1st SysSec Summer School
October 11-12, 2012 - VU University Amsterdam

The 1st SysSec Summer School takes place at VU University Amsterdam, on October 11-12, 2012. Its main topic will be System Security and malware reverse engineering with a special focus on critical infrastructure protection.

Organization and Support

Organization Committee

  • Co-Chairs: Magnus Almgren, Philippas Tsigas
  • Program Committee: Herbert Bos, Davide Balzarotti, Evangelos Markatos
  • Publicity Chair: Stefano Zanero


HexRays have kindly provided licences for the IDAPro Debugger and Dissassembler for use in the SysSec summer school.


The following speakers have been confirmed for the workshop. More information on additional speakers and talk titles to be announced soon.

  • Herbert Bos, VU University Amsterdam & SysSec
  • Davide Balzarotti, Institut Eurecom & SysSec
  • Heiko Patzlaff, Siemens CERT
  • Damiano Bolzoni, University of Twente & CRISALIS
  • Dina Hadziosmanovic, University of Twente
  • Boldizsár Bencsáth, CrySyS Lab
  • Gábor Pék, CrySyS Lab
  • Erwin Kooi, Alliander, Netherlands

Topics to be covered

The 2012 SysSec Summer School will take a hands-on approach to teach reverse-engineering of malware, especially looking at the recent threats partly targeting critical infrastructure. There will be practical exercises to go through, and the lecturer will show code examples at the blackboard and do a step by step analysis so the students can follow.

Following is a list of topics to be covered:

  • Introduction to reverse engineering including a short tutorial on IDAPro.
  • Practical Reverse Engineering of Malware with student hands-on exercises.
  • Critical Systems and their special constraints.
    • Introduction to critical infrastructure systems and main differences with regular IT environments.
    • Passive and active information gathering.
    • Inferring and attacking industrial processes by analysing application-layer context.
    • Reverse engineering network protocols for vulnerability analysis.
  • Description and detailed analysis of Stuxnet.
  • Detailed hands-on analysis of Duqu and/or Flame and a general overview of the work at CrySyS Lab.
  • Industry-perspective: Security in a changing DSO infrastructure.

There are also three other conferences in Amsterdam during the same week, with topics very similar to the ones covered in the Summer School. You may want to attend some of them as well:

Travel & venue information

Check our travel information page to find out more on traveling to Amsterdam and reaching the Summer School venue. Note that in the week of the summer school, a large international smart grid conference will be held in the RAI conference centre in Amsterdam. This is very close to the VU University, which means that the hotels in the area will be quickly fully booked or very expensive.

Thus please reserve a room as soon as possible. See our hotel information page for suggested hotels.

Other information


Registration for the summer school is now closed! 

Τhe interest for the school has been very significant, so it only took a week to be fully booked. People that have already registered their interest will be sent out emails to either confirm their participation, or if they registered too late, inform them that they are in a queue pending cancelations of students. If you registered but haven't heard back you need to contact us on summerschool _at_ syssec-project.eu.

We remind you that there will be no charges for students who registered early, but local costs (housing,  lunches, dinner, etc.) must be covered by the participants themselves. For other early participants, we charge a nominal fee of 200 euros. Any late registrations (after September 20, 2012) will be 200 euros for students, and 400 euros for other participants.

We will send an invoice to your organization after a successful registration. It is not possible to pay with a credit card.

Requirements and Recommended Prerequisites

Students need to have their own laptop to go through the technical exercises. This laptop should be good enough to run VirtualBox. We highly recommend a review program debugging and a brief look at static and dynamic analysis before the workshop. Without a superficial understanding of assembly language and program call conventions, the exercises will be difficult to complete. However, the exercises will, as far as is possible, be modular and a solution will be given before the followup exercise. We will publish links to good tutorials over the next coming weeks.

Stay up-to date

If you are interested in the Summer School, follow SysSec on Twitter (@syssecproject). Every important update about the event will also be announced there.