Caesar's and Vigenère's ciphers are an excellent exercise for those who want to discover the basics of cryptography and cryptanalysis, without computers. Successful educational experiences with primary school children will be illustrated under two headings: writing a message that can pass the prying eyes of parents; decoding a message written by a classmate. With the metamorphosis from lesson to challenge (and opportunity), meanwhile the students learn the fundamental techniques of cryptography, the activity turns into a pretext to dispel fake myths: from "I have nothing to hide" to "my data already have them anyway", building a bridge between IT and civic education, not at all obvious.

Language of the talk: ITALIAN

This is a case of an investigation conducted in collaboration between security researchers regarding a post on a well-known social network, which erroneously announced a campaign launched by an APT group, which began as an analysis of cyber threat intelligence and concluded with the discovery of a wider cybercrime campaign involving various types of entities, including several private security companies and Interpol.

Language of the talk: ITALIAN

Speech co-taught with Marco Di Costanzo

In an era where data breaches and privacy concerns are on the rise, zero-knowledge cryptography offers a groundbreaking approach to securing storage systems. This presentation will provide an in-depth look at how zero-knowledge proofs work and their potential to revolutionize data security. We will explore practical applications, demonstrating how zero-knowledge techniques can ensure data integrity and confidentiality without compromising usability. Attendees will gain insights into implementing these cryptographic methods to create robust, privacy-preserving storage solutions. By the end of this session, you’ll understand how to leverage zero-knowledge cryptography to build systems that protect user data from unauthorized access while maintaining trust and transparency.

Language of the talk: ENGLISH

In our interconnected world, the security of the food supply chain has become a critical concern. This presentation dives into the various digital threats that can disrupt the journey of food from farm to table. We'll explore real-world examples of cyberattacks targeting food production, processing, and distribution, highlighting the vulnerabilities at each stage. Attendees will learn about the latest technologies and best practices to safeguard against these threats. We'll discuss how integrating cybersecurity measures into every aspect of the supply chain can prevent potential crises, ensuring the safety and integrity of our food supply. Join us to understand the importance of robust digital defenses in maintaining a secure and resilient food supply chain.

Language of the talk: ENGLISH

Language of the talk: ITALIAN

This proposal presents a comprehensive session designed to equip security professionals with the technical knowledge and practical skills necessary to secure OAuth2 and OpenID Connect implementations. The seminar delves into the technical aspects of OAuth2 grant flows, highlighting potential security risks associated with misconfigurations. We will explore tokens' properties, emphasizing the importance of defining granular scopes to minimize privilege escalation. Real-world examples of vulnerabilities related to OWASP "A07 - Identification and Authentication Failures" will be analyzed, demonstrating how insecure OAuth2/OIDC configurations contribute to this critical threat category.

Language of the talk: ENGLISH

Speech co-taught with Stefano Maistri, Giuseppe Porcu e Mattia Zago

In this talk, we will explore advanced program tracing techniques on Linux, with a particular focus on tools such as bpfcc, perf, execsnoop, gdb, falco, and lesser-known alternatives. The talk will provide a comprehensive overview of how this ecosystem of tools can be used to monitor and analyze program performance and behavior, identify bottlenecks, resolve complex problems, and aid in reverse engineering – capabilities that were previously lacking in Linux. We will illustrate the key differences between these tools, their ideal use cases, and best practices for their implementation. By the end of the talk, participants will have a clear understanding of the available options for tracing on Linux and how to effectively apply them in their projects. The slogan of the talk is: if you have ever asked yourself "How can I get a list of all the commands that are executed on Linux when I launch Firefox?" or similar questions, this talk is for you!

Language of the talk: ITALIAN

Lingua del talk: ITALIANO

IT systems testing is increasingly important, ZAP Attack Proxy is a free and open source tool for researchers and cybersecurity specialists. The project's mission is focused on web apps and web portals through multi-level attack techniques. The Plug-in section of the marketplace expands the possibilities of operating in a cross-functional manner.

Language of the talk: ITALIAN

Based with Kripkestein's paradox, we will discuss the implications of the use of AI in adjudication on the rule of law. We will see how large language models (LLMs) interpret text and how they can be manipulated through offensive prompt engineering or "jailbreaking". By this we mean crafting prompts that force LLMs to respond in ways that were not desired by their programmers, and more specifically to apply rules that are different from the ones that the LLMs were expected to apply. This is instructive not only because it can show us some of the problems that AI driven jurisdiction is likely to raise but also because it creates a valuable framework to discuss general rule to follow. We will conclude with a practical exercise where we attempt to "hack" an LLM which was given the task act as an AI judge and apply a certain rule to a case, Participants will craft arguments designed to exploit potential hallucinations and weaknesses in the way AI processes rules.

Language of the talk: ITALIAN

Speech co-taught with Michele Ubertone

The CanBus is a solid and robust protocol, but also old and insecure. In recent years it has been exploited by criminals to steal different types of cars. With a very basic approach, we want to analyze the vulnerabilities that afflict this technology and implement a security layer that does not impact the performance of the original protocol.

Language of the talk: ITALIAN

This talk introduces a novel mechanism for verifying the integrity of machine learning model predictions. Inspired by proof-of-computation and computation-pipeline concepts, it allows inference endpoints to generate cryptographic proofs demonstrating that a model genuinely produced specific predictions.

Language of the talk: ENGLISH

I will guide you on a journey to show you how to accelerate application development with Laravel and Filament. We will explore how Filament, with its powerful admin interface, seamlessly integrates with Laravel, allowing for the creation of complex applications in a simple and rapid manner. Through practical examples and best practices, we will demonstrate how these technologies can reduce development time and enhance productivity.

Language of the talk: ITALIAN

This presentation traces my personal journey in the innovation of offensive cyber operations, using cloud infrastructure with Terraform and the Infrastructure as Code (IaC) paradigm. The architectures introduced, exploiting the HashiCorp Configuration Language (HCL), integrate with advanced command and control, networking and anonymisation tools, and are able to guarantee scalability and security. Automation of configuration and management of cloud resources can enable more effective complex offensive operations.

Language of the talk: ITALIAN

Evolution of a network, how networks have changed over the years and how they will become.

Language of the talk: ITALIAN

Questo è un caso di un'indagine condotta in collaborazione tra ricercatori di sicurezza riguardo a un post su un noto social network, che annunciava erroneamente una campagna lanciata da un gruppo APT, iniziata come un'analisi di intelligence delle minacce informatiche e conclusasi con la scoperta di una campagna di criminalità informatica più ampia coinvolgendo vari tipi di entità, inclusi diverse aziende di sicurezza private e Interpol.

Language of the talk: ITALIAN

Speech co-taught with Vito Alfano

The talk explores how LocalAI offers an Open Source, fully locally manageable alternative to closed and proprietary artificial intelligence services such as OpenAI and Claude. In a context where privacy is increasingly paramount, and where processing sensitive data is important, LocalAI stands as a completely free solution that runs on any hardware. LocalAI supports offline execution without expensive hardware and is also fully compatible with the OpenAI API, allowing an easy transition for developers. We will discuss LocalAI's architecture, its capabilities in text generation, workload distribution, speech synthesis and audio transcription, and how to build customised assistants, even with low-cost hardware.

Language of the talk: ITALIAN

We will talk about security in edge computing and Kairos (kairos.io). Kairos is an open source project, now part of the CNCF/Linux foundation to use Kubernetes and Linux in edge computing environments, where security is never a given. Through the implementation of technologies such as Secure Boot, Trusted Boot, TPM and disk encryption, Kairos transforms Linux into an operating system that is resistant to physical attacks (Evil maid attacks) and ideal for handling the challenges of environments that are considered insecure. In this talk we will look at how we can defend against physical attacks to protect the confidentiality of data in edge computing environments.

Language of the talk: ITALIAN

A critical retrospective of lessons learnt 20 years ago, compared with today's technological developments and future prospects. A semi-serious journey through the past, present and future of cybersecurity.

Language of the talk: ITALIAN

Computer forensics has historically been characterised by extensive and manual investigative processes. This talk introduces an innovative approach based on advanced computational models to transform the field. We present f-T5, a general-purpose linguistic model optimised for digital forensic applications. f-T5 has been refined on specialised forensic data, specifically curated given the scarcity of public resources in the domain.

Language of the talk: ITALIAN

Speech co-taught with Nicolò Monti

Marco will explain his own experiments to implement factory reset in Debian, and more generally in mainstream distributions: what already works, what is missing, and what hacks^Wstrategies can be tried to develop this mechanism gradually and without the need to involve the entire distribution. Being able to reset a system by deleting everything via /usr is interesting for managing containers, hardware appliances and more.

Language of the talk: ITALIAN

Marco will systematically analyse the history and state of Internet censorship in Italy and compare the situation with that of other countries. The main mechanisms for circumventing Internet censorship systems will be briefly discussed.

Language of the talk: ITALIAN

Hello CVEs, my old friends I've come to deal with you again Because a backdoor softly creeping... Ops, sorry, we were singing out loudly. That's something we keep doing everytime a new vulnerability breaks in our daily routine. Lately, that has happened because of our software's dependencies, more and more often. Log4J, you say? Oh, well, let's not forget about XZUtils! Supply chain attacks, they call them. We started dealing with them to the rythm of SLSA (read "salsa"), but then we noticed that we could do more. A lot more! And we turned our malicious binaries into...well, waveforms. And we started rocking them! By reading those binaries like if they were normal waveforms, and by analyzing them with some math (Cepstum, Fourier series, etc.) we created a model that aims to detect if a dependency is malicious. And also, to classify it by the type of malware. Fascinating, isn't it? The sound of malware...

Language of the talk: ITALIAN

Speech co-taught with Gregorio Palamà

Language of the talk: ITALIAN

Language of the talk: ITALIAN

With the war in Ukraine, a new type of hacktivism and participation in inter-state cyberwarfare has unfolded. Its model is the Ukrainian IT Army, which for the first time brings together cyber volunteers from all over the world under a (albeit formally indirect) state or government command. That kind of organisation deliberately places itself in an ambiguous terrain, where the state accepts contributions but at the same time distances itself from them. And ambiguous is the status of the participants. But in the Ukrainian conflict there has been no shortage of self-styled hacktivist groups (or cybercrimnals, or both) that seem rather aligned with Russian intelligence, or with the Kremlin's propaganda objectives. There is much confusion under the sky, and it is not even clear how to define all these actors. The only clear fact is that states like to be able to count on cyber armies to support their cyber offensives while maintaining some plausible deniability, or at least not complete accountability. All this within a framework in which private individuals (companies, start-ups, individuals) are assuming an increasingly important role.

Language of the talk: ITALIAN

Lingua del workshop: ITALIANO

This presentation will introduce the topic of Explainable AI, i.e. the ability to explain artificial intelligence models mostly based on neural networks. This topic is becoming increasingly important with the widespread use of Large Language Models, but do we really know how they work and what their limitations are?

Language of the talk: ITALIAN

Speech co-taught with Enrico Zimuel

Lingua del talk: ITALIANO

This proposal presents a comprehensive session designed to equip security professionals with the technical knowledge and practical skills necessary to secure OAuth2 and OpenID Connect implementations. The seminar delves into the technical aspects of OAuth2 grant flows, highlighting potential security risks associated with misconfigurations. We will explore tokens' properties, emphasizing the importance of defining granular scopes to minimize privilege escalation. Real-world examples of vulnerabilities related to OWASP "A07 - Identification and Authentication Failures" will be analyzed, demonstrating how insecure OAuth2/OIDC configurations contribute to this critical threat category.

Language of the talk: ENGLISH

Speech co-taught with Giovanni Bartolomucci, Giuseppe Porcu e Mattia Zago

From video signal reconstruction to fault injection on CPUs. This is a bit of the history of satellite hacking. We will discuss what has changed in the last 30 years and try to see if it still makes sense to look for vulnerabilities within Set Top Box.

Language of the talk: ITALIAN

DRAM vendors do not disclose the architecture of the sense amplifiers deployed in their chips. Unfortunately, this hinders academic research that focuses on studying or improving DRAM. Without knowing the circuit topology, transistor dimensions, and layout of the sense amplifiers, researchers are forced to rely on best guesses, impairing the fidelity of their studies. We aim to fill this gap between academia and industry for the first time by performing Scanning Electron Microscopy (SEM) with Focused Ion Beam (FIB) on recent commodity DDR4 and DDR5 DRAM chips from the three major vendors. This required us to adequately prepare the samples, identify the sensing area, and align images from the different FIB slices. Using the acquired images, we reverse engineer the circuits, measure transistor dimensions and extract physical layouts of sense amplifiers — all previously unavailable to researchers. Our findings show that the commonly assumed classical sense amplifier topology has been replaced with the more sophisticated offset-cancellation design by two of the three major DRAM vendors. Furthermore, the transistor dimensions of sense amplifiers and their revealed physical layouts are significantly different than what is assumed in existing literature. Given commodity DRAM, our analysis shows that the public DRAM models are up to 9x inaccurate, and existing research has up to 175x error when estimating the impact of the proposed changes. To enable high-fidelity DRAM research in the future, we open source our data, including the reverse engineered circuits and layouts.

Language of the talk: ENGLISH

Have you always heard of information theory and out of laziness never wanted to look into it? The one formalised by Shannon in the late 1940s? We're going to get a bit of trivia out of the way: from the concept of information to how to compress it. There will be some maths but if you don't like maths, you can't be a computer lover; I promise it won't be difficult though!

Language of the talk: ITALIAN

Sonic Vision is an innovative open-source program designed for visual artists, enabling real-time music generation through image analysis. Integrated as a plugin for Krita, one of the most popular digital drawing programs, Sonic Vision interprets color and positional information from the original image as musical events. These events are then rendered as MIDI and can be sent to a synthesizer to create sounds or music that reflect the artist's aesthetic intent while drawing. This approach allows for the exploration of new creative dimensions, combining visual arts and music into a unique synesthetic experience.

Language of the talk: ENGLISH

With this talk you will be guided through the difficulties and challenges merlos has already faced/is facing/will face approaching security in a full cloud environment.

Language of the talk: ITALIAN

In this presentation, we will explore the universe of the TV series C.S.I. and how modern technologies, from computers and smartphones to cars and drones, can reveal a surprising amount of information about past events. We will learn how to effectively collect and present computer data (spoiler: a screenshot is not enough!), examining the process of seizing and analysing devices and discovering what data is unknowingly stored in every moment of our lives. We will analyse some real cases and discuss the potential of artificial intelligence in the field of digital investigation.

Language of the talk: ITALIAN

In this talk, Merc discusses the origins of Metro Olografix, sharing unpublished anecdotes about early mishaps, adventures, choices—and what would happen if those choices were made today. Merc also talks about his thirty-year cryogenic stasis, what he discovered upon waking up in the world of cybersecurity, and whether the spirit and fun of those earlier times can resurface today despite money, certifications, states, and wars.

Language of the talk: ITALIAN

The worlds of astronomy and cyber security share many striking similarities. Just as we try to recognise constellations in the night sky by drawing imaginary lines between the stars, within the world of cyber security we connect scattered data to identify potential malicious actors or interesting new relationships. Galaxies represent clusters of state-sponsored actors, complex and made up of barely recognisable entities. Stars symbolise ‘as-a-Service’ groups, which disseminate low-cost tools, while comets represent hacktivist groups, visible only for brief moments before disappearing. Working in intelligence, I have often found myself facing unforeseen problems and often insufficient data, constantly questioning the validity of my conclusions. This presentation is intended to shed light on the challenges and emotional impacts one can encounter while dealing with a myriad of information with no apparent logical connection. How can we keep our wits about us and make informed decisions in such a complex and chaotic environment?

Language of the talk: ITALIAN

What has happened to digital activism (assuming we can call it that?) From the golden age of Metro Olografix, cyberpunk.ita, Cybernet, Stramp Network, Freaknet, Shake Edizioni, Forte Prenestino, Joe Lametta, A/I, Alcei up to the fetishisation of rights, buzzwords and the search for institutional integration, digital activism. How Italian digital activism was born bad and ended worse.

Language of the talk: ITALIAN

Computer forensics has historically been characterised by extensive and manual investigative processes. This talk introduces an innovative approach based on advanced computational models to transform the field. We present f-T5, a general-purpose linguistic model optimised for digital forensic applications. f-T5 has been refined on specialised forensic data, specifically curated given the scarcity of public resources in the domain.

Language of the talk: ITALIAN

Speech co-taught with Mirko Di Salvatore

In recent decades, there has been a growing effort to bring identity to the internet and the web. What used to be a place where we identified ourselves with a nickname, now requires our real data. Currently, it is in the hands of governments. The US Department of Homeland Security (US DHS), the European Union and the DMVs are trying to implement ‘real’ digital identities on a large scale in a decentralised manner. In the future, we will have our passport and digital driving licence in a Wallet. But what are the threats to privacy, security and human rights? At W3C, standards undergo security reviews through a Threat Model to understand what is being attempted, what could go wrong and what solutions we can adopt. During the talk, after a brief introduction on Threat Modeling and the reference architecture, we will do an interactive Threat Modeling session by brainstorming. We will use techniques such as OSSTMM, STRIDE, LINDDUN and others to explore the topic together.

Language of the talk: ITALIAN

Nftables, the system that many Linux distros have started using as a firewall, has been targeted by attackers in recent years due to its high complexity and easy programmability. Many 0-days are identified by manual analysis of the source code and, more frequently, by fuzzing with syzkaller, by writing specific grammars defining how to interact with the various subsystems. While effectively covering the creation of rules, the Nftables grammar seems not to consider many use cases of firewall rules, leaving a large attack surface uncovered. This talk will describe how the network stack coverage was introduced in the fuzzer and then solve the problem of incomplete coverage and test the Nftables rules. It will then show the vulnerabilities found using this technique and related exploitation ideas for obtaining root privileges on Linux.

Language of the talk: ITALIAN

Managing TOR nodes can be fun, but also well annoying, so how to do it in Italy? To explain it, we will tell you a story that starts from the Ruby ter trial, arrives in Syria and ends up in a tiled cellar of the Torino Liberty.

Language of the talk: ITALIAN

Hello CVEs, my old friends I've come to deal with you again Because a backdoor softly creeping... Ops, sorry, we were singing out loudly. That's something we keep doing everytime a new vulnerability breaks in our daily routine. Lately, that has happened because of our software's dependencies, more and more often. Log4J, you say? Oh, well, let's not forget about XZUtils! Supply chain attacks, they call them. We started dealing with them to the rythm of SLSA (read "salsa"), but then we noticed that we could do more. A lot more! And we turned our malicious binaries into...well, waveforms. And we started rocking them! By reading those binaries like if they were normal waveforms, and by analyzing them with some math (Cepstum, Fourier series, etc.) we created a model that aims to detect if a dependency is malicious. And also, to classify it by the type of malware. Fascinating, isn't it? The sound of malware...

Language of the talk: ITALIAN

Speech co-taught with Luca Di Vita

Native image di GraalVM offre un ottimo modo per ottimizzare le nostre applicazioni scritta per la JVM e trasformarle in un eseguibile nativo, che garantirà bassi tempi startup, basso consumo di risorse, alte prestazioni. Molte librerie e framework non sono ancora pronti per tutto questo, e questo è un male! Vieni a scoprire il mio viaggio personale nella compilazione nativa di un'applicazione basata su JVM. Vedremo sia le cose belle, così come i dolori, le varie vicissitudini e alcuni dei modi che ho trovato efficaci per risolvere i momenti difficili.

Language of the talk: ITALIAN

Nowadays cyber false flag operations have emerged as a sophisticated and deceptive form of cyber warfare. These operations involve malicious actors executing attacks designed to mislead, making it appear that a different group or nation is responsible. By mimicking the tactics, techniques, and procedures (TTPs) of other entities, cyber false flag operations aim to confuse investigators, exploit existing tensions, and manipulate narratives.

The targeting cycle of cyber false flag operations involves gathering intelligence, weaponizing attacks with misleading attributes, delivering these attacks in a manner that reflects another group's style, exploiting vulnerabilities to achieve the operation's objectives, and shaping the narrative to reinforce the deception. This cycle highlights how false flag operations can leverage media manipulation and social platforms to sway public opinion.

To address these challenges, defenders must employ a range of TTPs, including threat intelligence, attribution analysis, incident response, and media strategies. However, these measures can also contribute to confirmation bias and escalation, underlining the need for comprehensive approaches to cyber attribution and international cooperation to mitigate the impact of these deceptive maneuvers.

Language of the talk: ENGLISH

Advancements in vision capabilities in Large Language Models are enabling a new type of interaction between GenAI systems and the real world. When these capabilities can be leveraged without the need for cloud compute, privacy-preserving agents can be built to live in and look over our private spaces. We will show how, with relatively limited resources, it's possible to create a conversational monitoring and alarm system that can potentially be expanded to interact with other sensors deployed, for instance, within a smart home.

Language of the talk: ITALIAN

Critical industrial infrastructures are increasingly in the crosshairs of attackers. Industroyer2 is a sophisticated variant of the Industroyer malware designed to attack and sabotage industrial infrastructures, especially power grids. Detected in 2022, it is distinguished by its ability to communicate directly with industrial control systems (ICS) using specific protocols such as IEC 104. Industroyer2 exploits this connection to send malicious commands, interrupting crucial operations and causing blackouts or physical damage. The malware is modular, allowing attackers to adapt it to different ICS environments. It has been attributed to state-backed hacker groups, highlighting the growing threat of cyber warfare against critical infrastructure. We will begin with a brief introduction, examining how Industroyer2 fits into the broader context of cyber attacks on critical infrastructure. We will see how this malware has been used in state-sponsored operations, highlighting the growing threat of cyber warfare. We will explore its main features, such as its ability to communicate directly with ICS devices using specific protocols like IEC 104, which allows it to send malicious commands and cause significant disruptions in industrial operations. We will then move on to an analysis of Industroyer2's code. Through a technical analysis I will show how the malware is structured, highlighting its modular components that allow attackers to adapt it to different environments.

Language of the talk: ITALIAN

It’s written as “ESG”, but everyone reads it as “carbon footprint and inclusion”. Essential, of course. But not enough. ESG means organizing to do things well, reducing risks for everyone. Thus cyber, in general, becomes an indispensable tool to ensure that all stakeholders (from the end consumer to the entire supply chain involved) know that their services are reliable and secure, that suppliers know the business is solid and invoices will be paid, and that investors know the stock prices won’t crash, etc. When considering the entire OT/IoT world, it means machinery that doesn’t harm people or pollute due to an attack or malfunction. The hacker mindset of wanting to optimize everything and have perfect products and services, with the utmost protection for all involved parties, plays a fundamental role.

Language of the talk: ITALIAN

How did Piracy Shield come about? What were the previous attempts? How is it supposed to work? What dangers does it pose to net neutrality and freedom of information? And what could it lead to? The (sad) story of the Italian implementation of state censorship

Language of the talk: ITALIAN

When cyber protections do not work, the Cyber Threat Hunting process seems to be the only solution that can identify and subsequently improve the level of protection and resilience of a critical infrastructure: starting with a hypothesis (I suspect something is up), followed by an investigation (this is what is going wrong), up to the definition of an effective detection and response strategy (I know how to find it and then execute the right response). This process has to be applied continuously in a now borderless and ever-changing environment, where even the life cycle of a threat hunting process, to be effective, should at least be constantly aligned with the attacker's times. A data-lake approach oriented towards batch processing for pattern identification may partially solve the need, but there still remains the problem related to the enormous computing power required to stay aligned to the attacker and react in real time to detected kill-chains, a need that cannot be solved only by increasing resources indefinitely. We will then introduce a new approach to Real-Time Cyber Threat Hunting, supported by some field-tested use cases, based on a comprehensive behavioural approach based on statistical and artificial intelligence models that can be combined with dynamic response playbooks, which can be redefined in relation to the feedback received, or deception systems that can slow down the attacker's action and allow further validations to catch up.

Language of the talk: ITALIAN

What can you do with your C64 when you realise you're terrible at games? Obviously make your own game. And like a good megalomaniac, not the usual puzzle game, but a shoot-em-up with lots of on-screen enemies, devastating weapons, parallax and lots of levels set in remote worlds. Without any idea of what was in store for me, amidst more or less explicit inspirations, frustrations, ideas and satisfactions, many downsized dreams, but also many unexpected technical tricks, I eventually succeeded... in a world that at the time was very unconnected (at least for me) and in a constant struggle with the limitations of the tools at my disposal and with high school interrogations.

Language of the talk: ITALIAN

In 1998, Daniel Bleichenbacher discovered that the use of RSA combined with the PKCS#1v1.5 padding scheme within the SSLv3 protocol could lead to vulnerable scenarios in which it was possible to force the decryption of messages encrypted with the server's public key. The attack is published and a fix is proposed for the next version of the protocol, TLSv1. It was later discovered that that fix was not enough. Over the years, at regular intervals, various versions of the attack are rediscovered. Further fixes and recommendations were proposed, until the latest version of the protocol, TLSv1.3, in which the possibility of using RSA to protect key exchange was removed altogether. The knowledge required to understand the attack in question intersects various areas of interest, including mathematics, computer science and cryptography. This attack is therefore an excellent scenario for analysing how to structure a complex subject in such a way as to help the mysterious activity of teaching as much as possible. The aim of the talk is in fact to analyse, using the attack discovered by Bleichenbacher as a concrete example, what fundamental characteristics a lesson must have in order to be considered useful and meaningful in the context of computer science.

Language of the talk: ITALIAN

Lingua del talk: ITALIANO

One of the greatest challenges encountered in the development of cloud solutions is scalability united with reliability. For years, the sceptre of best solution was held by the ActorModel/Akka pair, which however required specific skills and a radical paradigm shift in programming. Fortunately, Microsoft has made the .NET Orleans framework open source and available to the entire community, which, by implementing the Virtual Actor Model usable in C# and F#, makes it easy to scale without having to learn a new language from scratch.
In the session we will briefly look at some theory (Grain, Silos, etc.) and then move on to the dissection of an example application running on a Kubernetes cluster.

Language of the talk: ITALIAN

This proposal presents a comprehensive session designed to equip security professionals with the technical knowledge and practical skills necessary to secure OAuth2 and OpenID Connect implementations. The seminar delves into the technical aspects of OAuth2 grant flows, highlighting potential security risks associated with misconfigurations. We will explore tokens' properties, emphasizing the importance of defining granular scopes to minimize privilege escalation. Real-world examples of vulnerabilities related to OWASP "A07 - Identification and Authentication Failures" will be analyzed, demonstrating how insecure OAuth2/OIDC configurations contribute to this critical threat category.

Language of the talk: ENGLISH

Speech co-taught with Giovanni Bartolomucci, Stefano Maistri e Giuseppe Porcu

This presentation will introduce the topic of Explainable AI, i.e. the ability to explain artificial intelligence models mostly based on neural networks. This topic is becoming increasingly important with the widespread use of Large Language Models, but do we really know how they work and what their limitations are?

Language of the talk: ITALIAN

Speech co-taught with Leonida Gianfagna