ScapyCon Automotive 2025

ScapyCon 2025 expanded to a three-day format with diverse talks on topics like vehicle forensics and AI, plus hands-on workshops by Jonas Horreis, Willem Melching, and Tim Blazytko — highlighting a broader cross-industry focus in network security.

23.09.2025 – 25.09.2025

Techbase, Regensburg

See program and schedule

Schedule 2025

ABOUT

ScapyCon Automotive 2025 built on last year’s success and expanded its focus beyond automotive. Held at TechBase Regensburg, the three-day event united experts from automotive, industrial, and aviation domains.

Day One offered diverse talks on network security, AI, and vehicle forensics, including a standout session by Francis Hoogendijk on digital forensics and post-incident analysis. Days Two and Three featured an extended two-day workshop program with Jonas Horreis (dissecto)Willem Melching, and Tim Blazytko (emproof), covering automotive Ethernet testing, ECU hacking, and firmware reverse engineering. By expanding to three days and welcoming experts from across industries, ScapyCon Automotive 2025 showcased the growing reach and relevance of Scapy beyond automotive security.

WORKSHOPS

Automotive Ethernet Hacking
w/dissecto

Learn practical methods for Ethernet-based ECU testing with Scapy, Wireshark, and tcpdump. Discover IPs, analyze TLS and diagnostic protocols, and strengthen vehicle cybersecurity through hands-on network analysis and vulnerability identification.

Learn More

Advanced Hacking Techniques
w/ Willem Melching

Explore real-world car hacking through hands-on exercises using ECUs and simulated networks. Practice protocol analysis, firmware reverse engineering, and attack mitigation with open-source tools to build practical automotive security skills.

Learn More

Reverse Engineering
w/ Tim Blazytko

Delve into embedded firmware analysis using Ghidra and real binaries. Identify cryptographic routines, study exploit mitigations, and uncover vulnerabilities while learning how modern firmware protects and conceals its inner workings.

Learn More

Speakers

Philippe Biondi

Scapy Author, AIRBUS

Philippe Biondi is the author of Scapy and numerous other security related tools. He is a co-creator of the SSTIC french-speaking conference; He is a co-author of the Security Powertools book. He published several articles in MISC magazine. He gave several talks to security conferences (Blackhat, HITB, GreHack, CansecWest, Defcon, Syscan, etc.)

Opening Remarks

Philippe Biondi, creator of Scapy, reflected on the project’s early beginnings and expressed his pride in seeing it evolve into a global tool—now celebrated through a dedicated conference decades after its inception.

Dr. Nils Weiss

CEO, dissecto GmbH

Dr. Weiß delved into penetration testing during his Bachelor’s and Master’s, exploring vulnerabilities in embedded systems and entire vehicles. Active in developing open-source penetration test frameworks like Scapy, he co-founded dissecto GmbH in 2022, focusing on simplifying security diagnostics and solutions for embedded systems.

Conference Opening

Dissecto CEO Dr. Nils WeiĂź opened ScapyCon Automotive 2025 and guided participants through the conference day, setting the stage for discussions on Scapy’s evolution, community growth, and its expanding role in automotive cybersecurity.y’s development.

Guillaume Valadon

CS Researcher, GitGuardian

Guillaume has a PhD in networking and loves to look at data and to craft packets. In his spare time, he co-maintains Scapy and does some reversing engineering. Also, he still remembers what AT+MS=V34 means! Guillaume regularly gives technical presentations, classes and live demonstrations, and writes research papers for conferences and magazines. He is the editor-in-chief of the MISC Magazine in France.

Scapy Keynote: From RFCs to CVEs

The keynote offers a retrospective on twenty years of IPv6 evolution, implementation, and security insights. It traces the journey from early RFCs and the 6BONE testbed to the first IPv6 integration in Scapy back in 2005, highlighting how experimentation with packet crafting exposed weaknesses, informed standards, and shaped later CVEs. Combining technical demonstrations — from routing header exploits to NDP-based attacks — with reflections on lessons learned, the talk showcases how small research hacks evolved into mature tools and community-driven improvements. It celebrates two decades of continuous learning, collaboration, and the lasting impact of Scapy on network analysis and protocol testing.

Willem Melching

Cybersecurity Researcher

Willem Melching is an independent security researcher with over 7 years of experience, specializing in automotive security and reverse engineering. He contributed to openpilot at comma.ai, develops tools like the SecOC Key Extractor, and shares research via his blog “I CAN Hack.” He also offers car hacking training and holds a degree from TU Delft.

Advanced Hacking Techniques Workshop

Dive into the world of car hacking with this immersive two-day workshop designed for both beginners and experienced professionals. Participants will explore key automotive security concepts through a mix of theory and hand-on exercises using real ECUs and simulated networks. Learn how to analyze vehicle communication protocols, reverse engineer firmware, and perform attacks and mitigations on vehicle systems. From CAN bus spoofing to firmware extraction and Ghidra analysis, you’ll gain practical skills with open-source tools and real world scenarios – making this the ideal launchpad for anyone looking to start or strenghten their journey in automotive cybersecurity.

Ben Gardiner

Sen. CS Research Eng., NMFTA

Ben Gardiner is a Senior Cybersecurity Research Engineer at NMFTA (National Motor Freight Traffic Association) , specializing in hardware and low-level software security. With over a decade of embedded systems experience, Ben speaks globally on topics from reverse engineering to automotive cybersecurity and volunteers with DEF CON’s Hardware and Car Hacking Villages. He holds a M.Sc. in Applied Math & Stats from Queen’s University.

Blind Wireless Seed Key Unlock

This talk reveals a newly discovered wireless vulnerability (CVE-2024-12054) in J2497 trailer equipment, enabling a replay-style seed-key attack via forced ECU resets. Ben Gardiner presents background on J2497 (PLC4TRUCKS), prior wireless CVEs, discovery methods, and mitigations. Attendees will gain insight into the vulnerability’s mechanics, its impact on trailer telematics, and strategies for assessing and securing affected systems.

Natasha Alkhatib

Cybersecurity Lead, symbio

Natasha Alkhatib is a cybersecurity leader specializing in automotive networks, intrusion detection, and deep learning. She holds a PhD in Cybersecurity and Deep Learning from the Polytechnic Institute of Paris and currently leads a cybersecurity team at Symbio. Her research focuses on AI-driven solutions for automotive cybersecurity.

From Packet Crafting to Cybersecurity: A Practical Journey into Automotive IDS with Scapy and Deep Learning

This talk explores how Scapy was extended to generate a custom SOME/IP dataset – filling a critical gap in automotive Ethernet research. By simulating realistic in-vehicle communication, including spoofing and flooding attacks, the project enabled the training of deep learning models for intrusion detection. Attendees will learn how this reproducible approach supports the development and evaluation of IDS solutions tailored to modern vehicle networks, showcasing Scapy’s versatility and the promise of AI in automotive cybersecurity.

Francis Hoogendijk

Forensic Scientist, NFI

Francis Hoogendijk is a forensic scientist at the Netherlands Forensic Institute, specialized in vehicle forensics. His work focuses on reverse engineering and applying both hard- and software techniques to access vehicle systems to recover relevant digital traces. He has a MSc degree in Automotive Technology from Eindhoven University of Technology.

Vehicle Forensics

This talk covers the field of modern vehicle forensics. People leave traces, both physical and digital, wherever they go. This niche field within digital forensics covers the acquisition, extraction and analysis of digital traces from modern vehicle systems in the context of criminal investigations. Tools like Scapy are essential in this field, which will be covered with some examples to highlight current challenges. Attendees will gain insight into how cybersecurity research is reproduced and applied to fight crime.

Lukas Magel

Penetration Tester, ETAS

Lukas Magel is a penetration tester with the pentesting team at ETAS. His work focuses on the automotive and embedded domain with more than four years of experience. Practically, this can mean anything from desoldering components from a PCB to programming Python tooling or an FPGA. He holds a MSc degree in computer science with a focus on IT security and electrical engineering.

A (very) technical introduction to JTAG and ARM debugging interfaces

Common debugging tools (like Lauterbach or OpenOCD) normally abstract away all low-level logic of a debug interface. While this behavior can be convenient for regular use, it makes pin-pointing errors or issues in the debug connection difficult. Additionally, gaining low-level access to a debug interface provides more fine-grained control over the target for security-related tasks, such as enumeration, password brute-forcing, or scripting in general. This talk introduces the physical and logical architecture of JTAG-based ARM debug interfaces. It showcases the logical architecture at the example of the nRF52 debug port architecture and the corresponding debug port glitch attack.

Falk Mayer

Co-Founder, breachlabz

Falk co-founded BreachLabz, a Munich-based team focused on penetration testing for the automotive industry. With degrees in physics and a background in information, IoT, and automotive security, Falk specializes in testing, vulnerability management, and risk assessments, particularly in line with UN R155 and ISO/SAE 21434 compliance standards.

Reality meets Risk Analysis: Dynamic TARA for Modern Vehicle Safety

Why do so many Threat and Risk Assessments (TARAs) fail to keep up with real-world threats? In this talk, Falk Mayer explores the limitations of static TARA models and makes the case for a dynamic approach — one that incorporates live test results to reassess risks as new insights emerge. Using practical examples, including a seed-key attack path once considered harmless, Falk shows how dynamic data can shift feasibility ratings, reprioritize testing, and reshape security architectures. A call for smarter, adaptive risk management in automotive cybersecurity.

Jan-Peter von Hunnius

Cybersecurity Specialist

Jan-Peter is a cybersecurity expert in IT/embedded systems and vehicle security. With over 20 years of experience, he has worked with global automotive suppliers and OEMs. A former partner at CYRES Consulting, he specializes in cybersecurity engineering processes per ISO/SAE 21434, UN R155, and ASPICE.

OEM SecOC Strategies: The Devil’s in the Freshness

This talk dives into how different automotive OEMs implement Secure Onboard Communication (SecOC) — and what that means for creative testing. Jan-Peter von Hunnius compares how various manufacturers calculate, transmit, and evaluate freshness values and MACs, including the trade-offs between single and multiple counters. He’ll also explore recent shifts in OEM key distribution strategies and what they reveal about real-world priorities (and blind spots). Attendees will walk away with a technical roadmap for testing SecOC across implementations — plus insight into the broader industry trends and cybersecurity gaps that still offer plenty of room for experimentation.

Peter Heller

PhD Researcher

Peter Heller is a PhD researcher in machine learning and embedded systems security at OTH Regensburg. His work focuses on developing host-based intrusion detection systems using anomaly detection techniques tailored for networked industrial devices. His research bridges AI, embedded computing, and cybersecurity, aiming to improve threat detection in critical environments.

MOTRA Testbed for OT Applications

The increasing interconnection between IT and OT is leading to growing cyber-threats for critical industrial systems. As more and more cross-system protocols such as OPC UA and numerous services are being integrated into modern embedded devices, new security-related challenges are emerging. This presentation discusses the problems of complex OT architectures using the example of OPC UA and then presents a container-based testbed for reproducible attacks. Participants will gain insights into industrial applications, the design of vulnerability-specific tests, and the handling of virtual systems in the testbed.

Git Hub Page

Dr. Tim Blazytko

Co-Founder, emproof

Tim Blazytko, co-founder of emproof and noted binary security researcher, leads a team developing cutting-edge software protection and exploit mitigation tools. His work focuses on reverse engineering, code (de)obfuscation, fuzzing, and binary vulnerability analysis. Beyond research, he actively educates professionals and students, sharing his expertise in obfuscation techniques and malware analysis to train future security experts.

Inside Automotive Firmware Attacks: How Hackers Break In, and How to Stop Them

Modern cars run decades-old firmware vulnerable to attack. This talk reveals how hackers reverse-engineer ECUs to steal IP, unlock features, and exploit systems via CAN-FD or telematics. Real cases highlight common methods and weaknesses. We’ll also cover practical defenses like binary rewriting, obfuscation, and control-flow integrity—even without source code. Attendees will leave with insights into attack tactics and concrete strategies to harden firmware and meet security standards.

Firmware Reverse Engineering Workshop

Delve into embedded firmware analysis using Ghidra and real binaries. Identify cryptographic routines, study exploit mitigations, and uncover vulnerabilities while learning how modern firmware protects and conceals its inner workings.

Jonas Horreis

Senior Pentester, dissecto

Jonas Horreis is a senior penetration tester at dissecto with a focus on automotive security. He started by automating ECU security tests for his bachelor’s thesis, expanded into securing EV-charging infrastructure and electric-vehicle architectures during his master’s research, and later investigated advanced fuzzing techniques as a university research assistant. Now he applies this knowledge to secure the ECUs of the future.

Automotive Ethernet Security Testing Workshop

Step into the realm of modern automotive networking with this hands-on workshop focused on Ethernet based ECU security testing. Ideal for engineers and security professionals alike, the session covers foundational methods for discovering IP addresses, configuring VLANs, and capturing network traffic using tools like Scapy, Wireshark, and tcpdump. Participants will explore how to conduct TCP and TLS scans with tools like nmap and testssl.sh, test the robustness of TLS certificates using Frankencert, and analyze diagnostic communication via DoIP and UDS protocols. With a strong focus on practical skills, you’ll learn how to identify and mitigate vulnerabilities in ECUs, understand and manipulate Some/IP and AutoSAR traffic, and build a testing workflow that enhances the cybersecurity posture of today’s connected vehicles.

GALLERY