ScapyCon 2024 in Regensburg was a complete success! As the organizer, we can look back on two exciting days full of intensive presentations, practical workshops and valuable exchange opportunities. In cooperation with the CYEQT Knowledge Base, we created a platform where IT security experts and network enthusiasts could dive deep into the world of packet manipulation and automotive cybersecurity.
Day 1: Keynotes and talks
Philippe Biondi kicked things off with his keynote speech on the application of Scapy in aviation safety. As the inventor of Scapy, Biondi provided fascinating insights into the possible applications of this powerful tool in aviation, which delighted the audience. Afterwards, Dr. Nils Weiss, our co-founder, presented a comprehensive overview of the history of Scapy in his session “Past, Present and Future of Automotive Scapy” and gave insights into future developments that will make the tool even more powerful.
In “You CAN’t fuzz this”, Alexander Schröder guided the participants through the world of fuzzing on the CAN bus. Alexander clearly explained how fuzzing techniques can be applied to automotive network security and the challenges involved. Thomas Faschang on the other hand presented the application of Scapy in the context of ISO/SAE 21434 in cybersecurity verification. His practical insights into the implementation of cybersecurity requirements in the automotive industry were particularly valuable for many participants.
Thomas Sermpinis offered a particularly exciting insight into the world of electromobility with “V2GEVIL: Ghost in the Wires”. He showed how security gaps in communication can be exploited when charging electric vehicles and presented a security tool specially developed for this purpose. The next highly anticipated speaker taking the stage was Willem Melching. He particularly impressed the audience with his talk “My Car, My Keys: Obtaining CAN Bus SecOC Signing Keys”, in which he demonstrated how he succeeded in extracting the signature keys of a vehicle from 2021. These technical details and the live demonstration were met with great enthusiasm!
In his presentation “Implementing and Testing Layer 2 Firewall Rules with Scapy”, Francisco Cotrina highlighted the need for L2 firewall rules in modern vehicle systems and showed how Scapy can be used to test such rules.
The first conference-day was concluded by Falk Mayer and Jan-Peter von Hunnius, both from our partner CYEQT. In his presentation on JTAG enumeration, Falk demonstrated how security vulnerabilities on hardware debug ports of vehicle components can be uncovered. In his presentation, Jan-Peter von Hunnius shed light on the current points of attack in modern vehicle architectures and demonstrated in a practical way where vulnerabilities exist in vehicle cyber security. Both presentations were very well received by the participants and stimulated lively discussions.
Another highlight on the first day of the event was the soldering workshop in the techbase lobby, where participants were able to solder together their own badges. This activity, organized in cooperation with blinkyparts GmbH, rounded off the program.
Evening Event at degginger
Pictures tell more than 1000 words
At the evening event we were also handing out one of our first-batch HydraLink Interfaces to the lucky winner of our raffle.
Day 2: Workshops
In the workshop on IPv6 and TLS, led by Guillaume Valadon, participants delved deep into the world of network security. They learned how to effectively use Scapy to create and analyze IPv6 packets as well as to decrypt TLS sessions. Participants had the opportunity to manipulate X.509 certificates and understand their structures.
In parallel, the workshop “Advanced Hacking Techniques” took place, led by Willem Melching and our co-founder Dr. Enrico Pozzobon. In this hands-on workshop, advanced techniques for manipulating control units (ECUs) were presented and participants were able to try their hand at real ECUs to identify vulnerabilities. This was one of the highlights of the conference!
For beginners, our team also offered the workshop “Beginner Hacking Techniques / HydraVision”, where participants could take their first steps in the field of CAN bus security and ECU reverse engineering. The practical approach and intensive exercises were particularly well received by the participants. Click here to learn more about HydraVision and how it helps you validating the integrity of your systems.
Long story short:
ScapyCon 2024 was a complete success and impressively demonstrated how relevant and practical the topic of network security is in the automotive sector. Over the course of two days, participants were able to gain valuable insights into current research results, exciting use cases and concrete application examples of Scapy. The variety of presentations and workshops, which offered many new insights for both beginners and experienced professionals, was particularly praised.
The presentations on the first day of ScapyCon 2024 left a lasting impression. The informal atmosphere and focused approach were particularly appreciated by the participants. Many expressed the wish to keep the event small in the future in order to promote intensive professional discussion and networking. “A great conference format with valuable networking,” was the conclusion of one participant.
The supporting program, especially the evening event at Degginger, offered the perfect opportunity to make contacts and deepen discussions over Bavarian specialties. Thanks to our partner CYEQT Knowledge Base, a relaxed yet inspiring atmosphere was created, which was well received by all participants. On the second day, the practical workshops were very convincing. The opportunity to get hands-on and work directly on technical problems was particularly emphasized by the participants. Many would like to see more of these intensive and practice-oriented sessions at future events.
Verdict:
Overall, ScapyCon 2024 was not only an informative event, but also a successful meeting of the specialist community that received a lot of positive feedback. “Just keep up the good work! The content was perfect and the networking was unbeatable,” summarized one participant – a conclusion that shows us that we are on the right track with this event.
Do you have questions or need support?
We’re here to help! Reach out to us if you have and questions regarding dissecto HydraVision or our other services: