Vienna International Ethical Hacking Boot Camp
3rd Edition - 2025
What is the Bootcamp?
From July 4–6, 2025, TU Wien will host the third edition of the International Ethical Hacking Bootcamp — an intensive, practice-oriented training event focused on cybersecurity fundamentals, ethical hacking techniques, and real-world attack scenarios. Designed for students, young professionals, and cybersecurity enthusiasts, the program offers hands-on experience in areas such as penetration testing, vulnerability assessment, and defensive strategies.
Around 150 participants are expected, including national teams from Austria, Croatia, Czech Republic, Hungary, Slovakia, Slovenia, Serbia, Germany, Switzerland, and Italy. The bootcamp also serves as a training ground for Team Europe in preparation for the International Cyber Security Challenge 2025 in Japan and the European Cyber Security Challenge.
Led by a distinguished lineup of international experts—including sessions on hardware hacking, reverse engineering, mobile and web security, and digital forensics—the event fosters joint learning, practical skill development, and cross-border networking. A Capture The Flag (CTF) exercise on the second day, based on challenges from the Austrian Cyber Security Challenge, will emphasize collaborative problem-solving over competition.
The bootcamp continues to strengthen Vienna’s role as a hub for cybersecurity training, research, and international collaboration.
Program Overview
Day 1 - Friday, 4th July
Day 3 - Sunday, 6th July
Participants
Workshop
Hardware & Firmware Hacking
Hardware Hacking Presentation & Firmware Hacking Practical Challenge (Virtualbox required). Binary exploitation & web exploitation.
Thomas Weber is co-founder and security researcher at CyberDanube in the field of embedded systems, (I)IoT and OT. He has uncovered numerous zero-day vulnerabilities and has published a large number of security advisories in the past. As part of his scientific work, he developed an emulation system for firmware – today the SaaS tool MEDUSA SFR has emerged out of this. In the past he spoke at cyber security conferences such as HITB, BlackHat, IT-SECX, HEK.SI and OHM(international). Nowadays, he brings his competence and experience into security products.
Unconventional reversing
The main goal is to motivate people to not be afraid of reverse engineering and to stop staring into assembly.
Pentester, former ICC player, Team Europe trainer
Digital Forensics in CTF
The seminar provides a training on forensics-based challenges, with a particular focus on memory and disk forensics (with some details about real-world forensics). The target is beginner/intermediate players in this category. The seminar is divided into two parts: 1) a theoretical part; 2) various practical challenges (by using freely available tools such as Volatility and Autopsy).
Associate Professor at University of Cagliari (Italy), Forensics Consultant, Captain of Sardinia Len, Trainer for Team Europe and Team Italy
Cool tricks to overcome web chals (safer than exceeding your recommended caffeine intake)
During this workshop, the attendees will become familiar with 10-12 tricks that can be used in web challenges, ranging from exploitation gadgets, to obscure strategies. Each trick will be presented for 5 minutes, and be followed by a 10 minutes practical ctf challenge with a flag to ensure the dopamine level stays high enough for attendees to focus. Recommended: Participants can use Burp Suite or an equivalent alternative to solve the challenges more comfortably. Required: Participants should have a charged phone ready in the event of a Kahoot session organized at the end of the workshop.
Pilvar is a main web player that has been part of the ECSC Swiss team '22->'24, Team EU '24, and organizers. His crippling addiction for flags has led him to collect obscure tricks and techniques, some of which were presented at Insomni'hack 2024. After 2 years as a bug hunter, 1 year as a web auditor at Zellic, pilvar has co-founded his startup Haicker.
When the Web Meets Apps: The Security Pitfalls of In-App Browsing
This workshop focuses on the security risks introduced by mobile in-app browsers, such as WebViews and Custom Tabs. Participants will learn how these embedded browsers blur traditional web and app boundaries, leading to new attack surfaces. The session will include practical hands-on experience demonstrating how these components can be misused.
Philipp Beer is a first-year PhD student in the Security & Privacy group at TU Wien. His research explores the intersection of web and mobile security, with a particular focus on the risks introduced by integrating the web ecosystem into mobile applications.
libdebug: Build Your Own Debugger
Common debuggers are primarily designed for human interaction. However, many tasks in exploitation and reverse engineering require debugging to be both programmatic and reproducible. This workshop presents libdebug, a Python library for programmatic debugging of userland binary executables. libdebug is fully open source and provides a user-friendly API for building custom debugging tools tailored to various use cases, including reverse engineering and binary exploitation. The session will cover the motivation for using a programmable debugger and demonstrate its use in real CTF scenarios through hands-on exercises based on actual challenges. A working Python environment on a POSIX-compliant Linux system with libdebug installed is required.
I'm a PhD candidate in cybersecurity at Politecnico di Milano and an active member of the Tower of Hanoi and mhackeroni CTF teams, mainly focusing on binary and, when needed, on misc challenges. I'm also a maintainer of the libdebug project.
Logistics
Organizing Team
Joe Pichlmayer
Founder of ACSC
Manuel Reinsperger
(aka neverbolt)
Coach Team AT
Marco Squarcina
(aka lavish)
Coach Team AT
With support from
Gallery (2024)
