Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Upcoming Events:

IEEE Euro S&P 2024
08.07.2024 - 12.07.2024
ARES 2024
30.07.2024 - 02.08.2024
Training: Certified Information Systems Security Professional (CISSP) – Prüfungsvorbereitungskurs – Teil 1
30.09.2024 - 02.10.2024

Recent News:

ICISSP conference: panel and invited talk

Edgar Weippl organized a panel discussion (Günther Pernul, Stefan Furnell, and Bryan Ford) on Mon Feb 9, 2015 at the ICISSP conference. On Tuesday Edgar gave an invited talk on Research Challenges in Applied and Empirical Information Security Research (as an adhoc substitute for a… Read More

SBA Research @ TU Ball

SBA Research invited Key Researchers and members of the Scientific Board to join us for the ball of the Vienna University of Technology on January 29, 2015 at Hofburg. Stefan Katzenbeisser, Volkmar Lotz, Davide Balzarotti, Engin Kirda and Christopher Kruegel spent this wonderful evening with us. Read More

10K

We are taking part in Syssec's 10Kstudents initiative: "The goal of the 10KStudents challenge is to improve cyber security by teaching Ten Thousand University Students the basic concepts of software vulnerabilities and secure programming. " Read More

SBA Security Advisory – KNX management software ETS – remote code execution vulnerability (CVE-2015-8299)

The vulnerability is caused by a buffer overflow in a memcpy operation when parsing specailly crafted KNXnet/IP packets in the Group messages monitor (aka. Falcon). An according proof-of-concept exploit which was tested on an affected ETS version installed on a Windows XP SP3 can be found below. The proof-of-concept exploit generates the UDP packet which triggers the vulnerability and should at least crash the application (it requires python and scapy to run). Read More

SBA Research übergibt Weihnachtsspende an das Laura Gatner Haus

Die Mitarbeiter und Mitarbeiterinnen von SBA Research legten zusammen, um für unbegleitete jugendliche Flüchtlinge, die im Laura Gatner Haus der Diakonie leben, Winterjacken und Winterschuhe für die kalte Jahreszeit besorgen zu können. Im Rahmen der Weihnachtsfeier des Laura Gatner Hauses wurde der Scheck im Wert von 3710 € zusammen mit… Read More

Talk at CCC

Ange Albertini will give a talk on Funky File Formats at 31c3 that touches nicely on Adrian’s paper on QR inception (Twitter). Read More

P3F-Projekt im Standard

“Weitaus ernsthafter ist ein Projekt der Wiener IT-Sicherheitsexperten Katharina Krombholz und Adrian Dabrowski. Sie wollen mit dem “P3F”-Projekt das Problem der “analogen Lücke” lösen. … Krombholz und Dabrowski haben schon Kontakte zu großen IT-Konzernen aufgenommen und ihr Projekt beispielsweise bei Facebook vorgestellt.” derStandard.at

Researchers and security testers of SBA Research found a RXSS vulnerability at W3C online tidy services via combinatorial testing

Dimitris Simos, Bernhard Garn of the research team and Severin Winkler, Peter Aufner, Andreas Bernauer of the security testing team of SBA Research found a RXSS vulnerability in W3C online tidy services using combinatorial testing methodologies and demonstrated its applicability to web application security testing. These novel research methods have… Read More