Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Upcoming Events:

SBA @ ISACA TrendTalks
08.05.2025
Training: Application Security Essentials (Bundle)
02.06.2025 - 04.06.2025
SBA @ IDSF 2025
04.06.2025 - 06.06.2025

Recent News:

SBA Research @ TU Ball

SBA Research invited Key Researchers and members of the Scientific Board to join us for the ball of the Vienna University of Technology on January 29, 2015 at Hofburg. Stefan Katzenbeisser, Volkmar Lotz, Davide Balzarotti, Engin Kirda and Christopher Kruegel spent this wonderful evening with us. Read More

10K

We are taking part in Syssec's 10Kstudents initiative: "The goal of the 10KStudents challenge is to improve cyber security by teaching Ten Thousand University Students the basic concepts of software vulnerabilities and secure programming. " Read More

SBA Security Advisory – KNX management software ETS – remote code execution vulnerability (CVE-2015-8299)

The vulnerability is caused by a buffer overflow in a memcpy operation when parsing specailly crafted KNXnet/IP packets in the Group messages monitor (aka. Falcon). An according proof-of-concept exploit which was tested on an affected ETS version installed on a Windows XP SP3 can be found below. The proof-of-concept exploit generates the UDP packet which triggers the vulnerability and should at least crash the application (it requires python and scapy to run). Read More
Logo SBA Security Advisories

SBA Research übergibt Weihnachtsspende an das Laura Gatner Haus

Die Mitarbeiter und Mitarbeiterinnen von SBA Research legten zusammen, um für unbegleitete jugendliche Flüchtlinge, die im Laura Gatner Haus der Diakonie leben, Winterjacken und Winterschuhe für die kalte Jahreszeit besorgen zu können. Im Rahmen der Weihnachtsfeier des Laura Gatner Hauses wurde der Scheck im Wert von 3710 € zusammen mit… Read More

Talk at CCC

Ange Albertini will give a talk on Funky File Formats at 31c3 that touches nicely on Adrian’s paper on QR inception (Twitter). Read More

P3F-Projekt im Standard

“Weitaus ernsthafter ist ein Projekt der Wiener IT-Sicherheitsexperten Katharina Krombholz und Adrian Dabrowski. Sie wollen mit dem “P3F”-Projekt das Problem der “analogen Lücke” lösen. … Krombholz und Dabrowski haben schon Kontakte zu großen IT-Konzernen aufgenommen und ihr Projekt beispielsweise bei Facebook vorgestellt.” derStandard.at

Researchers and security testers of SBA Research found a RXSS vulnerability at W3C online tidy services via combinatorial testing

Dimitris Simos, Bernhard Garn of the research team and Severin Winkler, Peter Aufner, Andreas Bernauer of the security testing team of SBA Research found a RXSS vulnerability in W3C online tidy services using combinatorial testing methodologies and demonstrated its applicability to web application security testing. These novel research methods have… Read More

Adrian Dabrowski: Best Student Paper Award – ACSAC 2014

Adrian Dabrwoski received the award for the best student paper at ACSAC 2014 for his paper. You can find a preprint here. Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. Imsi-Catch Me If You Can: Imsi-Catcher-Catchers. In Proceedings of the 30th Annual Computer Security Applications Conference… Read More