Publications

Presentations

---

• 03/2023: VEPCG Internal Security Conference, Online: Keynote, State of Supply Chain Security
• 08/2022: Infosek.si, Nova Gorica, Slovenia: GitHub Security
• 01/2021: HEK.si, Online: Fantastic Secrets And Where To Find Them: Modern Secret Management
• 04/2020: BSides Munich, Munich, Germany: Do Containers contain?
• 12/2019: BlackHat Europe, London, UK: Reversing & Attacking Build Systems in the Cloud (Material)
• 11/2019: Infosek.si, Nova Gorica, Slovenia: Pentesting DevOps Environments
• 04/2019: hek.si, Ljubljana, Slovenia: Pentesting OpenStack
• 10/2018: Hacker 2 Hacker Conference, Sao Paolo, BRA: Attacking VMware NSX
• 06/2018: Security Interest Group Switzerland Technology Conference, Zürich, CH: Using the Modern Application Stack to Improve Security
• 03/2018: Troopers, Heidelberg, GER: From Zero to Secure Continuous Delivery in 60 Minutes
• 10/2017: Hacker 2 Hacker Conference, Sao Paolo, BRA: Pentesting DevOps Environments
• 11/2016: Digital Society Conference, Berlin, GER: Doing the Same Thing Over and Over Again: A Critical View on Security Products
• 05/2016: Special Interest Group Asset Management, Frankfurt, GER: Security & Compliance in Cloud Environments
• 03/2016: Troopers, Heidelberg, GER: Attacking & Protecting Big Data Environments
• 06/2015: CSA Nordic Summit, Oslo, NO: Tools of the Trade: Lessons Learned from the (C)ISO’s Desk
• 03/2015: Troopers, Heidelberg, GER: Evaluating the APT Armor
• 03/2015: Syscan, Singapore: Training Exploiting Hypervisors
• 08/2014: BlackHat USA, Las Vegas, NV, USA: When the Lights go out: Hacking Cisco EnergyWise
• 05/2014: Infiltrate Conference, Miami, FL, USA: Exploiting Hyper-V
• 03/2014: Troopers, Heidelberg, GER: Compromise-as-a-Service: Our PleAzure, Exploiting Hypervisors
• 12/2013: Annual Computer Security Applications Conference (ACSAC), New Orleans, MI, USA: Designing State-of-the-Art Business Partner Connections
• 03/2013: Troopers, Heidelberg, GER: Pitfalls of Vulnerability Rating
• 10/2012: Day-Con 6, Dayton OH, USA: From Hypervisors to Cloud
• 05/2012: Hack In The Box, Amsterdam, NL: VMDK Has Left The Building: Attacks on vSphere Cloud Environments
• 05/2012: RMISC, Denver CO, USA: Security Requirements & Cloud Computing
• 03/2012: Troopers, Heidelberg, GER: Auditing the Cloud
• 11/2011: DeepSec, Vienna, AT: Do They Deliver? Practical Load and Security Testing of Cloud Service Providers
• 05/2011: IT-Security, München: Security Reflections on Multifunction Devices
• 10/2010: ISSE, Berlin: Data Leakage Prevention, Berlin, GER: A small leak will sink a great ship
• 03/2009: IT Underground, Prag, CZ, Workshop "Endpoint Security"

Papers & Blog Posts

---

• 09/2020: Blogpost Series on Host-based Firewalls
• 08/2020: Looking at the Kubernetes Control Plane for Multi-Tenancy
• 09/2017: Andreas Dewald & Matthias Luft, Incident Analyse und Forensik in Docker-Umgebungen, DACH Security, 2017
• 10/2016: Contribution to Vulnerabilities in IT-security products
• 08/2016: Creation of "Hardware Threat Landscape" Report for ENISA
• 10/2015: Research in Attacks, Intrusions, and Defenses: 18th International Symposium, RAID 2015, Kyoto, Japan,November 2-4, 2015. Proceedings, Aleksandar Milenkoski & Bryan D. Payne & Nuno Antunes & Marco Vieira & Samuel Kounev & Alberto Avritzer & Matthias Luft, Evaluation of Intrusion Detection Systems in Virtualized Environments Using Attack Injection (DOI 10.1007/978-3-319-26362-5_22)
• 05/2014: Felix Wilhelm & Matthias Luft, Security Assessment of Microsoft Hyper-V
• 10/2010: EC2ND, Invited Guest Reviewer "Data Leakage Prevention"
• 10/2010: ISSE 2010 Securing Electronic Business Processes, Thorsten Holz & Matthias Luft, A Small Leak will Sink a Great Ship: An Empirical Study of DLP Solutions

FOSS & Tools

---

• Dostainer: Container to test Kubernetes DoS protections
• HTTP2 for Burp Suite: Handling HTTP2 before Burp Suite had official HTTP2 support
• Kubernetes Node Scheduling Restrictions
• Kubernetes Hacking Demos

Misc

---

• Webinars on ipspace.net
• Blog Post Archive