Welcome to BSidesMEsh21 workshops - a virtual event in 2021 as a collaboration between Elbsides and BSidesMunich and made possible with the help of our sponsors.

You will only be able to book one workshop or the CTF.

Once tickets for the workshops are sold out, there will be a waiting list.

In case you won't be able to attend the workshop, please be courteous and cancel your ticket with pretix and give the next person on the waiting list the chance to attend.

Enjoy your BSidesMEsh21 workshop and Be Excellent!

You can only BOOK WORKSHOP TICKETS here - for details on how to attend the livestream of BSidesMEsh21 on June 21 and June 22, 2021 please follow our websites and twitter accounts:



The presale period for this event is over.

Location: BSidesMEsh21 - virtual - organized by Elbsides (Hamburg) and BSidesMUC (Munich)

June 20th, 2021
Begin: 09:00
End: 18:00
Add to Calendar


Binary exploitation is one of the oldest IT security topics but it is still very relevant today. When the ""Shadowbrokers"" released a collection of weaponized NSA binary exploits the world was at danger. These exploits were used by criminals to write the ransomware WannaCry which infected hundreds of thousands of computers world-wide. The exploit can only be understood by deep-diving into binary exploitation. However, understanding the concepts behind buffer overflows and many other sophisticated types of vulnerabilities is very difficult. A lot of prerequisite knowledge is needed about specific computer architectures and assembly language. Web application security for instance is equally as complex but much more approachable because the prerequisite knowledge is required only in smaller chunks. With this workshop I want to make it easy for people to jump into the topic of binary exploitation and just begin hacking.
The beginning of the workshop covers what types of vulnerabilities exist and prepares the participants for the main part of the course. The main part is a hands-on experience featuring finding vulnerabilities by fuzzing with boofuzz and developing a fully working working exploit in Immunity Debugger to achieve remote code execution through a software called vulnserver. Vulnserver is an open-source and intentionally left vulnerable software to practice exploiting different vulnerabilities.
After the course the participants will have a basic understanding about binary exploitation, how to find vulnerabilities and how to write their own exploits.
Workshop starts at 10 am and last approx. 4 hours.

It will be necessary for participants to have a machine that can run a VM that will be provided by the workshop organiser so everybody can work together on finding buffer overflows.

0 currently available


There is a constant battle between Cyber Defenders trying to protect their networks and the Threat Actors whose tactics and techniques keep evolving to circumvent our security solutions.
Our best chance against these actors comes from understanding how they think and operate; analyzing information about these group's intent, capability, and motivations allows Cyber Defenders to be better prepared when an incident happens.
In this workshop you will learn ways to use OSINT in your favour during the Incident Response process.
The workshop starts at 10 am and will run for approx. 4 hours.
You will receive information about requirements by email after you have signed up.

0 currently available


Malware attacks have taken-down the security in the digital world of individual end-users, whole networks, to industrial control systems and many more. The capability to understand the working of a malware is high in demand to deal with it in future. Getting familiar with the approaches undertaken for Malware Analysis, both static and dynamic analysis techniques are the starting points.
Purpose of the workshop is to introduce the participants to the world of Windows Reversing and basics of Malware Analysis.

The session will deal with concepts:
- Malware and its types
- PE file structure
- Windows application reversing
- Packing/unpacking executables
- DLL injection
- Usage of Ghidra and xdbg for analysis.
The workshop starts at 9 am and will run for approx. 4 hours.
You will receive information about requirements by email after you have signed up.

0 currently available


BHealth21* is a virtual start-up that connects patients and the healthcare industry through a digital workflow. Our service distributes two digital workflows that patients and physicians can use. Founded in 2020 in Munich by Christoffer and Jonas, we have grown to 20 internal employees who take care of the development and operation of the service. The internal infrastructure is done on the side.

BHealth21’s customers include athletes, politicians and other celebrities. Our most valuable data is the customer appointments with their doctors and the medications their customers use. For a marketing campaign, the BHealt21 database was analyzed by the company's management. Unfortunately, the dataset contains a little bit more data than expected....

In 4 hours, can you infiltrate BHealth21’s network and find what is worrying management so much? Compete against others in this unique capture the flag event!

*BHealth21 is a completely fictional company. Any similarities to real places and people are coincidental.

2 currently available


In this workshop, we will discuss what is fuzzing, how does fuzzer work, what are different types of fuzzers and how to use them to fuzz various open source softwares on linux. First we will have a basic introduction to different types of vulnerabilities like integer overflow/underflow, stack/heap overflow/out of bound read/write which are very common in software, we will also see some example of real world vulnerabilities to get an understanding of these vulnerability types.
Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source software using fuzzers like AFL, honggfuzz and libfuzzer.
It will also provide details on how AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it, crash triage and finding root cause.

Detailed Outline:

  1. Different types of vulnerabilities - quick overview of Buffer overflow, heap overflow, integer overflow, use after free, out of bound read/Write.
  2. Manually identifying the vulnerabilities in C code.
  3. What is fuzzing and different types of fuzzer - dumb fuzzer, mutation fuzzer, coverage guided fuzzer.
  4. Fuzzing Process
  5. corpus collection
  6. corpus minimization
  7. Fuzzing Sample C program using AFL, libfuzzer and Honggfuzz, libfuzzer
  8. Analyzing and triaging crashes
  9. How to fuzz real world softwares using AFL,honggfuzz
    a. How to fuzz tcpdump/libtiff using AFL/Honggfuzz.
  10. Reporting crashes and bug bounties
  11. QnA
  12. Conclusion
    Hardik will need to share workshop vm which has all the tools and a setup document. Information will be shared shared 15 days before the workshop.
    The workshop starts at 9 am and will last approx. 2.30-3 hours.
    You will receive information about further requirements by email after you have signed up.

0 currently available


Show an Open Source yet powerful SETUP and conduct Auto Hunting (IOC Matching Rules) and IOC/TTP based Threat Hunting with Graylog Log Processor.

This workshop will rely on 2x Virtual Machines (Graylog / Windows+Sysmon) and online MISP exported Threat Feeds from OpenCTI.BR project

1st part (SETUP):
- LAB Review
- IOCs Onboarding
- Windows Device LOG Onboarding

2nd Part (Hunting):
- Auto Hunting IOC Matching Rules / "New Intel + New Logs" Alerts
- Auto Backwards IOC Threat Hunting / "New Intel + Old Logs" Alerts
- Manual IOC Threat Hunting
- Manual TTP based Threat Hunting

The minimum PC Recommendation are (more recommended):
4 vCPUs
100GB disk space (for VMs)
Virtualization Software (VirtualBOX Compatible)

0 currently available