ℹ️ Note:
All times are in "Central European Time" (GMT+2).
If you are unable to attend in-person, all talks will be live-streamed via our YouTube channel.
Trainings
October 12th (Sunday) - 14th (Tuesday)
ℹ️ Note:
Trainings occur prior to the conference, from October 12th - 14th. They are separate from general conference attendance (and require separate registration and payment).
All trainings will be held in the Palacio de Congresos (directions to the entrance can be found here).
More information on the conference trainings can be found on the training page.
.png)
"Practical iOS Reverse Engineering" (Jiska Classen)
|
|
|---|---|
|
Training Room: C1 - Palacio de Congresos (see map). |
|
10:00 am - 05:00 pm |
|
"Threat Hunting macOS" (Jaron Bradley)
|
|
|---|---|
|
|
Training Room: Q4+Q5 - Palacio de Congresos (see map). |
|
|
10:00 am - 05:00 pm |
|
"The Art of Mac Malware: Detection & Analysis" (Patrick Wardle)
|
|
|---|---|
|
|
Training Room: Q7+Q8 - Palacio de Congresos (see map). |
|
|
10:00 am - 05:00 pm |
|
"iOS Threat Hunting & Malware Analysis" (Matthias Frielingsdorf)
|
|
|---|---|
|
|
Training Room: C2 - Palacio de Congresos (see map). |
|
|
10:00 am - 05:00 pm |
|
"AI for Mac Security" (Kimo Bumanglag)
|
|
|---|---|
|
|
Training Room: Q2 - Palacio de Congresos (see map). |
|
|
10:00 am - 05:00 pm |
|
"*OS - Security & Insecurity Workshop" (Jonathan Levin)
|
|
|---|---|
|
|
Training Room: Q1 - Palacio de Congresos (see map). |
|
|
10:00 am - 05:00 pm |
Talks
October 15th (Wednesday) - 17th (Friday)
ℹ️ Note:
Conference talks will be presented from October 15th - 17th.
All talks will take place in the Auditorio at the Palacio de Congresos (directions to the entrance can be found here).
Talks will be live-streamed for free here.
All talks will take place in the Auditorio at the Palacio de Congresos (directions to the entrance can be found here).
Talks will be live-streamed for free here.
Wednesday, October 15th
.png)
09:00 am - 09:50 am (50 minutes)
|
|
|---|---|
|
Registration / Badge Pickup |
|
|
Palacio de Congresos (look for Access 3) |
|
Come pick up your conference badge. (You’ll just need the email address you registered with.) |
|
10:00 am - 10:15 am (15 minutes)
|
|
|---|---|
|
Day One: Opening remarks |
|
10:15 am - 10:40 am (25 minutes) | |
|---|---|
 |
"Gotta Catch 'em All" (Jaron Bradley) |
|
10:45 am - 11:10 am (25 minutes) | |
|---|---|
|
"Crash One - A StarBucks Story (CVE-2025-24277)" (Csaba Fitzl & Gergely Kalman) |
|
11:15 am - 11:55 am (40 minutes) | |
|---|---|
|
"Breaking the Sound Barrier: Exploiting CoreAudio via Mach Message Fuzzing" (Dillon Franke) |
|
12:00 pm - 12:25 pm (25 minutes) | |
|---|---|
|
"Catch me if you Scan: MITRE-enhanced ML Magic to Solve Mac Malware’s Identity Crisis at Scale" (Kseniia Yamburh & Nazar Grycshuk) |
|
12:30 pm - 12:55 pm (25 minutes) | |
|---|---|
|
"The Power of Powerlogs" (Sarah Edwards) |
|
01:00 pm - 02:30 pm (90 minutes)
|
|
|---|---|
|
Lunch |
|
01:00 pm - 01:30 pm (30 minutes)
|
|
|---|---|
|
Book Signing: Jaron Bradley – "Threat Hunting macOS" |
|
|
Palacio de Congresos (look for Access 3) |
|
02:30 pm - 02:55 pm (25 minutes) | |
|---|---|
|
"BlueNoroff’s Clues: Investigating a DPRK Intrusion" (Stuart Ashenbrenner & Alden Schmidt) |
|
03:00 pm - 03:25 pm (25 minutes) | |
|---|---|
|
"Unpacking the iOS Sandbox" (Yarden Hamami) |
|
03:30 pm - 04:10 pm (40 minutes) | |
|---|---|
|
"Trust me, I’m an Apple Watch — On Protocol Reversing, Mimicry, and Data Exfiltration" (Nils Rollshausen) |
|
04:15 pm - 04:40 pm (25 minutes) | |
|---|---|
|
"From Bits to Behavior: Detecting macOS Command and Control Through Statistical Analysis" (Anje Knottnerus) |
|
04:45 pm - 05:10 pm (25 minutes) | |
|---|---|
|
"BYOB: Bring your own Blackbox - Containerized Defense Evasion on macOS" (Colson Wilhoit) |
|
07:00 pm - 09:00 pm (120 minutes)
|
|
|---|---|
|
main(); event
|
|
|
Meliá Hotel: Palapa Garden (Ground Floor) (see map). |
|
|
Join the official #OBTS party! Enjoy light food, drinks for purchase, and remember: a badge is required for entrance.
|
Thursday, October 16th
|
10:00 am - 10:10 am (10 minutes)
|
|
|---|---|
|
|
Day Two: Opening remarks |
|
10:15 am - 10:40 am (25 minutes) | |
|---|---|
|
"Hook, Line and Koi Stealer: New macOS Malware in DPRK Fake Job Interviews" (Adva Gabay & Daniel Frank) |
|
10:45 am - 11:10 am (25 minutes) | |
|---|---|
|
"What’s at the Bottom of the Sea, One Baseband? - Diving into the C1" (Lukas Arnold) |
|
11:15 am - 11:55 am (40 minutes) | |
|---|---|
|
"Make XNU <del>GREAT</del> Little Again" (Jonathan Levin) |
|
12:00 pm - 12:25 pm (25 minutes) | |
|---|---|
|
"It’s all Fun and Games: Analyzing the Authentication Protocol in Apple’s Private Cloud Compute" (Callista Gratz) |
|
12:30 pm - 12:55 pm (25 minutes) | |
|---|---|
|
"Reverse Engineering Apple Security Updates" (John McIntosh) |
|
01:00 pm - 02:30 pm (90 minutes)
|
|
|---|---|
|
|
Lunch |
|
01:00 pm - 01:30 pm (30 minutes)
|
|
|---|---|
|
|
Book Signing: Jonathan Levin – "Disarming Code: System Programming, Debugging & Reverse Engineering" |
|
|
Palacio de Congresos (look for Access 3) |
|
02:30 pm - 02:55 pm (25 minutes) | |
|---|---|
|
"Beyond Static Labels: A Behavioral Framework for macOS Grayware Classification" (Rousana Charles) |
|
03:00 pm - 03:25 pm (25 minutes) | |
|---|---|
|
"Who Cares Where Waldo is. Locating macOS Users Without their Consent" (Wojciech Reguła) |
|
03:30 pm - 03:55 pm (25 minutes) | |
|---|---|
|
"Introducing the Next Generation of Mac Monitor" (Brandon Dalton) |
|
04:00 pm - 04:25 pm (25 minutes) | |
|---|---|
|
"macOS privilege escalation via traceroute6" (Paweł Płatek) |
|
04:30 pm - 04:55 pm (25 minutes) | |
|---|---|
|
"macOS Internals for Threat Detection Engineers: Logs, ESF, and Automation Utility Risks" (Olivia Gallucci) |
|
05:00 pm - 05:25 pm (25 minutes) | |
|---|---|
|
"Queen B: Apple Compressor 0-click RCE" (Zhi Zhou) |
|
07:00 pm - 10:00 pm (180 minutes)
|
|
|---|---|
|
|
#OBTS Capture the Flag (CTF) |
|
|
Meliá Hotel: Sala Plenaria (see map). |
|
|
Come participate in the Apple-themed CTF event and win prizes!
Note: To participate (in this limited-space) event, you must register here.
|
Friday, October 17th
|
10:00 am - 10:10 am (10 minutes)
|
|
|---|---|
|
|
Day Three: Opening remarks |
|
10:15 am - 10:40 am (25 minutes) | |
|---|---|
|
"Revoked, Not Dead: When CDHash Revocation Fails to Kill" (Ferdous Saljook) |
|
10:45 am - 11:10 am (25 minutes) | |
|---|---|
|
"Something from Nothing - Exploiting Memory Zeroing in XNU" (Ian Beer) |
|
11:15 am - 11:55 am (40 minutes) | |
|---|---|
|
"Sploitlight: Exploiting Spotlight to Bypass TCC on macOS and Leak Private Data from Apple Intelligence" (Christine Fossaceca & Jonathan Bar Or) |
|
12:00 pm - 12:25 pm (25 minutes) | |
|---|---|
|
"Using Type Metadata from Swift Binaries" (Gregor Carmesin) |
|
12:30 pm - 12:55 pm (25 minutes) | |
|---|---|
|
"What’s new in Lockdown Mode?" (Marie Fischer) |
|
01:00 pm - 02:30 pm (90 minutes)
|
|
|---|---|
|
|
Lunch |
|
01:00 pm - 01:30 pm (30 minutes)
|
|
|---|---|
|
|
Book Signing: Patrick Wardle – "The Art of Mac Malware: Volume II: Detection" |
|
|
Palacio de Congresos (look for Access 3). |
|
02:30 pm - 02:55 pm (25 minutes) | |
|---|---|
|
"XUnprotect: Reverse Engineering macOS XProtect Remediator" (Koh M. Nakagawa) |
|
03:00 pm - 03:25 pm (25 minutes) | |
|---|---|
|
"Exploring FSKit: Writing filesystems for fun, profit, and defense, detections and evasion?" (Sharvil Shah) |
|
03:30 pm - 04:10 pm (40 minutes) | |
|---|---|
|
"Placeboed Apples: A New Way to Hunt Spyware on iOS" (Matthias Frielingsdorf) |
|
04:15 pm - 04:40 pm (25 minutes) | |
|---|---|
|
"OopsSec: The Short Lived Campaign of Cthulhu Stealer" (Tara Gould) |
|
04:45 pm - 05:10 pm (25 minutes) | |
|---|---|
|
"The Battle Over Dylib Hijacking: 10 Years Later, Is It Finally Over?" (Patrick Wardle) |
|
05:10 pm - 05:30 pm (20 minutes)
|
|
|---|---|
|
Finale (+ prizes!) |
|
06:00 pm - 08:00 pm (120 minutes)
|
|
|---|---|
|
|
exit(); event
|
|
|
Meliá Hotel: Main Pool Area (see map). |
|
|
Join the official #OBTS farewell party! Open to everyone (bring a +1). Drinks available for purchase.
|