Playback: A TLS 1.3 Story
|
Alejo Murillo Moya
,
Alfonso Garcia Alguacil
,
Cisco Systems
|
Remotely Attacking System Firmware
|
Jesse Michael
,
Mickey Shkatov
,
Oleksandr Bazhaniuk
,
Eclypsium
|
Decompiler Internals: Microcode
|
Ilfak Guilfanov
,
Hex-Rays SA
|
New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers
|
Samuel Groß
|
Kernel Mode Threats and Practical Defenses
|
Gabriel Landau
,
Joe Desimone
,
Endgame
|
Deep Dive into an ICS Firewall, Looking for the Fire Hole
|
Benoit Camredon
,
Julien Lenoir
,
Airbus Group Innovations
|
ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
|
David Weston
,
Microsoft Corporation
|
SDL That Won't Break the Bank
|
Steve Lipner
,
SAFECode
|
An Attacker Looks at Docker: Approaching Multi-Container Applications
|
Wesley McGrew
,
HORNE Cyber
|
Stop that Release, There's a Vulnerability!
|
Christine Gadsby
,
BlackBerry
|
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
|
Kevin Perlow
|
WebAssembly: A New World of Native Exploits on the Browser
|
Justin Engler
,
Tyler Lukasiewicz
,
NCC GROUP
|
Lowering the Bar: Deep Learning for Side Channel Analysis
|
Baris Ege
,
Guilherme Perin
,
Jasper van Woudenberg
,
Riscure
|
The Unbearable Lightness of BMC's
|
Matias Sebastian Soler
,
Nico Waisman
,
Immunity, Inc.
|
Automated Discovery of Deserialization Gadget Chains
|
Ian Haken
,
Netflix
|
Holding on for Tonight: Addiction in InfoSec
|
Jamie Tomasello
,
Duo Security
|
From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it
|
Sean Metcalf
,
Trimarc
|
For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
|
Leigh-Anne Galloway
,
Tim Yunusov
,
Positive Technologies
|
Hardening Hyper-V through Offensive Security Research
|
Jordan Rabet
,
Microsoft Corporation
|
Detecting Credential Compromise in AWS
|
William Bengtson
,
Netflix
|
A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
|
Ethan Heilman
,
Neha Narula
,
Boston University
,
Digital Currency Initiative
|
KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
|
Liang Chen
,
Tencent Keen Security Lab
|
Mainframe [z/OS] Reverse Engineering and Exploit Development
|
Chad Rikansrud
,
RSM Partners
|
Reversing a Japanese Wireless SD Card - From Zero to Code Execution
|
Guillaume Valadon
|
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware
|
Felipe Ducau
,
Richard Harang
,
Sophos
|
WireGuard: Next Generation Secure Network Tunnel
|
Jason Donenfeld
|
Finding Xori: Malware Analysis Triage with Automated Disassembly
|
Amanda Rousseau
,
Richard Seymour
,
Endgame, Inc.
|
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
|
Brad Geesaman
|
Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
|
Allison Bender
,
Amit Elazari
,
Jennifer Granick
,
Joseph Menn
,
Leonard Bailey
,
Paul Rosen
,
ZwillGen PLLC
,
UC Berkeley School of Law, Center for Long-Term Cybersecurity, UC Berkeley School of Information
,
American Civil Liberties Union
,
Thomson Reuters
,
U.S. Department of Justice
,
Crowell & Moring LLP
|
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
|
Bhargava Shastry
,
Dominik Maier
,
Vincent Ulitzsch
,
TU Berlin
|
Identity Theft: Attacks on SSO Systems
|
Kelby Ludwig
,
Duo Security
|
Software Attacks on Hardware Wallets
|
Alyssa Milburn
,
Sergei Volokitin
,
Riscure
|
A Deep Dive into macOS MDM (and How it can be Compromised)
|
Jesse Endahl
,
Max Bélanger
,
Fleetsmith
,
Dropbox
|
Understanding and Exploiting Implanted Medical Devices
|
Billy Rios
,
Jonathan Butts
,
Whitescope
,
QED
|
The Science of Hiring and Retaining Female Cybersecurity Engineers
|
Ashley Holtz
,
CrowdStrike, Inc.
|
Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
|
Anders Fogh
,
Christopher Ertl
,
Matt Miller
,
G DATA Advanced Analytics
,
Microsoft Corporation
|
Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
|
Alejandro Hernandez
,
IOActive, Inc.
|
None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
|
Wang Kang
,
Yi-Qun Hui
,
Alibaba Group Holding Limited
,
Tsinghua University
|
Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
|
Celeste Paul
,
Josiah Dykstra
,
National Security Agency
|
Black Box is Dead. Long Live Black Box!
|
Aleksei Stennikov
,
Vladimir Kononovich
,
Positive Technologies
|
Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
|
Carsten Schuermann
,
IT University of Copenhagen
|
Stealth Mango and the Prevalence of Mobile Surveillanceware
|
Andrew Blaich
,
Michael Flossman
,
Lookout
|
Real Eyes, Realize, Real Lies: Beating Deception Technologies
|
Matan Hart
,
Cymptom
|
Open Sesame: Picking Locks with Cortana
|
Amichai Shulman
,
Ron Marcovich
,
Tal Be'ery
,
Yuval Ron
,
Technion, Israel Institute of Technology
,
KZen Networks
|
The Finest Penetration Testing Framework for Software-Defined Networks
|
Jinwoo Kim
,
Seungsoo Lee
,
Seungwon Shin
,
Seungwon Woo
,
KAIST
|
Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community
|
Christian Dameff
,
Jay Radcliffe
,
University of California San Diego
,
Boston Scientific
|
A Dive in to Hyper-V Architecture & Vulnerabilities
|
Joe Bialek
,
Nicolas Joly
,
Microsoft Corporation
|
The Finest Penetration Testing Framework for Software-Defined Networks
|
Jinwoo Kim
,
Seungsoo Lee
,
Seungwon Shin
,
Seungwon Woo
,
KAIST
|
Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
|
Art Manion
,
Christopher Robinson
,
Eric Doerr
,
Matt Linton
,
CERT/CC
,
Red Hat
,
Microsoft Corporation
,
Google Inc.
|
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
|
Andrei Costin
,
Jonas Zaddach
,
Firmware.RE
,
Cisco Talos Group
|
TLBleed: When Protecting Your CPU Caches is Not Enough
|
Ben Gras
,
VU University
|
Last Call for SATCOM Security
|
Ruben Santamarta
,
IOActive, Inc.
|
A Brief History of Mitigation: The Path to EL1 in iOS 11
|
Ian Beer
,
Google Inc.
|
AI & ML in Cyber Security - Why Algorithms are Dangerous
|
Raffael Marty
,
Forcepoint
|
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
|
Dhilung Kirat
,
Jiyong Jang
,
Marc Ph. Stoecklin
,
IBM Research
|
The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
|
Alex Ionescu
,
Gabrielle Viala
,
Winsider Seminars & Solutions, Inc.
,
Quarkslab
|
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
|
Jimmy Su
,
Wei Wu
,
Xinyu Xing
,
JD security research center in Silicon Valley
,
Pennsylvania State University
|
Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
|
Cathal Smyth
,
Clare Gollnick
,
Royal Bank of Canada
,
Terbium Labs
|
Lessons and Lulz: The 4th Annual Black Hat USA NOC Report
|
Bart Stump
,
Neil Wyler
,
Red Sky Solutions, LLC
,
RSA
|
SirenJack: Cracking a 'Secure' Emergency Warning Siren System
|
Balint Seeber
,
Bastille
|
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
|
Louis Dion-Marcil
,
GoSecure
|
Don't @ Me: Hunting Twitter Bots at Scale
|
Jordan Wright
,
Olabode Anise
,
Duo Security
|
How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
|
Makenzie Peterson
,
Hampshire College
|
Meltdown: Basics, Details, Consequences
|
Daniel Gruss
,
Michael Schwarz
,
Moritz Lipp
,
Graz University of Technology
|
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
|
Oliver Schranz
,
CISPA Helmholtz-Zentrum I.G.
|
Dissecting Non-Malicious Artifacts: One IP at a Time
|
Dani Goland
,
Ido Naor
,
VirusBay
,
Kaspersky Lab
|
Compression Oracle Attacks on VPN Networks
|
Ahamed Nafeez
|
CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment
|
Aleksandr Timorin
,
Sergey Gordeychik
,
DarkMatter
|
Squeezing a Key through a Carry Bit
|
Filippo Valsorda
,
Google Inc.
|
The Problems and Promise of WebAssembly
|
Natalie Silvanovich
,
Google Inc.
|
Why so Spurious? How a Highly Error-Prone x86/x64 CPU "Feature" can be Abused to Achieve Local Privilege Escalation on Many Operating Systems
|
Nemanja Mulasmajic
,
Nicolas Peterson
|
Applied Self-Driving Car Security
|
Charlie Miller
,
Chris Valasek
,
Cruise Automation
|
How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
|
Casey Hurt
,
Dr. Stacy Thayer
,
Rhett Greenhagen
,
Department of Defense
,
McAfee
|
Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time
|
Ian Harris
,
Marcel Carlsson
,
University of California, Irvine
,
Lootcore
|
So I became a Domain Controller
|
Benjamin Delpy
,
Vincent Le Toux
,
ENGIE
|
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
|
Holly Stewart
,
Jugal Parikh
,
Randy Treit
,
Microsoft Corporation
|
Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
|
Hiroshi Suzuki
,
Minoru Kobayashi
,
Internet Initiative Japan Inc.
|
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
|
Orange Tsai
,
DEVCORE
|
Is the Mafia Taking Over Cybercrime?
|
Jonathan Lusthaus
,
University of Oxford
|
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
|
Lee Christensen
,
Matt Graeber
,
SpecterOps
|
Outsmarting the Smart City
|
Daniel Crowley
,
Jennifer Savage
,
Mauro Paredes
,
IBM X-Force Red
,
Threatcare
|
Another Flip in the Row
|
Daniel Gruss
,
Michael Schwarz
,
Moritz Lipp
,
Graz University of Technology
|
AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
|
Kang Li
,
University of Georgia
|
Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
|
Christian Dameff
,
Jeffrey Tully
,
Maxwell Bland
,
University of California San Diego
,
University of California, San Diego
|
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
|
Maddie Stone
,
Google Inc.
|
Fire & Ice: Making and Breaking macOS Firewalls
|
Patrick Wardle
,
Digita Security
|
Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
|
Kingkane Malmquist
,
Mayo Clinic
|
Exploitation of a Modern Smartphone Baseband
|
Marco Grassi
,
Muqing Liu
,
Tianyi Xie
,
Tencent Keen Security Lab
|
Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key
|
Gianpaolo Russo
,
L Jean Camp
,
Sanchari Das
,
MITRE Corporation
,
Indiana University
,
Indiana University Bloomington
|
How I Learned to Stop Worrying and Love the SBOM
|
Allan Friedman
,
NTIA / US Department of Commerce
|
There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
|
Alyssa Milburn
,
Marc Witteman
,
Niek Timmers
,
Nils Wiersma
,
Ramiro Pareja Veredas
,
Santiago Cordoba Pellicer
,
Riscure
|
Threat Modeling in 2018: Attacks, Impacts and Other Updates
|
Adam Shostack
,
Shostack & Associates
|
Your Voice is My Passport
|
Azeem Aqil
,
John Seymour
,
Salesforce
|
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever
|
Andrea Carcano
,
Marina Krotofil
,
Younes Dragoni
,
Nozomi Networks
|
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
|
Christian Dresen
,
Jens Müller
,
FH Münster
,
Ruhr University Bochum
|
The Air-Gap Jumpers
|
Mordechai Guri
,
Ben-Gurion University of the Negev,
|
Snooping on Cellular Gateways and Their Critical Role in ICS
|
Justin Shattuck
,
F5 Networks, Inc.
|
From Bot to Robot: How Abilities and Law Change with Physicality
|
Brittany Postnikoff
,
Sara-Jayne Terp
,
Wendy Knox Everette
,
University of Waterloo
,
AppNexus
,
Leviathan Security Group
|
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
|
Aurélien Francillon
,
Giovanni Camurati
,
Marius Muench
,
Sebastian Poeplau
,
Tom Hayes
,
EURECOM
|
Demystifying PTSD in the Cybersecurity Environment
|
Joe Slowik
,
Dragos, Inc.
|
Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
|
Matt Wixey
,
PwC
|
Practical Web Cache Poisoning: Redefining 'Unexploitable'
|
James Kettle
,
PortSwigger Web Security
|
Back to the Future: A Radical Insecure Design of KVM on ARM
|
Baibhav Singh
,
Rahul Kashyap
,
Samsung Research America
,
Cylance Inc
|
I, for One, Welcome Our New Power Analysis Overlords
|
Colin O'Flynn
,
NewAE Technology, Inc.
|
Legal Liability for IOT Cybersecurity Vulnerabilities
|
IJay Palansky
,
Armstrong Teasdale LLP
|
No Royal Road … Notes on Dangerous Game
|
Mara Tam
,
River Loop Security
|
Breaking the IIoT: Hacking industrial Control Gateways
|
Thomas Roth
,
leveldown security
|
Return of Bleichenbacher's Oracle Threat (ROBOT)
|
Craig Young
,
Hanno Böck
,
Tripwire VERT
|
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
|
Ling Liu
,
Sen Nie
,
Wenkai Zhang
,
Yuefeng Du
,
Tencent Keen Security Lab
|
InfoSec Philosophies for the Corrupt Economy
|
Lawrence Munro
,
Trustwave SpiderLabs
|
Miasm: Reverse Engineering Framework
|
Camille Mougey
,
Fabrice Desclaux
,
CEA
|
GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
|
Christopher Domas
,
Finite State
|
LTE Network Automation Under Threat
|
Altaf Shaik
,
Ravishankar Borgaonkar
,
Technical University of Berlin and Kaitiaki Labs
,
Sintef Digital and Kaitiaki Labs
|
Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools
|
Joshua Saxe
,
Sophos
|
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
|
Jay Little
,
Trail of Bits
|
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
|
Alexei Bulazel
,
ForAllSecure
|
It's a PHP Unserialization Vulnerability Jim, but Not as We Know It
|
Sam Thomas
,
Secarma Ltd
|
New Norms and Policies in Cyber-Diplomacy
|
Christopher Painter
,
James Andrew Lewis
,
Jane Holl Lute
,
Jeff Moss
,
Global Commission on the Stability of Cyberspace
|
Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
|
Parisa Tabriz
,
Google Inc.
|