BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.securityfest.com//2026//speaker//VVRXDY
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2026-KRKY9H@cfp.securityfest.com
DTSTART;TZID=CET:20260529T140000
DTEND;TZID=CET:20260529T144000
DESCRIPTION:Offensive research on video surveillance systems is really not 
 a new topic. Their components\, especially cameras\, are everywhere. It is
  very common to see at least one of them on the network during penetration
  tests on IT or OT. They have all been torn apart in many ways\, from hard
 ware to network services and configurations. Almost everyone has heard abo
 ut the scenario of camera sequence looping to hide intrusions from securit
 y personnel.\n\nBut how many tools and techniques do you know to address v
 ideo surveillance systems during IT/OT pentests? How many of them are trul
 y plug-and-play or at least practical? Do you know any ready-to-use script
 s to perform the looping trick? Of course tools and scripts exist\, but I 
 was confident I would find many\, and even comprehensive\, practical toolk
 its. When I didn't\, I also discovered that there are good technical reaso
 ns behind that.\n\nOne of them relies on the constraints of assessments co
 nditions\, which is our starting point here. Many interesting attacks requ
 ire a setup that is hardly achievable outside of test benches. Therefore\,
  we will discuss a few techniques and tools that can be used during pentes
 ts\, with a focus on those that rely on the very common ONVIF standard. In
  this context\, we consider that the only way to reach the video surveilla
 nce components is through the network. One of these techniques is\, of cou
 rse\, the video looping trick\, but this approach has specific requirement
 s that are bypassed in most demos and tutorials I’ve seen (including one
  I’ve done myself :)). Now\, let’s face the challenge and make the att
 ack work in real-world conditions - always with safety in mind.
DTSTAMP:20260625T172756Z
LOCATION:Main Stage
SUMMARY:The Never-Implemented Story of Penetration Tests on Video Surveilla
 nce Networks - Claire Vacherot
URL:https://cfp.securityfest.com/2026/talk/KRKY9H/
END:VEVENT
END:VCALENDAR