Master of flying puppets
2
Talks Delivered
2
Events Spoken At
2
Countries Visited
1
Years Speaking
2
Total Talks Given
Hugo Teso is a renowned aviation cybersecurity expert, researcher and professional speaker. Combining his background as a commercial pilot with deep technical expertise, he has pioneered research exposing vulnerabilities in aircraft systems and other aviation technologies.
Hugo is recognized for his impactful presentations at major international conferences and for collaborating with industry regulators to improve aviation security standards. His work continues to influence best practices and drive innovation in the rapidly evolving field of aviation cybersecurity.
Areas of Expertise
Presentation Types
Audience Types
Complex system-of-systems targets with a hybrid IT/OT/IoT landscape such as smart cities, full transportation networks or energy grids, require multidisciplinary teams of cybersecurity experts, but also engineers and operational profiles, in order to properly plan and execute Red/Purple team exercises or any other type of cybersecurity engagements. In these scenarios data and knowledge transfer plays a critical role and is, at the same time, the most challenging part due to the sheer amount and complexity of the data as well as the variety of formats and topics.
In this presentation we will see a tooling-based approach to overcome this challenge, that allows the successful planning and execution of cybersecurity engagements, without the need for specialized profiles, by using a novel approach based on graphs, graph theory (without the math, I promise) and some amount of data science and machine learning, all packed together within a nice interactive visualization layer.
In a nutshell, if you want to hack big and hack on style, don’t miss this presentation.
This presentation will be a practical demonstration on how to remotely attack and take full control of an aircraft, exposing some of the results of my three years research on the aviation security field. The attack performed will follow the classical methodology, divided in discovery, information gathering, exploitation and post-exploitation phases.
The complete attack will be accomplished remotely, without needing physical access to the target aircraft at any time, and a testing laboratory will be used to attack virtual airplanes systems. ADS-B and ACARS protocols will be used during the discovery and information gather phases, but none of those protocols are the objective of this research, I will just use them to plot and analyze the potential targets. Very basic information on such protocols will be displayed as well as additional references for further reading.
The real target of the attacks will be some on-board systems, complex enough to be vulnerable to (almost) common vulnerability research and exploitation techniques. Different post-exploitation vectors will finally be considered in order to gain better aircraft control.
