Schedule VIScon 2023

Hands-On Hacking Advanced – A sneak peek into OSCP

In this workshop we will take a look into the diary of a penetration tester and learn about offensive tools to make infrastructures and applications more secure. Using real examples, you will get to know the procedure of penetration testing.

In...

Red Teaming, Ethical Hacking, and Penetration Testing are crucial roles in the cybersecurity landscape. By emulating malicious hackers' actions and identifying vulnerabilities within systems, these activities help organizations enhance their security against potential cyber threats. While all cybersecurity fields are essential, offensive cybersecurity activities are indispensable to safeguard companies from being hacked.

The Offensive Security Certified Professional (OSCP) is one of the top certifications in the field of IT security. In the workshop, we will take a look at the content of the course together and pick out a few exciting topics. We will play through these topics interactively on systems so that you get the feel for the activities as a penetration tester.

– Participants should be able to identify vulnerabilities in web applications
– Participants know how to set up their environment to conduct a Penetration Test
– Participants know tools used to conduct a penetration test and can use them for simple enumeration / exploitation
– Participants should know common problems and potential pitfalls when conducting Penetration Tests

Participants are asked to br...

Architectural KATA: Solve a real-world software architecture problem

The Japanese word kata refers to exercises for refining techniques in martial arts. Software development adopts a similar practice.

In architectural katas, small groups of developers and/or software architects practise proposing different archi...

The Bitcoin Game

We play an interactive offline group game to explore the Bitcoin ecosystem from three perspectives: technology, economics, and society.

Anyone can join, no prior knowledge of Bitcoin needed. The game originates from the D-GESS course "Shaping ...

Students of the D-GESS course "Shaping a DCent.Society" tested a new game to learn the intricacies of the Bitcoin ecosystem, covering technology, economics, and society. From the fiat money system and its challenges, the game brings design, mining, energy, financial inclusion into a larger context.

You can play with no prior knowledge and collectively build a broad understanding of Bitcoin and its societal implications. Some lucky participants will win cards to take home.

Heroes, Villains, and Victims, and GPT-4

Narratives are everywhere and an important aspect of society - thus they tell us a lot about the world we live in. Also, narratives often contain certain characters, such as heroes, villains and victims.

In this talk, we demonstrate how to use ...

From Two Pizzas to Two Ways of Thinking

IT systems and infrastructure operations are increasingly automated and developed using DevOps and Site Reliability Engineering principles. What are the human factors that make this possible and also challenging? This is a journey through some of ...

- Amazon tries to create teams that can be fed from two pizzas. Why?
- Dunbar's number - there are limits on the number of stable relationships people are cognitively able to maintain at once. What does that mean for architectures?
- Conways Law - organisations design systems that mirror their communication flows. What does that mean for the kind of management structure we need?
- product developed by the loosely-coupled organization is significantly more modular than the product from the tightly-coupled organization
- The Inverse Conway Manoeuver recommends evolving your team and organisational structure to promote your desired architecture.
- Humans have two kinds of thinking - fast and slow. What does that mean for the kind of work we are exposed to in DevOps environments?
- Psychological safety, stress during incidents and context switching.

Digital facts and myths: "You've got it all wrong!" (Sometimes. Maybe.)

Let's have fun with claims that we may hear repeatedly. What would you say?

Tech, ML, AI ... destroy jobs. (No)
Regulation, privacy laws ... hinder innovation. (No)
We have to get tracked for personal information in exchange for free services...

We will discuss what might indicate errors in reasoning. On what does it depend? Assumptions? Evidence?

A suggested "interdisciplinary common ground" could possibly help us decide whether claims are more likely to be facts or myths.

Some sayings - we just picked a few examples - sound nice and reasonable, thus likely tend to get repeated. But perhaps they were not as thoroughly examined as we might think. However, they might shape our world view or foster (mis)understanding of business models.

Understanding FIDO2's Role in Stopping Phishing Attacks

In this talk, we explore the limitations of traditional 2FA and present FIDO2 as a new authentication standard.

Through a live hacking demonstration, attendees will see the weaknesses of traditional 2FA. FIDO2 eliminates many of those issues an...

In today's digital landscape, the need for robust authentication methods to safeguard our online identities is more critical than ever. Traditional two-factor authentication (2FA) methods, while effective to some extent, have weaknesses that can be exploited by sophisticated attackers. This talk will show the limitations of traditional 2FA and explore the solution offered by FIDO2.

The session will begin with a live hacking demonstration to showcase how attackers can bypass traditional 2FA measures, such as one-time passwords and SMS codes, leaving our online accounts vulnerable to compromise. By understanding the weaknesses of these methods, we show the need for stronger and more reliable authentication frameworks.

The second part of the talk will focus on FIDO2, an authentication standard developed by the FIDO Alliance. It provides advanced protection against phishing attacks. The talk will show how FIDO2 uses Web Authentication (WebAuthn) and Client to Authenticator Protocol (CTAP) to enable secure authentication. By adopting FIDO2, online service providers can offer passwordless authentication options, such as biometrics, which significantly enhance security and mitiga...

Beyond the AI Hype

Chat GPT ignited a marketing frenzy around AI, emphasizing its operationalization for wider accessibility. The talk discusses existing GNN use cases and forthcoming features in productivity software.

The first part explores the transformative i...

Chat GPT ignited a marketing frenzy around AI, emphasizing its operationalization for wider
accessibility. The talk discusses existing GNN use cases and forthcoming features in productivity
software. It highlights the impact of AI on technology regulation and usage.

The first part explores the transformative impact of GitHub Copilot and similar technologies on developers' work.

The second part outlines major tech companies' adoption of LLMs, such as Bing's integration with OpenAI,
Microsoft Copilot's diverse applications, and Google Bard. It also addresses the proliferation of
chatbots.

The third part shifts focus to impending regulations and societal responsibilities in a
world where AI can create convincing text and images.

The user: the unknown species – successful products through user research

Who are the users of our software? How can we be sure that we are not overlooking their needs? And how do we separate the signal from the noise, the facts from the assumptions?

With a reasonable effort, we are able to gain valuable insights tha...

Prognostic modeling of cognitive decline with confidence quantification

The translational application of precision psychiatry demands uncertainty estimation and calibration. In this talk, we will go through the process of identifying and exploiting opportunities to apply probabilistic machine learning to prediction of...

Prediction of subjective future cognitive decline, usually assessed by the Clinical Dementia Rating (CDR), in elders from appropriate input domains (e.g., brain imaging, genetics, demographics) is usually performed in research applications with regression algorithms that return point estimates. This has achieved great success towards identifying the potential of different variables to better predict clinical outcomes in dementia care. However, translational applications necessarily require uncertainty estimation. In this talk, we will go through the process of identifying certain data patterns that allow us to make better and more meaningful inferences. We will turn a problem that, at first glance, can be well modeled as a regression, into a probabilistic prediction task. Specifically, we identify that predicting across the six categories that compose the CDR sum-of-boxes score with gradient boosted decision trees naturally leads to valid probabilistic predictions. We further investigate where the model succeeds (and fails), and what this might entail for prediction neuropsychiatry and future applications.

Software City: Intuitive Software Visualization for Computer Science Education

It is difficult to relate programming code to the purpose of the application, especially for inexperienced programmers. The abstract nature of programming code can be a barrier to learning computer science in school.

We developed a web-based vi...

Computational thinking and software engineering can be difficult to grasp. For example, the fact that software is made up of several interrelated modules is not visible from the outside when interacting with an application. This can discourage novices, such as pupils, from pursuing computer science.
We built a virtual reality tool that visualizes the components of software and their relationships using a familiar metaphor, a city. This replaces the inherent abstractness of programming with a known metaphor. Modules, for instance, are represented as neighborhoods of the city and classes are shown as houses. Despite the composition of the software from modules and classes, the tools also visualize properties of these modules. These are, for example, quality metrics or the size of the code base of each module. For example, classes with bad quality metrics can be displayed as houses with a damaged facade.
The frontend of the tool is built using the 3D framework Babylon.js. The tool has interchangeable language parsers to support different programming languages and code analysis techniques. The current implementation can pull code from GitHub repositories and uses quality metrics f...

Scripted Development Environment

How can a software development team focus on writing production code without losing time on maintaining the development toolchain? How can the team members collaborate efficiently without obstructions due to tools that work incorrectly?

This ta...

We present different aspects of the complete development environment and the different ways in which they can be made reproducible, including IDE configuration, compilation toolchain, build system, linters, formatters, and other checkers. Modern tools such as Containers (e.g., Docker), Virtual Machine Managers (e.g., Vagrant) and Configuration Management Software (e.g., Ansible) can help in defining the setup of all the development tools uniquely and ensure that each team member has the same exact state of this environment. Some tools (e.g., Visual Studio Code) additionally offer Remote Development modes, where we can use local full-blown tools but work on restricted target platforms like an embedded device. This ability to generate reproducible development environments with integrated quality checkers and automated CI/CD separates the senior developers from the juniors.

The content of this talk is a small part of our effort to "jumpstart" new engineers to a professional level with our Open-Source course on GitHub: https://github.com/scs/jumpstart-docs

Keeping waterways clean with Machine Learning

How might we use machine learning to reduce time spent on manual review while accurately identify-ing lapses?

We addressed this challenge with the Singapore Public Utilities Board (PUB), whose task is it to make sure that any constructions site...

The Singapore Public Utilities Board (PUB) is responsible for the management of the national water supply, water catchment, and used water. As such, one of their tasks is to make sure that any construction site’s Earth Control Measure (ECM) submission adheres to the necessary requirements, to ensure the site poses no damage to the environment. PUB receives more than 1’500 drawing submissions per year seeking approval for construction works that require ECM to be implemented. This process requires time as well as an experienced eye to manually review the drawings and ensure that the ECMs are properly designed. PUB asked Zühlke to assess the feasibility of automating the process of checking ECM plans through Machine Learning. Over a span of four months, the team built a corresponding end-to-end prototype in the cloud which is trained to decipher past submissions and identify commonly spotted issues in submissions to optimise the overall process. In this talk we present the approach we chose to tackle this problem, together with the main challenges and learnings we had during the project.

How to avoid "a curse to everlasting generations"? *

Never have we invented and used as much technology as in our times. Yet technologies don’t just create desired effects – problematic ones are created as well. There’s growing evidence that negative effects are developing in step with our overall t...

From Lab to Treatment

Fast, precise, and personalized treatment in adaptive radiotherapy enable better cancer care. Besides advanced hardware, software with sophisticated algorithms is crucial. These algorithms, often inspired by research from students and researc...

Fast, precise, and personalized treatment in adaptive radiotherapy enable better cancer care. Besides advanced hardware, software with sophisticated algorithms is crucial. These algorithms, often inspired by research from students and researchers, require several steps and collaboration for integration into user-ready products. This presentation overviews Ethos, Varian's adaptive radiotherapy solution, detailing the workflow from patient intake to treatment completion and exploring the integration of an advanced algorithm from research to clinical use.

Leading with Impact

To unleash your leadership potential join us in this interactive workshop. Explore "Situational Leadership" through a real-life case study and improve your communication skills by practicing the art of giving and receiving feedback.

Learn pract...

All of us are leaders, regardless or our position or role. Leadership is about helping people align on a collective direction, to execute plans, and to continually renew as a team. Whether you are a student, an enterpreneur and startup founder, a manager in a multi-national company, or somewhere in between, join this workshop to boost your leadership skills.

During the workshop, we will explore the concept of "Situational Leadership" and put it into practice by solving a case study. Additionally, we will cover an impactful communication model and you will get to apply it by giving and receiving feedback.

By the end of the workshop, you'll have a deeper understanding of what it takes to succeed as a (tech) leader and practical tips on how to implement these strategies wherever you work with people.

The AI revolution: Exploring the potential of GPT-Based AI language models in trading

With the rise of GPT-based AI models, market makers like Optiver are experiencing a shift in how we dissect real-time market data and news. These advanced tools enable us to make swift, informed decisions, effectively manage risks and adapt to mar...

Einstein, determinism, and quantum theory

Albert Einstein is famous for many things, including for advocating that quantum theory is an incomplete description of reality that can be extended to a more powerful theory -- involving local realism and hidden variables.

Today, the mainstrea...

We will start the presentation with a basic coverage of locality, realism, determinism, probabilities, and what it fundamentally means to do science and to try to understand our universe better. We will also look into the Bell inequalities and how they drastically limit the ways that quantum theory can be extended while preserving Einsteinian locality (cause and effects cannot propagate faster than light).

Then, we will move on to a discussion of what free choice means, but from a purely mathematical perspective. Free choice is a fundamental concept in the quantum foundations, because the (free) choice of experiments we conduct to better understand nature plays a fundamental role in (perceived) quantum randomness. We will in particular discuss and differentiate between causation, correlations, and counterfactuals.

Then, based on this distinction, we will dive into a proposed extension of spacetime called space-time-hap manifolds that I built on top of the work of De Broglie (1920s) and Bohm (1950s), where the hap (for happenstance) coordinates model our location across parallel worlds (similar to the Sliders series), in complement to "where" and "when".

We will see that...

JavaScript and Databases: a Perfect Match

Oracle 23c just released with in-database JavaScript application programming, powered by GraalVM. JavaScript boosts developer productivity because of its popularity and availability of open-source code.

But what does it take to make a JavaScrip...

Join us in this talk, given by VIS alumni Lucas Braun and Noman Sheikh who are working with the Oracle Labs team at Zurich's Prime Tower. Oracle Zurich is where the major bits of Oracle Database Multilingual Engine (for JavaScript) and Property Graphs, MySQL Heatwave, Oracle Graph Studio, Oracle Cloud Autonomous Dependency Management and generative AI components, as well as many other flagship Oracle products are being developed.

Architecture of a real-time data distribution platform

Ever wondered how tracking and statistical data from a sports event finds its way into your apps in real time? What the stack looks like, how it's monitored and how they intervene? Come and find out!

We'll look at the architecture, the technol...

Designing and building evolutionary enterprise streaming architectures is no trivial undertaking. There are a lot of trade-offs and additional complexities in comparison to "classical" REST API or database architectures. It can also get quite philosophical, you will question the meaning of time, and depending on your view reality will look different.

This talk will showcase one solution, the learning path to it, from (changing) requirements to the final implementation.
If you want to implement a real-time solution that goes from physical sensor to an app on your phone, including some fancy ML in between, this talk will prepare you for it. You should have a solid foundation on the common pitfalls and a long backlog after listening to it.

Create Your Own Cloud Infrastructure Like a Pro

This workshop teaches participants hands-on how to use Infrastructure-as-Code (IaC) and GitOps to provision cloud environments.

We’ll create our own infrastructure on Azure via Terraform and automate the process with a GitHub Actions CI/CD pipe...

Workshop Goals

- Know the benefits of Infrastructure-as-Code & GitOps in modern software development
- Get hands-on experience on how to use Terraform to provision infrastructure on Azure
- Learn how it can be automated with a Continuous Integration / Continuous Delivery (CI/CD) pipeline and GitHub Actions
- Know how these technologies are used in enterprise IT projects

Workshop Outline

Introduction to Infrastructure-as-Code (IaC) and GitOps
- What is Infrastructure-as-Code & GitOps?
- How do they improve the software development process?

Provision cloud environments on Azure with Terraform
- Set up a Terraform project
- Write Terraform code to create infrastructure on Azure
- Use remote storage to store the Terraform state

Create a CI/CD pipeline with GitHub Actions
- Create infrastructure via pipeline
- Deploy application on created infrastructure via pipeline

Learn how those technologies are used on real-life IT projects
- Example 1: cloud-native application project
- Example 2: cloud foundation project

Stretch goals (examples, not final)
- Parameterize the pipeline
- Make the pipeline more secure
- Enable blue/green deployments
- …

Req...

Integrating fairness into machine learning applications

Ethics and fairness of Machine Learning applications are becoming increasingly important in the world of Data Science.

During this workshop, you will learn hands-on how to incorporate fairness metrics into your ML applications to ensure that yo...

summary. Both, summary and description, will be shown on the conference website.)
How do we make sure that our meticulously trained algorithm does not discriminate against certain groups of people or individuals? How do we force our ML product to comply with ethical standards and local policies? These questions are becoming ever more important, given the ubiquitous adoption of data-driven applications.
During this workshop, you will get the chance to experience hands-on how to deal with biased data leading to biased algorithms. You will learn what methods are being used in the industry to produce ethical ML applications and how you can use these tools in your own Data Science projects.

Life of a tech lead

What to consider when adding a new service? Why are time estimates almost always wrong? How do you manage tech debt accumulating over the years?

My time at ETH has taught me communication protocols, algorithms, software architecture and much mo...

My time at ETH has taught me communication protocols, algorithms, software architecture and much more. But many of the challenges in software engineering I've only faced after starting my first full-time job. Now 10 years later I'm responsible for the technical well being of a product used all around the world. In the talk I'll share my insights and experience into some of the most common challenges in software engineering.

The Promise and Perils of Using Artificial Intelligence in Software Development

With the recent developments in artificial intelligence, especially language models, there is an interesting new way of working. It offers excellent support during development of software or similar – but not without its caveats: how can the resul...

Things I've seen as a Security consultant

As a cyber security consultant that worked in the industry for a long time, I would like to share some insights into this broad field based on two of my favorite projects:

1. Evaluation of a threat intelligence provider, including definition of...

"A consultant is a professional who provides advice or services in an area of specialization". The definition of what a consultant does in daily life is as broad as it may get and could mean everything and nothing.
My talk will be about my experience as a cyber security consultant on client projects. I will provide an insight into the daily work with a focus on two of my favorite projects:
1. Evaluation of a threat intelligence provider: a customer had a threat intelligence provider with a contract that ran out and wanted to evaluate different providers to see what is in the market.
This is a common project: We started with the definition of cases (data leaks, credential leaks, brand abuse, etc.) and sources (clear web, dark web, messaging apps, etc.) as well as additional requirements like covered language, API access, web interface, etc.
In the end we created a "Request for Proposals" documentation, reviewed and assessed offers to decide for on threat intelligence provider.
2. Evaluation of a deception solution: this project included market research including presentations from different providers, defining requirements, doing a proof-of-concept in the client’s infrastruc...

Spray Painting ETH (in Mixed Reality)

Did you ever want to spray paint ETH? Probably (hopefully?) not, yet here we are.

Mixed Reality continues to be a valuable asset in the industrial metaverse. After placing a hologram, it should be viewable at the same location by a different de...

Did you ever want to spray paint ETH?
Probably (hopefully?) not, yet here we are

Mixed Reality continues to be a valuable asset in the industrial metaverse. To "empower any worker on our planet to achieve more", a reliable way to share and persist holograms is key. After placing a hologram, it should be viewable at the same location by a different device at a later time.

Common solutions to persist holograms include using QR codes or spatial anchors. These solutions work well, but have limited area of effect. We are showing a new way to persist holograms in an area that spans entire rooms or factories.

Inspired by the popularity of "drawing with a HoloLens" at VIScon21, we will showcase the above concepts, by bringing back the Graffiti app, now equipped with the added functionality of sharing and persisting holograms with each other

How to Deal with a Cyber Crisis

Large cyber crises that cause society to grind to a halt have become a common occurrence. Tackling them requires a holistic approach: technical solutions to restoring the IT systems, political negotiations on how to help people affected by it, eng...

We will begin by showing you a simple but useful framework that you can use to break down a cyber crisis into more manageable chunks. Then we will let you try it out yourself by splitting you into small teams and having you interact with small crises caused by something cyber going wrong. To aid you a bit, we will provide you with some possible policy responses that you can then discuss and decide which one you like best. You will not need to have any technical knowledge here, since the core of the response is about figuring out priorities and how to communicate them.

How to build a federated open source serverless tensor data lakehouse for petabyte scale foundation model training

At IBM Research we are dealing with triple-digit petabyte scale earth observation and atmospheric physics data spread among different cloud and HPC data centers around the globe.

Based on open source and open standards we’ve build a tensor data...

Winning Your First Customers

Acquiring your first customers can be an arduous task. Even if several companies might show interest in your product, finding someone willing to take the leap with a yet unproven product can be a hurdle.

In this talk, we will delve into the ado...

Acquiring your first customers at the beginning of your entrepreneurial journey can be an arduous task. Nevertheless, it is an essential step not only to generate revenue, but also for receiving feedback and attracting potential investors. Even if several companies might show interest in your product, finding someone willing to take the leap with a yet unproven product can be a hurdle. Unfortunately, no straight-forward solution exists for this phenomenon, but certainly there are ways to increase your chances of success. In this talk, we will delve into the adoption cycle of new technology products in the market and demonstrate how it can effectively help to shape your strategy. Drawing on our own startup experiences, as well as insights from other entrepreneurs and investors, we equip you with actionable insights that can be applied to your own project.

Mastering mind traps: unravelling cognitive biases

This 30-minute presentation on cognitive biases covers the basics of what they are, the impact they have on decision-making and problem-solving, and strategies for mitigating their effects.

Real-world examples are used to illustrate their impac...

The Cat-and-Mouse game

Generative AI has taken the world by storm. The most notable example is ChatGPT; released in November 2022, the service already generates 1 billion visitors per month. While ChatGPT stands as the poster-child for generative AI, there are numerous ...

Generative AI has taken the world by storm. The most notable example is ChatGPT; released in November 2022, the service already generates 1 billion visitors per month. While ChatGPT stands as the poster-child for generative AI, there are numerous other models available, such as BERT, GROVER, CTRL, and Transformer, each with its own capabilities. Over the coming years, generative AI models are expected to proliferate, serving purposes ranging from language and image generation to data augmentation and anomaly detection. But, alas, all that glitters is not gold. Alongside the tremendous potential for positive applications, there exists an equally significant potential for innovative hacking and nefarious online activities supported by AI.

Generative AI holds the power to produce convincing deepfakes, posing substantial risks in terms of spreading misinformation, executing social engineering attacks, and orchestrating realistic phishing attempts. Malicious actors can also leverage generative AI to automate attack generation, employing AI-powered malware that crafts and launches attacks at an unprecedented scale and speed. This includes automated phishing campaigns, distributed d...