Jannis Kirschner
Selected Projects
- Protected Switzerland by discovering and reporting several crititical vulnerabilities in the national electronic voting system (follow my research team).
- Secured millions of people by discovering and reporting a severe exploit chain in wifi routers, that would've let an attacker take over 3.5% of all internet users in Colombia.
- Prevented thousands of malware infections, by discovering and disrupting an active malvertising campaign targeting a popular chat messenger application.
- Co-hosted the world's first single player focused attack-defense ctf (capture-the-flag) event, allowing for over 250 hackers to train and compete against each other in real time.
- Ranked top 30 on a major cybersecurity education plattform, outperforming over 120'000 competititors.
- Developed dozens of information security challenges for various events, helping both newcomers and professionals to sharpen their cybersecurity skills.
- Aided researchers and bug bounty hunters by developing a novel visual subdomain reconnaisance tool (published free and open source), measuring over 125 stars and 30 forks on GitHub.
Selected Achievments
- 5x Participant at the European Cybersecurity Championship "ECSC".
- Awarded 30 under 30 from Forbes Magazine DA
- Awarded for "Best Technical Presentation" out of all 20 Countries at ECSC 2019.
- Selected as Team Leader of the Swiss National Hacking Team at ECSC in 2021, resulting in a 200% increase in ranking based on the previous year.
- Selected as one of two Swiss representatives to compete for a spot in the International Cybersecurity Championship ICSC.
- Won the Runner-Up Spot in the Swiss Master Final 2018 cybersecurity championship.
- Became finalist in the Cynet Incident Response Challenge, by solving 25 IR challenges crafted by top industry experts in a limited timeframe.
- Won 1st Place in the ICON CTF Finals with my team.
- Won 2nd place in the Blackalps CTF 2018 with my team.
- Ranked #2 Worldwide Ranking 2021 with the organizers CTF Team.
- Ranked #1 National Ranking 2018 with the SW1SS CTF Team.
- Ranked #3 National Ranking 2018 with the SW1SS CTF Team.
Selected Work
| Industry |
Project |
| Critical Infrastructure |
Build and lead the cloud & software security program, increasing the coverage of implemented ISO27001 controls by 300% |
| Critical Infrastructure |
Leveraged several information security processes from a level 1 on the CMMI scale to a level 3/level 4 |
| Critical Infrastructure |
Developed a real-time monitoring system for identifying leaks in district heating pipelines, which reduced the troubleshooting times by several weeks every incident |
| Critical Infrastructure |
Performed various internal security audits, code reviews & penetration tests, as well as coordinating and orchestrating several external audits |
| Automotive R&D Provider |
Protected millions of dollars in trade-secrets by performing a thourough security assessment and penetration test and reporting multiple high-severity flaws |
| Automotive R&D Provider |
Ran a comprehensive phishing assessment, identifying multiple weaknesses in detection & processes |
| Cybersecurity Provider |
Trained junior security analysts in penetration testing & reporting, as well as acting as a technical expert in a presales function |
| Government Department |
Protected mission critical systems by discovering a severe vulnerability covered within the scope of a Bug Bounty Program |
| Education |
Discovered and reported multiple high-severity security flaws in education systems, such as the secure exam environment, which prevented cheating and exposing of faculty staff's credentials |
Selected Talks
| Conference/Event |
Presentation Title |
Location |
Special Remarks |
| REcon MTL |
Reverse engineering of black-box binaries with symbolic and concolic execution techniques |
Montreal, Canada |
Talk and Workshop |
| Insomnihack |
Symbolic Execution Demystified |
Switzerland, Geneva |
|
| Switch.ch Cloud Security Workshop |
Building a resilient cloud security program based on Microsoft Azure Technologies |
Remote |
Invited Speaker |
| HEK.SI |
Vulnerability Research in Large-Scale Systems |
Slowenia, Ljubljana |
Invited Speaker |
| Kaspersky Security Analyst Summit (SAS) |
How to secure your electronic voting system |
Spain, Barcelona |
Cancelled due to COVID-19 Pandemic |
| Chaos Communication Congress 36C3 |
Swiss Cybervoting Pit(falls) |
Germany, Leipzig |
Europe's biggest hacker conference |
| European Cyber Security Challenge 2019 |
Evil Admin |
Romania, Bukarest |
Awarded as European Champion for holding the best technical presentation |
| BSidesZH |
Swiss Cybervoting Pit(falls) |
Switzerland, Zurich |
Special Presentation for BSides Format |
| Swiss Hacking Challenge 2019 |
Windows Userland Reverse Engineering |
Switzerland, Berne |
|
| Swiss Cyber Storm Challenge 2018 |
Advanced Format String Exploits for CTF |
Switzerland, Greater Zurich Area |
|
Selected Industry Certifications
- CISSP - Certified Information Security Professional
- CISM - Certified Information Security Manager
- eCTHPv2 - Certified Threat Hunting Professional
- CECI - Certified Expert in Cyber Investigations
- Aviatrix Certified Engineer: Multi Cloud Associate
- CCTA - Certified Counterintelligence Threat Analyst
- CCIP - Certified Cyber Intelligence Professional
- Red Team Security Certified Social Engineering Expert
- CORCI - Certified Organized Retail Crime Investigator
- SMIA - Certified Social Media Intelligence Analyst
- Cisco Certified CyberOps Associate
- CEFI - Certified eCommerce Fraud Investigator
- CFHI - Certified Forensic HiTech Investigator
Tweet Me On:
🐦 Twitter
Message Me On:
📁 LinkedIn
Follow my awesome research team:
🐢 SUID.ch
Drop me a message at kiwi[at]suid.ch
