Tuesday Nov 1, 2016: Trainnings & Workshop

08:00 - 08:45 Welcome and coffee
08:45 - 10:15 [T1] Improving applications security in practice for Android developers "
Jérémy Matos
[T2] Burp Suite Pro
Nicolas Grégoire (Agarri)
[T3] Deep dive into today’s SSL/TLS
Pascal Junod (HEIG-VD)
[T4] Hardware hacking for beginners
Nicolas Oberli (Hacking Corporation)
[W1] Web Application Security Lab with Hacking-Lab.com
Antoine Neuenschwander, Nicolas Heiniger & Giuseppe Scalzi
10:15 - 10:30 Coffee break
10:30 - 12:00 T1 T2 T3 T4 W1
12:00 - 14:00 Lunch
14:00 - 15:30 T1 T2 T3 T4 W1
15:30 - 16:00 Coffee break
16:00 - 17:30 T1 T2 T3 T4 W1
17:30 - 18:30 Aperitif

Wednesday Nov 2, 2016: Conferences

08:00 - 09:00 Welcome and coffee
09:00 - 09:15 Opening
09:15 - 10:00 [Keynote 1] Le Bug Bounty au service des entreprises
Korben & Free_Man
10:00 - 10:30 Coffee break
10:30 - 11:15 [C1] Corporations – the new victims of targeted ransomware (EN)
Candid Wüest (Symantec)
11:15 - 12:00 [C2] Reverse engineering Swisscom's Centro Grande modems (EN)
Alain Mowat & Thomas Imbert (SCRT)
12:00 - 13:30 Lunch
13:30 - 14:15 [C3] Exploiting unknown default accounts in SAP systems (EN)
Joris van De Vis (ERP-SEC)
14:15 - 15:15 [C4] 15 years building web application defenses (FR)
Matthieu Estrade
15:15 - 15:45 Coffee break
Sylvain Métille (HDC)
16:30 - 17:00 Coffee break - Welcome Business Event Y-NOT-CTF (free registration)
Ethical hacking contest
17:00 - 18:30 Innovaud Business Event: Blockchain
18:30 - 19:30 Aperitif
19:30 - 20:00 Travel
20:00 - 23:00 Evening event: La Prairie

Thursday Nov 3, 2016: Conferences

08:00 - 09:00 Welcome and coffee
09:00 - 09:45 [Keynote 2] What is happening when somebody writes an exploit?
Halvar Flake
09:45 - 10:30 [C6] Why hunting indicators of compromise fails at protecting against targeted attacks (EN)
Candid Wüest (Symantec)
10:30 - 11:00 Coffee break
11:00 - 11:45 [C7] iOS malware, what’s the risk and how to reduce it (FR)
Julien Bachmann (Kudelski Security)
Clusis Event - Quand l'espace urbain passe à la digitalisation
11:45 - 12:30 [C8] SAML: With Great Power Comes Great Pawnage (EN)
Emanuel Duss & Roland Bischofberger (Compass)
12:30 - 14:00 Lunch
14:00 - 14:45 [C9] IoT & Sigfox security (FR)
Renaud Lifchitz
14:45 - 15:30 [C10] Introducing Man In The Contacts attack to trick encrypted messaging apps (FR)
Jérémy Matos
15:30 - 16:00 Coffee break
16:00 - 16:45 [C11] Bug Bounty @ Swisscom (EN)
Florian Badertscher (Swisscom)
16:45 - 17:30 [C12] Hacking GSM, again?! (FR)
Ivan Almuina (Hacking Corporation)
17:30 - 19:00 Aperitif and rump session
19:30 - 20:00 Travel
20:00 - 23:00 Evening event: La Promenade

Program Committee #cybsec16

The proposals were reviewed by the Program Committee:

#Cybsec16 program

Here is an extract of our program. 

Wednesday Nov 2, 2016

Thursday Nov 3, 2016


All supports and slides will be in english.

The speakers will talk in english or in french.

More experience

Check our event program as well as our trainings & workshops.



Rump session


The rump session will take place on Thursday, November 3rd 2016, between 5:30 and 7:00 pm.


Each participant may introduce a topic related to the field of security. It may be a work in progress, a paper that will be published, an event announcement, an anecdote related to the security, or a even subject that have not been accepted into CSA.

Please, no business talk and you should try to be funny ;-)

Every rump should be between 3 and 15 minutes (overtaking is possible but dangerous). 


If you want to present a topic, send a proposition by email to rump[at]cybersecurityalliance[dot]ch.

Your document must contain the following information :

  • Speaker name
  • Talk title
  • Short description
  • Expected duration: 3, 5, 8, 10, or 15 minutes
    (Submission may be accepted with a shorter duration as expected)

Submissions will be accepted until Wednesday, November 2nd at 10 pm.


The final program will be announced Thursday, November 3rd at 12 pm.


In the domain of information security, Capture The Flag (CTF) is a game-like competition where participants are required to attack and defend computer systems in a controlled environment and in a legal way. Various problem solving tasks require from players knowledge in reverse engineering, web application analysis, cryptanalysis, forensics and exploit development among others.

There are mainly two types of CTF competitions:

  • In *Jeopardy-style* competitions participants are given a number of tasks or problems in various categories and points are awarded for problem solving with respect to the task difficulty. The ranking is established according to points obtained by the teams or individual players.
  • In an *Attack-defense* competition participants are provided with vulnerable environments which they need first to analyse and patch. Afterwards teams environments are interconnected and every team would try to exploit each other services and gain points. The team who gets compromised looses points. 

Many CTF competitions are organised regularly online and locally. It is a good educational experience and a perfect way to learn and practice your skills in different security areas in real-world scenarios. 

Contest details

Faithful to last year edition and to other major information security events, we would like to offer our participants a mini-CTF event on Tuesday Nov 2, 2016 from 4:30 pm till 7:30 pm. This is a Jepoardy-style CTF meaning that participants will be required to solve challenges in different categories (binary analysis, exploitation, forensics, web). 


  • The participation to the Y-NOT-CTF is open to everyone, conference participants and externals alike. 
  • The participation is free.


  • Number of participants is limited to 60.
  • Each participant should register himself by subscribing a free ticket.
    See the page Registration.

Team compositions:

  • You can participate individually or by team
  • The final registration of yourself/your team is done at the beginning of the CTF. We do not need to know the composition of the teams before the CTF.

Further details:

  • You can only participate locally from #CYBSEC16 network. 
  • No network scan. Stick to challenge IPs.
  • No attacks on other players. 
  • No voluntary Denial-Of-Service of CTF infrastructure.


  • The 3 top teams/players will be awarded some cool prizes. 


Why not? 

Organizing partners