": 2, "date": "2025-03-19", "day_start": "2025-03-19T04:00:00-05:00", "day_end": "2025-03-20T03:59:00-05:00", "rooms": {}}, {"index": 3, "date": "2025-03-20", "day_start": "2025-03-20T04:00:00-05:00", "day_end": "2025-03-21T03:59:00-05:00", "rooms": {}}, {"index": 4, "date": "2025-03-21", "day_start": "2025-03-21T04:00:00-05:00", "day_end": "2025-03-22T03:59:00-05:00", "rooms": {"TCC\ud83d\udccdRoom 1.124": [{"guid": "d7364c8d-b659-504a-964b-3383d6ce2245", "code": "7CYWDF", "id": 66308, "logo": null, "date": "2025-03-21T09:00:00-05:00", "start": "09:00", "duration": "08:00", "room": "TCC\ud83d\udccdRoom 1.124", "slug": "ringzer0-bootstrap25-austin-66308-free-blackhoodie-1-day-training-compiler-internals-for-security-engineers", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/7CYWDF/", "title": "FREE Blackhoodie 1 Day Training: Compiler Internals for Security Engineers", "subtitle": "", "track": null, "type": "Hands-On Workshop", "language": "en", "abstract": "Blackhoodie is a free, women only reverse engineering workshop and community. This FREE 1 day class introduces students to security relevant aspects of compiler internals, and with guided examples enables students to perform their own code modifications through a compiler.", "description": "#### Topic:\r\n\r\nWe will set up an environment with which we can analyze source code through different compilation stages and by the end of the day students will be able to inject code to a given compiler stage. Students will gain understanding how compiler mitigations are placed into applications, and understand the security relevancy of a build chain.\r\n\r\n#### Prerequisites:\r\n\r\nBring a laptop on which you have permissions to install software. Basic coding skills and Linux command line skills required, knowing basics of assembly language is helpful but not required,\r\n\r\n#### When\r\nMarch 21 9am-5pm Central Time\r\n\r\n#### Where\r\nThompson Conference Center, Austin TX", "recording_license": "", "do_not_record": false, "persons": [{"code": "8X37GC", "name": "Marion Marschalek", "avatar": "https://cfp.ringzer0.training/media/avatars/8X37GC_98nLHw0.webp", "biography": "Marion has been a Senior Security Engineer working on building threat detection solutions based on machine learning and AI. She also held an offensive security research position at Intel and different roles in the threat detection industry, as a malware reverse engineer and incident responder. Marion is the founder of BlackHoodie, a hacker bootcamp for women, which is established as a global initiative to attract more diverse talent to the security industry.", "public_name": "Marion Marschalek", "guid": "979630a7-f690-54a8-9ab6-c867cfc1e8a8", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/8X37GC/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/7CYWDF/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/7CYWDF/", "attachments": []}], "San Jac Saloon": [{"guid": "e5cc2d66-9438-57d7-b246-a6a9d31cac8c", "code": "DXWGRM", "id": 66304, "logo": null, "date": "2025-03-21T19:00:00-05:00", "start": "19:00", "duration": "00:45", "room": "San Jac Saloon", "slug": "ringzer0-bootstrap25-austin-66304-from-0-to-millions-protecting-against-aitm-phishing-at-scale", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DXWGRM/", "title": "From 0 to Millions: Protecting Against AitM Phishing at Scale", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Phishing has evolved to bypass MFA using reverse proxies, while traditional defenses like blocklists are aging and evaded. This talk introduces Cloned Site Canarytoken, which alerts you to phishing attempts before credentials are entered, with real-world attack insights and response strategies.", "description": "Phishing has evolved both in the TTPs of attackers, and their targets. From simple clones of a website trying to get a username/password to reverse-proxying systems that steal sessions even with MFA, the target landscape has changed. Many of the defenses against phishing are started to show their age, between block-lists for domains that appear to be illegitimate, SMS/push MFA, and broken functionality cues that may alert someone to the site not being correct. Modern phishing tools, like EvilGinx, Modlishka, and more handle all of these by hiding the phishing content behind a unique \"lure\" to avoid domain blocking, supporting SMS/push MFA, and seamlessly allowing for login and hand-over once the session has been stolen. This talk is focused on a Canarytoken type that lets you protect a shared-responsibility platforms that are difficult to gain insight into. These include Azure Entra ID, LogTo, and custom sites. The Cloned Site Canarytoken lets you quickly get alerted if someone is mirroring or reverse-proxying a sensitive login page that has any of your users trying to login--you can get alerted about the phishing site's URL before the user has even entered their password! After a view of the landscape of modern phishing techniques, defenses, we'll dive into our novel defenses, and look at the data of token alerts from millions of logins every day to build a view of real-world phishing attacks and their TTPs. We'll finish off with how to respond to alerts, and some attacks against our Canarytoken.", "recording_license": "", "do_not_record": false, "persons": [{"code": "AEXDSP", "name": "Jacob Torrey", "avatar": "https://cfp.ringzer0.training/media/avatars/AEXDSP_DcuFBof.webp", "biography": "Jacob is the Head of Labs at Thinkst Applied Research. Prior to that he managed the HW/FW/VMM security team at AWS, and was a Program Manager at DARPA's Information Innovation Office (I2O). At DARPA he managed a cyber security R&D portfolio including the Configuration Security, Transparent Computing, and Cyber Fault-tolerant Attack Recovery programs. Starting his career at Assured Information Security, he led the Computer Architectures group performing bespoke research into low-level systems security and programming languages. Jacob has been a speaker and keynote speaker at conferences around the world, from BlackHat USA, to SysCan, to TROOPERS and many more. When not in front of the computer, he enjoys trail running, volunteering as a firefighter/EMT, and hiking with his family.", "public_name": "Jacob Torrey", "guid": "a88ed552-f52a-508f-9181-a30a3d74a4e3", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/AEXDSP/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DXWGRM/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DXWGRM/", "attachments": []}, {"guid": "1051884d-4497-5828-8786-425e0a593e28", "code": "Q7VGLN", "id": 66306, "logo": null, "date": "2025-03-21T20:00:00-05:00", "start": "20:00", "duration": "00:45", "room": "San Jac Saloon", "slug": "ringzer0-bootstrap25-austin-66306-design-to-exploit-a-dive-into-ev-charger-security", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/Q7VGLN/", "title": "Design To Exploit: A Dive Into EV Charger Security", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "This talk examines EVSE security through an analysis of 8 EV chargers and findings from Pwn2Own Automotive 2024 and 2025. It covers typical charger design, common attack surfaces, and the process of researching an EV charger from scratch, including a successfully exploited vulnerability.", "description": "The electric vehicle space is fast moving with many companies scrambling to capitalize on the Electric Vehicle Supply Equipment (EVSE) market. Naturally, a diverse set of EV chargers has arose from this, each of which presents its own cybersecurity risks. We will discuss the current state of EVSE security through an analysis of 8 EV chargers and the findings from Pwn2Own Automotive 2024 and 2025. The design of a typical EV charger will be reviewed along with common attack surfaces. Further we will present the journey of researching an EV charger from scratch and include detail about a vulnerability that was successfully exploited as part of Pwn2Own Automotive.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SUMAFE", "name": "Jonathan Andersson, Connor Ford", "avatar": "https://cfp.ringzer0.training/media/avatars/SUMAFE_uP9l4h2.webp", "biography": "**Jonathan Andersson** is the manager of Trend Micro's Advanced Security Research Group under ZDI/Trend Micro Research since 2010. He has 33 years of professional experience in fields including software development, electronic design, FPGA & PCB design, reverse engineering, and information security. He currently specializes in hardware, firmware, and RF signal reverse engineering. He has presented his original research globally to top-tier infosec conferences as well as by invitation to CERN and DARPA. He holds 15 US patents and is the creator of the Capture the Signal contest, an RF blind signal analysis contest for hackers and radio enthusiasts.\r\n\r\n**Connor Ford** is a Senior Hardware Vulnerability Researcher and a member of Trend Micro's Advanced Security Research team. His main areas of interest are firmware reverse engineering and vulnerability research, particularly involving real time operating systems. He started his professional career as a software developer and then transitioned over to the embedded cyber security space, which is where he plans to stay. Before joining Trend Micro he competed in multiple Pwn2Owns where he exploited a variety of embedded systems including EV chargers, routers and printers.", "public_name": "Jonathan Andersson, Connor Ford", "guid": "066d4a1b-4c6f-56a1-9d8b-845599ebc17e", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/SUMAFE/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/Q7VGLN/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/Q7VGLN/", "attachments": []}]}}, {"index": 5, "date": "2025-03-22", "day_start": "2025-03-22T04:00:00-05:00", "day_end": "2025-03-23T03:59:00-05:00", "rooms": {"TCC\ud83d\udccdAuditorium 1.110": [{"guid": "388fda35-33ea-59a6-b327-48cd8fb6078a", "code": "QCQFAK", "id": 66299, "logo": null, "date": "2025-03-22T09:15:00-05:00", "start": "09:15", "duration": "00:45", "room": "TCC\ud83d\udccdAuditorium 1.110", "slug": "ringzer0-bootstrap25-austin-66299-keynote-security-products-don-t-have-to-suck", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/QCQFAK/", "title": "KEYNOTE: Security Products Don't Have To Suck", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "It has been a decade and a half since [FX](https://x.com/41414141) famously quipped that by quality level, [\"we\u2019d be better off defending our networks with Microsoft Word than a Checkpoint firewall.\"](https://youtu.be/an_bnXUIP0Y?t=2360&ref=ringzer0.training)\r\n\r\nSecurity products are still pretty terrible - but why? From usability to vulnerability counts - we still fare pretty poorly. This keynote examines why this keeps happening and plots a path to a different world.", "description": "It has been a decade and a half since [FX](https://x.com/41414141) famously quipped that by quality level, [\"we\u2019d be better off defending our networks with Microsoft Word than a Checkpoint firewall.\"](https://youtu.be/an_bnXUIP0Y?t=2360&ref=ringzer0.training)\r\n\r\nSecurity products are still pretty terrible - but why? From usability to vulnerability counts - we still fare pretty poorly. This keynote examines why this keeps happening and plots a path to a different world.", "recording_license": "", "do_not_record": false, "persons": [{"code": "J8SM9Y", "name": "Haroon Meer", "avatar": "https://cfp.ringzer0.training/media/avatars/J8SM9Y_i3OcPm6.webp", "biography": "Haroon Meer is the founder of [Thinkst](https://thinkst.com/?ref=ringzer0.training), the company behind the well loved [Thinkst Canary](https://canary.tools/?ref=ringzer0.training). Haroon has contributed to several books on information security and has published a number of papers and tools on various topics related to the field. Over the past decade (or two) he has delivered research, talks and keynotes at conferences around the world.", "public_name": "Haroon Meer", "guid": "5f7e1e7e-7261-5536-ac81-e813a7564e88", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/J8SM9Y/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/QCQFAK/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/QCQFAK/", "attachments": []}, {"guid": "7d429a43-e14a-57c5-932f-8ad109f487d0", "code": "UJPQYU", "id": 64798, "logo": null, "date": "2025-03-22T10:00:00-05:00", "start": "10:00", "duration": "00:45", "room": "TCC\ud83d\udccdAuditorium 1.110", "slug": "ringzer0-bootstrap25-austin-64798-musings-from-decades-of-linux-kernel-security-research", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/UJPQYU/", "title": "Musings from Decades of Linux Kernel Security Research", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "The Linux Kernel underpins billions of modern computers and devices ranging across almost every industry. Arguably, its ubiquity places it firmly into the category of critical infrastructure. But, is it secure? In this presentation, Josh will explore this question in detail. He compares and contrasts the security investments being made within the Linux Kernel developer ecosystem with a typical software development life cycle used in a professional development organization. Additionally, he will share a case study of a public and widely exposed security issue that remains unfixed. Finally, he will make recommendations that can reduce the risk posed by running the Linux Kernel.", "description": "The Linux Kernel underpins billions of modern computers and devices ranging across almost every industry. Arguably, its ubiquity places it firmly into the category of critical infrastructure. But, is it secure? In this presentation, Josh will explore this question in detail. He compares and contrasts the security investments being made within the Linux Kernel developer ecosystem with a typical software development life cycle used in a professional development organization. Additionally, he will share a case study of a public and widely exposed security issue that remains unfixed. Finally, he will make recommendations that can reduce the risk posed by running the Linux Kernel.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9APDHF", "name": "Joshua J. Drake", "avatar": "https://cfp.ringzer0.training/media/avatars/9APDHF_ICrOhvV.webp", "biography": "Joshua \"jduck\" Drake is the Principal Security Researcher at Delphos Labs. He is a software developer, vulnerability researcher, reverse engineer, author, and public speaker with over 15 years of professional experience. He focused a majority of his career in the software space where he discovered, analyzed, and/or developed exploits for hundreds of security problems. jduck spent a decade focused on Android security (2011 to 2021). During that time, he took the lead on authoring the \"Android Hacker's Handbook\" and bringing the \"Stagefright Vulnerabilities\" to the public eye. Nowadays, jduck is researching the application of AI to reverse engineering and vulnerability discovery within binaries. When time permits, he likes to participate in Capture the Flag events and spend time with his family and friends.", "public_name": "Joshua J. Drake", "guid": "8cf19fcd-46d3-526c-b2ce-23e878d70786", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/9APDHF/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/UJPQYU/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/UJPQYU/", "attachments": []}], "TCC\ud83d\udccdRoom 1.124": [{"guid": "285f4692-8790-54f5-a5d7-db4fe51d4539", "code": "NN3HRH", "id": 59866, "logo": null, "date": "2025-03-22T11:00:00-05:00", "start": "11:00", "duration": "01:30", "room": "TCC\ud83d\udccdRoom 1.124", "slug": "ringzer0-bootstrap25-austin-59866-workshop-hands-on-binary-de-obfuscation", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/NN3HRH/", "title": "WORKSHOP: Hands-on binary (de)obfuscation", "subtitle": "", "track": null, "type": "Hands-On Workshop", "language": "en", "abstract": "In this workshop, we will provide an introduction to state-of-the-art approaches for modern binary (de)obfuscation. After a brief lecture on the fundamental ideas, we will walk through practical examples. We will use symbolic execution to retrieve the obfuscated expression from the compiled binary and attempt to simplify it, and finally, we will leverage program synthesis to reason about and successfully recover the semantics of the obfuscated code.", "description": "In this workshop, we will provide an introduction to state-of-the-art approaches for modern binary (de)obfuscation. After a brief lecture on the fundamental ideas, we will walk through practical examples. We will use symbolic execution to retrieve the obfuscated expression from the compiled binary and attempt to simplify it, and finally, we will leverage program synthesis to reason about and successfully recover the semantics of the obfuscated code.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CG98CQ", "name": "Arnau G\u00e0mez i Montolio", "avatar": "https://cfp.ringzer0.training/media/avatars/CG98CQ_krppqIj.webp", "biography": "Hacker, security researcher and mathematician with a strong bias towards software security and reverse engineering.\r\n\r\nSpecialized in software protection research and development (obfuscation, cryptography, mixed boolean-arithmetic algebra, inverse mappings, etc.) from a dual attack-and-defense perspective, both in academia and industry. Experienced malware analyst in the antivirus sector and security engineer in the gaming industry.\r\n\r\nFounder of Fura Labs, a boutique security firm and consultancy focused on software protection research and education. Speaker and trainer at several international security conferences.", "public_name": "Arnau G\u00e0mez i Montolio", "guid": "245c0c96-5342-5c3d-bd19-71f1f1d6761e", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/CG98CQ/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/NN3HRH/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/NN3HRH/", "attachments": []}, {"guid": "802895c5-a7f9-557e-b8a9-e59e62a4f631", "code": "DGKUNB", "id": 64445, "logo": null, "date": "2025-03-22T13:15:00-05:00", "start": "13:15", "duration": "01:30", "room": "TCC\ud83d\udccdRoom 1.124", "slug": "ringzer0-bootstrap25-austin-64445-workshop-introduction-to-automotive-firmware-reverse-engineering", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DGKUNB/", "title": "WORKSHOP: Introduction to Automotive firmware reverse engineering", "subtitle": "", "track": null, "type": "Hands-On Workshop", "language": "en", "abstract": "In this workshop we will cover the basics of reverse engineering automotive firmware. An ECU firmware can consist of millions of lines of code which would take a long time to fully reverse engineer. Tips and tricks will be taught to quickly identify parts of the firmware that are of interest.", "description": "The following subjects will be covered during the workshop:\r\n- Common processor architectures used in Automotive\r\n- Diagnostic protocols used for reflashing ECUs\r\n- Obtaining firmware files\r\n- Typical firmware layout\r\n- Loading firmware into Ghidra\r\n- Identify common patterns, such as diagnostic handlers, CAN parsing, etc\r\n\r\nWhat to bring:\r\n- A laptop with the latest version of Ghidra installed\r\n- Experience with reverse engineering recommended for the hands-on part of the workshop", "recording_license": "", "do_not_record": false, "persons": [{"code": "ENP9ZX", "name": "Willem Melching", "avatar": "https://cfp.ringzer0.training/media/avatars/ENP9ZX_OGC4kU5.webp", "biography": "Willem Melching (https://twitter.com/PD0WM) is an independent security researcher. He has over 7 years of experience working on automotive security and reverse engineering. During his time at comma.ai he worked an aftermarket ADAS device and providing open source tools to help the community reverse and interact with a wide variety of cars. Check out his blog (https://icanhack.nl/blog) for recent work.", "public_name": "Willem Melching", "guid": "be6ca09e-ecf6-52d5-9a44-d74486d200fe", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/ENP9ZX/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DGKUNB/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DGKUNB/", "attachments": []}, {"guid": "ffe98d28-2a77-51c7-99b0-bb59492f42e1", "code": "XJHDRQ", "id": 50424, "logo": null, "date": "2025-03-22T15:15:00-05:00", "start": "15:15", "duration": "01:30", "room": "TCC\ud83d\udccdRoom 1.124", "slug": "ringzer0-bootstrap25-austin-50424-workshop-offensive-security-tool-development-with-ghidra", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/XJHDRQ/", "title": "WORKSHOP: Offensive Security Tool Development with Ghidra", "subtitle": "", "track": null, "type": "Hands-On Workshop", "language": "en", "abstract": "Unlock the power of automated reverse engineering with Ghidra\u2019s command line tools in this hands-on workshop. Designed for developers and security analysts, this session will guide you through the process of setting up a productive development environment using the Ghidra Python VSCode Devcontainer Skeleton. You\u2019ll learn how to automate tasks, script analyses, and integrate Ghidra\u2019s powerful decompilation and disassembly features into your workflow, all from the command line.", "description": "**Workshop Outline:**\r\n\r\n**I. Introduction **\r\n\r\n- Overview of Ghidra and its capabilities\r\n- Importance of command line tools in reverse engineering\r\n- Introduction to the Ghidra Python VSCode Devcontainer Skeleton\r\n\r\n**II. Setting Up the Environment **\r\n\r\n- Cloning the repository and exploring its structure\r\n- Setting up VSCode and the devcontainer for Ghidra scripting\r\n- Understanding the Ghidra headless analyzer\r\n\r\n**III. Basic Ghidra Command Line Operations **\r\n\r\n- Navigating Ghidra\u2019s command line interface\r\n- Importing and analyzing a binary\r\n- Learning the various ways to script Ghidra in Python\r\n- Learning the best way\r\n\r\n**IV. Scripting with Ghidra **\r\n\r\n- Writing basic scripts to automate tasks in Ghidra\r\n- Utilizing the Ghidra API for advanced scripting\r\n- Debugging and optimizing scripts\r\n- Hands-on challenge: Write a script to automate a call graph analysis\r\n\r\n**V. Advanced Techniques **\r\n\r\n- Integrating external tools and libraries with Ghidra scripts\r\n- Customizing the devcontainer for specific use cases\r\n\r\n**VI. Q&A and Practical Session**\r\n\r\n- Open floor for participant questions", "recording_license": "", "do_not_record": false, "persons": [{"code": "AMK8KJ", "name": "John McIntosh", "avatar": "https://cfp.ringzer0.training/media/avatars/AMK8KJ_eIBiNXT.webp", "biography": "**John McIntosh** ([@clearbluejar](https://x.com/clearbluejar)), is a security researcher at [Clearseclabs](https://www.clearseclabs.com/).  His area of expertise lies within reverse engineering and offensive security, where he demonstrates proficiency in binary analysis, patch diffing, and vulnerability discovery. Notably, John has developed multiple open-source security tools for vulnerability research, all of which are accessible on his GitHub page. Additionally, his website, [https://clearbluejar.github.io/](https://clearbluejar.github.io/), features detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra. Boasting over a decade of experience in offensive security, John is a distinguished presenter and educator at prominent security conferences internationally. He maintains a fervent commitment to sharing his latest research, acquiring fresh perspectives on binary analysis, and engaging in collaborative efforts with fellow security enthusiasts.", "public_name": "John McIntosh", "guid": "a86723a0-d43e-5cdc-bea2-78bcf82dc47d", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/AMK8KJ/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/XJHDRQ/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/XJHDRQ/", "attachments": []}], "TCC\ud83d\udccdRoom 1.126": [{"guid": "a8c6c088-92ef-5986-b80d-e204af2a5806", "code": "TKJP3F", "id": 64448, "logo": null, "date": "2025-03-22T11:00:00-05:00", "start": "11:00", "duration": "01:30", "room": "TCC\ud83d\udccdRoom 1.126", "slug": "ringzer0-bootstrap25-austin-64448-workshop-blue2thprinting-identifying-the-form-and-function-of-the-bluetooth-devices", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/TKJP3F/", "title": "WORKSHOP: Blue2thprinting: identifying the form and function of the Bluetooth devices", "subtitle": "", "track": null, "type": "Hands-On Workshop", "language": "en", "abstract": "At this very moment you are enveloped in the warm glowing warming glow of dozens to hundreds of Bluetooth devices. Aren\u2019t you curious what all those little critters are?! In this workshop we\u2019ll use the Blue2thprinting tools to poke at these apparitions and get a sense of what they are and what they want from us!\r\n\r\nNote: this workshop will require you to run a prepared Linux VMware VM, and plug in USB Bluetooth dongles for sending and receiving packets. Come with VMware installed, and a machine you're willing to plug USB devices into.", "description": "[Blue2thprinting](http://darkmentor.com/publication/2023-11-hardweario/) is Bluetooth-toothprinting - the act of creating a toothprint (2thprint) to identify distinct features of a Bluetooth device. These 2thprints help us determine information such as what type of Bluetooth chip it uses, what company makes it, what model it is, etc. Over the past year I have focused on Blue2thprinting as a way to approach vulnerability assessment of Bluetooth devices. Specifically, whether they are vulnerable to the over-the-air Bluetooth chip vulnerabilities found by Veronica Kovah and presented at BlackHat USA 2020.\r\n\r\nThis workshop serves as a preview of the 1-day Blue2thprinting class being developed for OpenSecurityTraining2 (ost2.fyi) by Xeno Kovah. This brief workshop will give you a basic introduction to what the built-in Linux tools do and don't give you, and how that information is combined with and supplemented by the customized Blue2thprinting tools, and wrapped into more human-understandable formatting.\r\n\r\nThe first 20 attendees who arrive will be provided with a preconfigured Linux VM where both the collection and analysis components are already set up, and the two USB dongles necessary to demonstrate improved capture capabilities. (Attendees after 20 can get the VM but will need to look over the shoulder of someone with the hardware.) The VM will also be pre-seeded with some real Bluetooth data from past security conferences I've attended (DEF CON, Hardwear.io, RingZer0 2022, etc), that can be explored at your leisure. You'll also get a chance to try out the brand new \"BTIDALPOOL\" crowdsourcing infrastructure, which lets folks submit or retrieve shared Bluetooth information from a central server.\r\n\r\nIn this workshop you\u2019ll learn about and play around with the following:\r\n\r\nLinux Bluetooth default tools:\r\n - hciconfig\r\n - bluetoothctl\r\n - btmon\r\n\r\nLinux non-default tools:\r\n - Wireshark\r\n - gatttool\r\n - sdptool\r\n\r\nBlue2thprinting software:\r\n - central_app_launcher2.py for coordinating active 2thprinting components\r\n - Sniffle for sniffing BLE or sending arbitrary BT Low Energy packets\r\n - Analysis scripts for post-processing log files and placing data into MySQL database\r\n - TellMeEverything.py to provide a nicer interface to the data in the local or remote BTIDALPOOL database\r\n\r\nAt the end of the workshop you\u2019ll be cordially invited to join the BlueCrew, and be introduced into the wide world of open research questions that exist in the Bluetooth space, awaiting your collaboration.", "recording_license": "", "do_not_record": false, "persons": [{"code": "97VVUB", "name": "Xeno Kovah", "avatar": "https://cfp.ringzer0.training/media/avatars/97VVUB_6TUmKY3.webp", "biography": "Prior to working full time on [OpenSecurityTraining2 (ost2.fyi)](https://ost2.fyi), Xeno worked at Apple designing architectural support for firmware security, and code auditing firmware security implementations. A lot of what he did revolved around adding secure boot support to the main and peripheral processors (e.g. the Broadcom Bluetooth chip.) He led the efforts to bring secure boot to Macs, first with T2-based Macs, and then with the massive architectural change of Apple Silicon Macs. Once the M1 Macs shipped, he left Apple to pursue the project he felt would be most impactful: creating free deep-technical online training material and growing the newly created OpenSecurityTraining 501(c)(3) nonprofit.", "public_name": "Xeno Kovah", "guid": "a91f23aa-568a-5607-a29c-67b202a1ea38", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/97VVUB/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/TKJP3F/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/TKJP3F/", "attachments": []}, {"guid": "273d408a-94c6-5470-bfe5-ab671766ea76", "code": "AHQBXY", "id": 66542, "logo": null, "date": "2025-03-22T13:15:00-05:00", "start": "13:15", "duration": "01:30", "room": "TCC\ud83d\udccdRoom 1.126", "slug": "ringzer0-bootstrap25-austin-66542-workshop-compiler-internals-for-security-engineers", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/AHQBXY/", "title": "WORKSHOP: Compiler Internals for Security Engineers", "subtitle": "", "track": null, "type": "Hands-On Workshop", "language": "en", "abstract": "This workshop introduces students to security relevant aspects of compiler internals, and with guided examples enables students to perform their own code modifications through a compiler. We will use a pre-setup environment with which we can analyze source code through different compilation stages and by the end of the workshop students will be able to inject code at an early compiler stage. Students will gain understanding of the security relevancy of a build chain.", "description": "This workshop introduces students to security relevant aspects of compiler internals, and with guided examples enables students to perform their own code modifications through a compiler. We will use a pre-setup environment with which we can analyze source code through different compilation stages and by the end of the workshop students will be able to inject code at an early compiler stage. Students will gain understanding of the security relevancy of a build chain.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8X37GC", "name": "Marion Marschalek", "avatar": "https://cfp.ringzer0.training/media/avatars/8X37GC_98nLHw0.webp", "biography": "Marion has been a Senior Security Engineer working on building threat detection solutions based on machine learning and AI. She also held an offensive security research position at Intel and different roles in the threat detection industry, as a malware reverse engineer and incident responder. Marion is the founder of BlackHoodie, a hacker bootcamp for women, which is established as a global initiative to attract more diverse talent to the security industry.", "public_name": "Marion Marschalek", "guid": "979630a7-f690-54a8-9ab6-c867cfc1e8a8", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/8X37GC/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/AHQBXY/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/AHQBXY/", "attachments": []}, {"guid": "1336e1f3-364c-5210-b0cd-4f8bdade33c0", "code": "EY3KQZ", "id": 64704, "logo": null, "date": "2025-03-22T15:15:00-05:00", "start": "15:15", "duration": "01:30", "room": "TCC\ud83d\udccdRoom 1.126", "slug": "ringzer0-bootstrap25-austin-64704-workshop-fuzz-testing-bare-metal-and-rtos-firmware", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/EY3KQZ/", "title": "WORKSHOP: Fuzz Testing Bare Metal and RTOS Firmware", "subtitle": "", "track": null, "type": "Hands-On Workshop", "language": "en", "abstract": "Fuzz testing is a powerful technique for uncovering vulnerabilities, but applying it to deeply embedded, bare-metal, or real-time operating system (RTOS) firmware presents unique challenges compared to traditional Linux-based systems. This hands-on, 90-minute workshop will guide participants through the process of analyzing and fuzz testing deeply embedded firmware using a modern technique called firmware rehosting.", "description": "Fuzz testing is a powerful technique for uncovering vulnerabilities, but applying it to deeply embedded, bare-metal, or real-time operating system (RTOS) firmware presents unique challenges compared to traditional Linux-based systems. This hands-on, 90-minute workshop will guide participants through the process of fuzz testing and analyzing deeply embedded firmware using a modern technique called firmware rehosting.\r\n\r\nAttendees will gain practical experience in:\r\n\r\n1. **Understanding the Landscape**: We will explore the differences between deeply embedded firmware and Linux-based firmware.\r\n2. **Firmware Analysis with Ghidra**: Participants will learn how to load and start analyzing deeply embedded firmware in Ghidra.\r\n3. **Fuzz Testing with Fuzzware**: We will introduce Fuzzware, a rehosting-based fuzzing framework for deeply embedded systems, and demonstrate how to set up and execute fuzz tests to uncover security issues.\r\n\r\nThis workshop is ideal for security researchers, embedded developers, and anyone interested in securing low-level firmware. No prior experience is required. Attendees will leave with the knowledge and practical skills needed to start integrating fuzz testing into their embedded security workflows.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JMTV7W", "name": "Tobias Scharnowski, Marius Muench", "avatar": "https://cfp.ringzer0.training/media/avatars/JMTV7W_7ktUJeU.webp", "biography": "**Tobias Scharnowski** is an embedded systems security researcher at CISPA. He focuses on automated firmware security analysis techniques. Besides academia, he is a CTF RE/pwning veteran and repeat Pwn2Own participant. At Pwn2Own, he demonstrated RCE on 13 targets in the automotive and industrial automation domains. This included an exploit of the core DNP3 implementation, the protocol that powers the US electric grid.\r\nhttps://twitter.com/scepticCTF\r\nhttps://github.com/fuzzware-fuzzer\r\n\r\n**Marius Muench** is an assistant professor at the University of Birmingham. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as postdoctoral researcher at the Vrije Universiteit Amsterdam. He developed and maintains avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands. Throughout his career, Marius publicly shared his findings and presented at venues such as Black Hat, REcon, and Hardwear.io.\r\nhttps://twitter.com/nsinusr\r\nhttps://www.linkedin.com/in/marius-muench-801aa580\r\nhttps://github.com/FirmWire/FirmWire\r\nhttps://github.com/avatartwo/avatar2?ref=ringzer0.training", "public_name": "Tobias Scharnowski, Marius Muench", "guid": "7b3f79cd-b0e6-5732-9ba0-42cd2e420959", "url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/speaker/JMTV7W/"}], "links": [], "feedback_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/EY3KQZ/feedback/", "origin_url": "https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/EY3KQZ/", "attachments": []}]}}]}}}