Conference 2023

Program

November 2nd to 3rd, 2023
La Marive, Yverdon-les-Bains

Cutting Edge Technical Talks... and more!

#BlackAlps23 program has been prepared by an independent, neutral committee of internationally recognized experts. The program committee reviewed many proposals and selected the most appropriate and interesting talks for the conference (except the keynotes and rumps).

Learn more about the Call For Proposal and committee.

Most of the program is at La Marive, Yverdon-les-Bains, except specific side events like the Networking dinner.

Thursday November 2nd, 2023

08:30 - 09:00
LIVE
Welcome and coffee
09:00 - 09:15
LIVE
Opening Words (en)
Sylvain Pasini (HEIG-VD, president of Black Alps )
09:15 - 09:45
LIVE
[Keynote] Unveiling the Express Lane to Catastrophe: Insights from Extensive Security Testing (en)
Florian Badertscher (Bug Bounty Switzerland AG )
09:45 - 10:30
LIVE
Needles in the Haystack: A Heuristics-based Approach to Vulnerability Discovery (en)
Matt Hand (Prelude)
Jack Ullrich (SpecterOps)
10:30 - 11:00
LIVE
Coffee Break
11:00 - 11:45
LIVE
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments (en)
Pierre Dumont (Kudelski Security )
Romain Aviolat (Kudelski Security )
11:45 - 12:30
LIVE
XORtigate: zero-effort, zero-expense, 0-day on Fortinet SSL VPN (en)
Charles Fol (Lexfo )
12:30 - 14:15
LIVE
Lunch
14:15 - 15:00
LIVE
Ghidriff: Ghidra Binary Diffing Engine (en)
John Mac (ClearSecLabs )
15:00 - 15:45
LIVE
Quantum Computing Doomsday Planning: Is Your Organisation Ready? (en)
Jean-Philippe Aumasson (Taurus)
Farida Aclimandos (EPFL)
15:45 - 16:15
LIVE
Coffee Break
16:15 - 17:00
LIVE
Sideloading Serenade: A Symphony of .NET Payload Techniques" (en)
Nick Powers (SpecterOps )
Steven Flores (SpecterOps )
17:00 - 17:45
LIVE
Caviar Scammers: The Sophisticated Operations of the SturgeonPhisher APT Group (en)
Damien Schaeffer
17:45 - 18:15
LIVE
Travel
18:00 - 23:30
LIVE
Networking dinner Salle des quais (Grandson)
Salle des quais (Grandson)
Mandatory registration
Aperitif at 18:00
Dinner at 19:30

Friday November 3rd, 2023

08:30 - 09:00
LIVE
Travel
09:00 - 09:15

LIVE
Opening
09:15 - 09:45
LIVE
[Keynote] Unleash the engineer within: Culture eats policy for breakfast (en)
Fred Blaise (Thomson Reuters)
09:45 - 10:30
LIVE
Unraveling the Challenges of Reverse Engineering Flutter Applications (en)
Axelle Apvrille (Fortinet)
10:30 - 11:00
LIVE
Coffee Break
11:00 - 11:45
LIVE
A Security Research Journey: how the mobile industry met hackers in the middle (en)
David Rogers MBE (Copper Horse Ltd )
Roger Brown (GSMA)
11:45 - 12:30
LIVE
Command-line Obfuscation Detection Using Large Language Models (en)
Michael Adam Polak (Cisco )
Vojtech Outrata (Cisco )
12:30 - 14:15
LIVE
Lunch
14:15 - 15:00
LIVE
Cyber incident reportings : common obligations within organisations (en)
Pauline Meyer (University of Lausanne )
Sylvain Métille (University of Lausanne )
15:00 - 15:45
LIVE
Defeating VPN Always-On (en)
Maxime Clementz (PwC Luxembourg )
15:45 - 16:15
LIVE
Coffee Break
16:15 - 17:00
LIVE
Infiltrating Kubernetes: A Comprehensive Study of Attack Scenarios and Security Measures (en)
Magno Logan (Trend Micro )
17:00 - 17:45
LIVE
Rump Session (fr-en)
Several speakers
17:45 - 19:00
LIVE
Aperitif
19:00 - 23:00
LIVE
Black Alps Dinner
(La Marive)
Free for all
Black Alps participants

Legend

 
Conference
 
Keynote
 
Lightning Talks
 
Evening

Talk selection process

A call for proposal (CFP) was organized. The program committee was in charge to select the talks (except the keynotes and rumps). The submission process is now closed (it was open until July 31, 2023.).

Program committee

The program committee is composed of international renowned experts in the field.

  • Julien Bachmann , Google (chair)
  • Diane Dubois , Google
  • Alain Mowat , SCRT
  • Sylvain Pelissier , Kudelski Security
  • Christophe Tafani-Dereeper , Datadog
  • Mathieu Tarral , Intel

Proposal topics

  • Application security
  • Vulnerability research and exploits development
  • Penetration testing and red teaming
  • Cloud security
  • Security automation
  • Network security
  • Intrusion detection and monitoring
  • Cryptography