Papers and other references to our tools and work

Title: Information Security War Room
Author: Sergey Bratus, FX
URL: Sergey_Bratus__Felix_FX_Lindner-ISWR_USENIX2014.pdf
Comment: Keynote USENIX Security 2014

Title: The PXE LangSec Teach-Shirt
Author: JB; FX
URL: The_PXE_LangSec_Teach-Shirt.pdf
Comment: Instructor Manual for the LangSec teach-shirt from PXE 0x7de
Image: LangSec_Teach-Shirt_PXE_0x7de.png

Title: goto klarkommen;
Author: Greg, FX
Comment: Keynote LinuxTag 2014

Title: CounterStrike Lawful Intercept
Author: FX
Comment: 30c3

Title: H2HC 10 Keynote
Author: FX
URL: H2HC_Keynote.pdf
Comment: FX's view on hackers, big players and politics

Title: Cisco in the Sky with Diamonds
Author: Greg, FX
URL: CiscoInTheSkyWithDiamonds.pdf
Comment: Cisco Nexus 1000V jailbreaks, licensing and 0day, presented at CONFidence 2013

Title: Attacking Ruby on Rails Applications
Author: joernchen
URL: hitb2013ams/
Comment: Hack in the Box Amsterdam 2013 Labs Session

Title: We Came In Peace - They Don't
Author: FX
URL: Hackers_vs_Cyberwar.pdf
Comment: DeepSec 2012 keynote on the so-called "Cyberwar"

Title: Try Harder 2 Be Yourself
Author: FX
URL: Zeronights_Keynote.pdf
Comment: ZeroNights 2012 keynote

Title: Hacking Huawei VRP
Author: Greg, FX
URL: Huawei_VRP_HITBX.pdf
Comment: HITB2012KUL talk on hacking VRP based routers, including BootROM backdoor passwords

Title: Hacking Huawei Routers
Author: Greg, FX
URL: Huawei_DEFCON_XX.pdf
Comment: DEFCON XX talk on hacking VRP based routers

Title: Cisco IOS Attack & Defense - The State of the Art
Author: FX
URL: FX_Phenoelit_25c3_Cisco_IOS.pdf
Comment: 25C3 Talk on Cisco IOS Forensics and Exploits

Title: Toying with Barcodes
Author: FX
URL: StrichAufRechnung.pdf
Comment: 24C3 Talk on Barcodes

Title: Analysing Complex Systems - the BlackBerry case
Author: FX
URL: AnalysingComplexSystems.pdf
Comment: BlackHat Vegas 2006 / DefCon 14 talk including Phenoelit BlackBerry research

Title: I shut up, you take it from here (how to become a hacker)
Author: Halvar Flake, FX
URL: Shutup.pdf
Comment: DEFCON 12 speech

Title: Bug Finding
Author: FX
URL: Bugs.pdf
Comment: BlackHat Las Vegas 2004 speech

Title: Practical Win32 and UNICODE exploitation
Author: FX
URL: Phenoelit20c3.pdf
Comment: CCC 20c3 speech

Title: Embedded Systems
Author: FtR
URL: CCCamp_FtR_2003.pdf
Comment: CCC Camp 2003 speech

Title: Cisco Vulnerabilities - The Past, The Present and The Future
Author: FX
URL: camp2003.pdf
Comment: CCC Camp 2003 speech

Title: More embedded systems
Author: FX
URL: dc11.pdf
Comment: Defcon 11

Title: Attacking networked embedded systems
Author: FX & FtR
URL: 19C3.pdf
Comment: The slides from our speech at 19C3 - including the new OSPF exploit.

Title: Attacking networked embedded systems
Author: FX & FtR & kim0
URL (BlackHat): BHLV.pdf
URL (Defcon): defconX.pdf
Comment: The slides from our speech at Black Hat 2002 and DefCon X.

Errata: In the "Routing and Tunneling Protocol Attacks" slides it says that EIGRP does not use authentication. Well, that's not true. You can do MD5.
Sorry for that.

Title: Routing and Tunneling Protocol Attacks
Author: FX & FtR
URL: 18C3.pdf
Comment: The slides from our speech at 18C3 (

Title: Routing and Tunneling Protocol Attacks
Author: FX
URL: bhams01.pdf
Comment: The slides from my speech at Blackhat Briefings Amsterdam 2001

Title: Routing and Tunneling Protocol Attacks
Author: FX
URL: routing.pdf
Comment: These are the slides of the speech I did on DEFCON 9

Title: SANS GIAC Certified Intrusion Analyst (GCIA) Exam
Author: Alex Stephens
Comment: Mr. Stephens understood the working and impact of cd00r correctly and wrote an excellent explaination of the code.

Title: Protecting Network Infrastructure at the Protocol Level
Author: Curt Wilson
Comment: Curt did extensive research for his routing protocol paper. He covers IGPs and EGPs to show what issues exist. My special respect to Curt since he actually asked me for my opinion before releasing the paper.

Title: Can See you Behind Layer 2... Overcoming the difficulties of Packet Capturing on a Switched Network
Author: Douglas Hewes
Comment: Mr. Hewes takes a look at ARP interception and a lot of tools that are available. Shortly covers ARP0c.

If you wrote a paper and refered to our tools and want it to appear here, send an email to FX.