ScapyCon Automotive

Speakers

Philippe Biondi Scapy Author

Philippe Biondi is the author of Scapy and numerous other security related tools. He is a co-creator of the SSTIC french-speaking conference; He is a co-author of the Security Powertools book. He published several articles in MISC magazine. He gave several talks to security conferences (Blackhat, HITB, GreHack, CansecWest, Defcon, Syscan, etc.)

Dr. Nils Weiss Co-Founder dissecto GmbH / Scapy Maintainer

Dr. Weiß delved into penetration testing during his Bachelor's and Master's, exploring vulnerabilities in embedded systems and entire vehicles. Active in developing open-source penetration test frameworks like Scapy, he co-founded dissecto GmbH in 2022, focusing on simplifying security diagnostics and solutions for embedded systems.

Guillaume Valadon Scapy Maintainer

Guillaume has a PhD in networking and loves to look at data and to craft packets. In his spare time, he co-maintains Scapy and does some reversing engineering. Also, he still remembers what AT+MS=V34 means! Guillaume regularly gives technical presentations, classes and live demonstrations, and writes research papers for conferences and magazines. He is the editor-in-chief of the MISC Magazine, the first one dedicated to security in France.

Thomas Sermpinis Technical Director, Auxilium Pentest Labs

Thomas is the Technical Director of Auxilium Cyber Security and independent security researcher with main topics of interest in the automotive, industrial control, embedded device and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 200 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products.

Pavel Khunt Automotive Security Researcher, Auxilium Pentest Labs

With a background in engineering, Pavel graduated from FIT CTU, where his master’s thesis focused on V2G (Vehicle-to-Grid) communication during the charging of Electric Vehicles (EVs). Passionate about ensuring the safety and security of automotive technologies.

Willem Melching Independent Security Researcher

Willem Melching is an independent security researcher and runs the blog icanhack.nl. He has over 5 years of experience working on automotive security and reverse engineering.

Alexander Schröder Penetration Tester at AVL

Alexander is a penetration tester at AVL Software & Functions GmbH. He started his journey in this field during his Master's focused on automotive security, supporting the development of Automotive Scapy. Currently, he is dedicated to pentesting automotive systems and supporting the development of secure vehicles.

Thomas Faschang PhD Student TU Graz

Thomas is a PhD student at the Institute of Technical Informatics at TU Graz, specializing in Automotive Cybersecurity. His research focuses on developing a Testing and Training Framework for Automotive Cybersecurity, which formed the basis of his Master's thesis. Currently, Thomas works as a Vehicle Cybersecurity Engineer at KTM AG.

Francisco Cotrina HW/SW Developer TTTech-Auto

Francisco is a HW and SW developer working for 8 years at TTTech-Auto where he designs and implements Automotive Secure Gateways, focusing in Cybersecurity and Communications. Monday to Friday he wears a white hat and on weekends a black one.

Falk Mayer Co-Founder and Managing Director of BreachLabz

Falk co-founded BreachLabz, a Munich-based team focused on penetration testing for the automotive industry. With degrees in physics and a background in information, IoT, and automotive security, Falk specializes in testing, vulnerability management, and risk assessments, particularly in line with UN R155 and ISO/SAE 21434 compliance standards.

Jan-Peter von Hunnius Embedded & Automotive Cybersecurity Specialist

Jan- Peter is a cybersecurity expert in IT/embedded systems and vehicle security. With over 20 years of experience, he has worked with global automotive suppliers and OEMs. A former partner at CYRES Consulting, he specializes in cybersecurity engineering processes per ISO/SAE 21434, UN R155, and ASPICE.

Keynotes & Talks

Thomas Sermpinis & Pavel Khunt (V2GEVIL: ghost in the wires)

In this talk, we’ll explore the world of electric vehicle cybersecurity, focusing on charging communication, vulnerabilities in EVCC implementation, and the development of a dedicated security tool. We’ll discuss charging standards, communication protocols, and real-world scenarios to understand the evolving landscape of electric mobility cybersecurity. Additionally, we’ll showcase and discuss the hardware required for connecting to the vehicle charging port.

Willem Melching (My car, My keys: obtaining CAN bus SecOC signing keys)

Secure Onboard Communication (SecOC) is a new standard to add a Message Authentication Code (MAC) to messages on a vehicle’s CAN bus. This prevents ECUs that have no knowledge of a secret AES key to communicate with other parts of the vehicle. However, this prevents the owner of the vehicle to install any third-party devices not sanctioned by the vehicle manufacturer. In this talk we will explain how we broke the SecOC implementation of a 2021 Model Year vehicle by attacking the power steering ECU. We will give a short introduction on SecOC. We will also explain how key management is implemented, and why observing a key update when replacing a part won’t allow extracting the key.

Philippe Biondi (Aircraft Security)

This talk will revolve around aircraft security. And, you guess it, how Scapy is used in the process of making aviation safer.

Dr. Nils Weiss (Past, Present and Future of Automotive Scapy)

Explore Scapy's features and join an interactive discussion on future topics and requirements. Engage with the audience to shape the roadmap for Scapy's development.

Alexander Schröder (You CAN't fuzz this)

Fuzzing is a widely used technique in traditional IT for uncovering numerous vulnerabilities. But how effective is it in testing automotive systems? This presentation explores the possibilities and challenges of applying fuzzing to the CAN bus, the backbone of vehicle communication networks. We will explore how to identify and fuzz ideal targets (and how Scapy can help us), but also discuss the limitations and challenges of fuzzing the CAN bus.

Thomas Faschang (Using Scapy for Cybersecurity Verification in ISO/SAE 21434)

Automotive Original Equipment Manufacturers (OEMs) must comply with UNECE Regulation 155 to achieve vehicle homologation. As a result, OEMs follow the ISO/SAE 21434 standard. Key aspects of this standard include Threat Analysis and Risk Assessment (TARA), Cybersecurity Requirements, and their verification. To verify cybersecurity requirements, the Scapy library offers a powerful toolkit for writing test cases. This presentation provides an overview of the product security workflow in automotive OEMs and explains how Scapy can be integrated into the process.

Francisco Cotrina (Implementing and Testing Layer 2 Firewall Rules with Scapy)

The internal networks used in modern automotive systems are relying on Ethernet protocols, using smart switches. We have learned from IT world that they should be protected on L2 layer, usually via firewall rules. I show how such approach might be easy to understand, but it needs to be accurate, updateable, and loggeable. Testing those rules requires careful and deep implementation, supported by flexible tools such as Scapy.

Falk Mayer (JTAG Enumeration using the RP2040 on the HydraProbe)

In this session, we'll dive into the world of hardware debug ports on automotive components. You've probably heard the advice, "Lock your debug ports," but for many, checking whether JTAG is locked remains a bit of a mystery. We'll walk you through the basics of the JTAG protocol, how to connect to it, and show you how to use the RP2040 co-processor on the Hydravision Probe to adapt your scripts for different microcontrollers.

Jan-Peter von Hunnius (Insights into vehicle security attack vectors)

We look at the current state of vehicle security, highlighting infamous hacks and show where vulnerabilities still exist: From (not so much) secret key material and exploitable diagnostic services to bad encryption schemes and lack of message authentication. An inspiring raid through the open flanks of cybersecurity in (modern) vehicles.

Workshops

IPv6 & TLS Workshop (Guillaume Valadon)

In this hands-on workshop, you will learn how to use Scapy to interact with IPv6 and TLS, discover what these packets look like on the network, and manipulate the corresponding Scapy objects to interact with real implementations. Regarding TLS, you will manipulate X.509 certificates to look for relevant information and modify their contents. You will also learn how to decrypt TLS sessions using keys retrieved from Linux processes. Together we will explore IPv6 security and understand how Scapy can be used to perform practical attacks.

+++ SOLD OUT+++ Advanced Hacking Techniques (Willem Melching & dissecto) +++ SOLD OUT+++

Join experts Willem Melching and dissecto for a hands-on workshop focused on advanced ECU hacking techniques. Ideal for security professionals, automotive engineers, and enthusiasts, this workshop provides practical experience with real-world ECUs, firmware reverse engineering, and vulnerability identification.

+++ SOLD OUT+++ Beginner Hacking Techniques / HydraVision (dissecto)+++ SOLD OUT+++

Join us for an intensive workshop on vehicle network security, featuring hands-on exercises in CAN-Bus attacks, ECU reverse engineering, and vulnerability scanning with Python. Gain insights into UDS protocols, OEM specifics, and automated security testing using HydraVision.

Evening Event

Join us for an evening at Degginger Regensburg! Enjoy free drinks and food, featuring delicious local Bavarian cuisine. It’s a perfect opportunity to relax, socialize, and savor great flavors.

About Scapy

Scapy, a Python program, revolutionizes network packet manipulation by offering extensive capabilities including packet sending, sniffing, dissecting, and forging. This multifaceted tool empowers users to construct bespoke solutions for network probing, scanning, and security testing. Unlike conventional networking tools, Scapy boasts an interactive interface enabling users to craft, decode, and interpret packets with unparalleled flexibility. Its domain-specific language simplifies packet description and manipulation, epitomized by its ability to describe packets in just a few lines of code. Scapy’s unique approach diverges from traditional tools by providing raw, uninterpreted data, facilitating nuanced analysis and eliminating biases inherent in interpreted results.

With Scapy, users harness complete control over packet construction and analysis, elevating network exploration and security testing to new heights of precision and customization.

Schedule Day 1

09:00 - 09:15Welcome

9:15 - 10:00Keynote Philippe Biondi

Aircraft Security

10:00 - 10:45Talk Dr. Nils Weiss

Past, Present and Future of Automotive Scapy

10:45 - 11:00Coffee Break

11:00 - 11:45Talk Alexander Schröder

You CAN't fuzz this

11:45 - 12:15Talk Thomas Faschang

Using Scapy for Cybersecurity Verification in ISO/SAE 21434

12:15 - 13:00Talk Thomas Sermpinis & Pavel Kuhnt

V2GEVIL: ghost in the wires

13:00 - 14:15Lunch Break

14:15 - 15:00Talk Willem Melching

My car, My keys: obtaining CAN bus SecOC signing keys

15:00 - 15:45Talk Francisco Cotrina

Implementing and Testing Layer 2 Firewall Rules with Scapy

15:45 - 16:00Coffee Break

16:00 - 16:45Talk Falk Mayer

JTAG Enumeration using the RP2040 on the HydraProbe

16:45 - 17:30Talk Jan-Peter von Hunnius

Insights into vehicle security attack vectors

About Our Event

Location Information