About Our Event

Welcome to Scapy Con Automotive, a two-day immersion into the world of network packet manipulation. Despite the addition "Automotive", ScapyCon potentially covers the whole spectrum of applications, from aviation to IoT. Join us on September 18th and 19th, 2024, at Techbase Regensburg for an event designed to expand your skills and knowledge in utilizing Scapy, the premier Python program for packet manipulation.

On Day One, join us for a classic conference experience featuring keynote speakers and industry experts, as they share insights and best practices for leveraging Scapy in automotive applications. Day Two kicks off with an intensive training session held by Guillaume Valadon. The workshop is aimed at both beginners and seasoned professionals. Dive deep into the capabilities of Scapy as we explore its functionalities for sending, sniffing, dissecting, and forging network packets.

Whether you’re a cybersecurity professional, network engineer, or automotive enthusiast, Scapy Con Automotive offers something for everyone interested in harnessing the power of packet manipulation tools. Don’t miss this unique opportunity to expand your skills, connect with like-minded professionals, and stay ahead of the curve in automotive cybersecurity. Reserve your spot today for Scapy Con Automotive!

Location Information

Dates and Times
September 18th 2024 from 9:00 to 17:00 GMT+2September 19th 2024 from 9:00 to 17:00 GMT+2
Location Name
Techbase Regensburg
Address
Franz-Mayer-Str. 1, Regensburg, , 93053 DE
Directions
Google, Bing, MapQuest

Speakers

Philippe Biondi Scapy Author

Philippe Biondi is the author of Scapy and numerous other security related tools. He is a co-creator of the SSTIC french-speaking conference; He is a co-author of the Security Powertools book. He published several articles in MISC magazine. He gave several talks to security conferences (Blackhat, HITB, GreHack, CansecWest, Defcon, Syscan, etc.)

Dr. Nils Weiss Co-Founder dissecto GmbH / Scapy Maintainer

Dr. Weiß delved into penetration testing during his Bachelor's and Master's, exploring vulnerabilities in embedded systems and entire vehicles. Active in developing open-source penetration test frameworks like Scapy, he co-founded dissecto GmbH in 2022, focusing on simplifying security diagnostics and solutions for embedded systems.

Guillaume Valadon Scapy Maintainer

Guillaume has a PhD in networking and loves to look at data and to craft packets. In his spare time, he co-maintains Scapy and does some reversing engineering. Also, he still remembers what AT+MS=V34 means! Guillaume regularly gives technical presentations, classes and live demonstrations, and writes research papers for conferences and magazines. He is the editor-in-chief of the MISC Magazine, the first one dedicated to security in France.

Thomas Sermpinis Technical Director, Auxilium Pentest Labs

Thomas is the Technical Director of Auxilium Cyber Security and independent security researcher with main topics of interest in the automotive, industrial control, embedded device and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 200 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products.

Pavel Khunt Automotive Security Researcher, Auxilium Pentest Labs

With a background in engineering, Pavel graduated from FIT CTU, where his master’s thesis focused on V2G (Vehicle-to-Grid) communication during the charging of Electric Vehicles (EVs). Passionate about ensuring the safety and security of automotive technologies.

Willem Melching Independent Security Researcher

Willem Melching is an independent security researcher and runs the blog icanhack.nl. He has over 5 years of experience working on automotive security and reverse engineering.

Alexander Schröder Penetration Tester at AVL

Alexander is a penetration tester at AVL Software & Functions GmbH. He started his journey in this field during his Master's focused on automotive security, supporting the development of Automotive Scapy. Currently, he is dedicated to pentesting automotive systems and supporting the development of secure vehicles.

Thomas Faschang PhD Student TU Graz

Thomas is a PhD student at the Institute of Technical Informatics at TU Graz, specializing in Automotive Cybersecurity. His research focuses on developing a Testing and Training Framework for Automotive Cybersecurity, which formed the basis of his Master's thesis. Currently, Thomas works as a Vehicle Cybersecurity Engineer at KTM AG.

If you're interested in becoming a speaker at ScapyCon Automotive, please follow the link below:

Apply Here!

Keynotes & Talks

Thomas Sermpinis & Pavel Khunt (V2GEVIL: ghost in the wires)

In this talk, we’ll explore the world of electric vehicle cybersecurity, focusing on charging communication, vulnerabilities in EVCC implementation, and the development of a dedicated security tool. We’ll discuss charging standards, communication protocols, and real-world scenarios to understand the evolving landscape of electric mobility cybersecurity. Additionally, we’ll showcase and discuss the hardware required for connecting to the vehicle charging port.

Willem Melching (My car, My keys: obtaining CAN bus SecOC signing keys)

Secure Onboard Communication (SecOC) is a new standard to add a Message Authentication Code (MAC) to messages on a vehicle’s CAN bus. This prevents ECUs that have no knowledge of a secret AES key to communicate with other parts of the vehicle. However, this prevents the owner of the vehicle to install any third-party devices not sanctioned by the vehicle manufacturer. In this talk we will explain how we broke the SecOC implementation of a 2021 Model Year vehicle by attacking the power steering ECU. We will give a short introduction on SecOC. We will also explain how key management is implemented, and why observing a key update when replacing a part won’t allow extracting the key.

Philippe Biondi (Aircraft Security)

This talk will revolve around aircraft security. And, you guess it, how Scapy is used in the process of making aviation safer.

Dr. Nils Weiss (Past, Present and Future of Automotive Scapy)

Explore Scapy's features and join an interactive discussion on future topics and requirements. Engage with the audience to shape the roadmap for Scapy's development.

Alexander Schröder (You CAN't fuzz this)

Fuzzing is a widely used technique in traditional IT for uncovering numerous vulnerabilities. But how effective is it in testing automotive systems? This presentation explores the possibilities and challenges of applying fuzzing to the CAN bus, the backbone of vehicle communication networks. We will explore how to identify and fuzz ideal targets (and how Scapy can help us), but also discuss the limitations and challenges of fuzzing the CAN bus.

Thomas Faschang (Using Scapy for Cybersecurity Verification in ISO/SAE 21434)

Automotive Original Equipment Manufacturers (OEMs) must comply with UNECE Regulation 155 to achieve vehicle homologation. As a result, OEMs follow the ISO/SAE 21434 standard. Key aspects of this standard include Threat Analysis and Risk Assessment (TARA), Cybersecurity Requirements, and their verification. To verify cybersecurity requirements, the Scapy library offers a powerful toolkit for writing test cases. This presentation provides an overview of the product security workflow in automotive OEMs and explains how Scapy can be integrated into the process.

Workshops

TLS Workshop (Guillaume Valadon)

In this hands-on workshop, you will learn what TLS messages look like on the network and manipulate them to interact with real implementations. You will manipulate X.509 certificates to look for relevant information and modify their contents. You will also learn how to decrypt TLS sessions using session keys retrieved from Linux processes.

Advanced Hacking Techniques (Willem Melching & dissecto)

Join experts Willem Melching and dissecto for a hands-on workshop focused on advanced ECU hacking techniques. Ideal for security professionals, automotive engineers, and enthusiasts, this workshop provides practical experience with real-world ECUs, firmware reverse engineering, and vulnerability identification.

Beginner Hacking Techniques / HydraVision (dissecto)

Join us for an intensive workshop on vehicle network security, featuring hands-on exercises in CAN-Bus attacks, ECU reverse engineering, and vulnerability scanning with Python. Gain insights into UDS protocols, OEM specifics, and automated security testing using HydraVision.

Evening Event

Join us for an evening at Degginger Regensburg! Enjoy free drinks and food, featuring delicious local Bavarian cuisine. It’s a perfect opportunity to relax, socialize, and savor great flavors.

About Scapy

Scapy, a Python program, revolutionizes network packet manipulation by offering extensive capabilities including packet sending, sniffing, dissecting, and forging. This multifaceted tool empowers users to construct bespoke solutions for network probing, scanning, and security testing. Unlike conventional networking tools, Scapy boasts an interactive interface enabling users to craft, decode, and interpret packets with unparalleled flexibility. Its domain-specific language simplifies packet description and manipulation, epitomized by its ability to describe packets in just a few lines of code. Scapy’s unique approach diverges from traditional tools by providing raw, uninterpreted data, facilitating nuanced analysis and eliminating biases inherent in interpreted results.

With Scapy, users harness complete control over packet construction and analysis, elevating network exploration and security testing to new heights of precision and customization.

Register

Registration Options

VIP Conference & Workshop Tickets (€349.00)
2-day conference and workshop ticket, general admission incl. drinks, lunch & evening event on the first conference day. This fee includes a donation for educational purposes. Accommodation excluded.
Conference & Workshop Ticket (€249.00)
2-day conference and workshop ticket, general admission incl. drinks, lunch & evening event on the first conference day. Accommodation excluded.
Corporate Ticket (€199.00)
general admission incl. drinks, lunch & evening event on the first conference day. This fee includes a donation for educational purposes. Accommodation excluded.
Individual Ticket (€99.00)
general admission incl. drinks, lunch & evening event on the first conference day. Accommodation excluded.
Students Ticket (€39.00)
For students we're offering a discounted fare to the first conference day. Please bring your certificate of enrolment!

Registrant Info

Name

Organization

Address

Running Total

€199.00

Total