|
Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild
|
Jean-Ian Boutin
,
Frederic Vachon
,
ESET
|
|
RustZone: Writing Trusted Applications in Rust
|
Eric Evenchick
,
Atredis Partners
|
|
Level Up Your Security Mindset
|
Nathan Hamiel
,
Kudelski Security
|
|
Network Defender Archeology: An NSM Case Study in Lateral Movement with DCOM
|
Justin Warner
,
Alex Sirr
,
Gigamon
|
|
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
|
Igor Korkin
|
|
Container Attack Surface Reduction Beyond Name Space Isolation
|
Azzedine Benameur
,
Jay Chien-An Chen
,
Lei Ding
,
Michalis Polychronakis
,
Accenture Security Lab
,
Computer Science Department Stony Brook University
|
|
AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace
|
Vijay Thaware
,
Niranjan Agnihotri
,
Symantec
|
|
The Last Line of Defense: Understanding and Attacking Apple File System on iOS
|
Xiaolong Bai
,
Min (Spark) Zheng
,
Alibaba Inc.
|
|
Old New Things: An Examination of the Philips TriMedia Architecture
|
Nahuel Cayetano Riva
,
Quarkslab
|
|
A Measured Response to a Grain of Rice
|
Joe FitzPatrick
,
SecuringHardware.com
|
|
Attacking Hardware Systems Using Resonance and the Laws of Physics
|
Ivan Reedman
,
IBM X-Force Red
|
|
Thermanator and the Thermal Residue Attack
|
Tyler Kaczmarek
,
Ercan Ozturk
,
Gene Tsudik
,
UC Irvine
|
|
In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild
|
Nick Sullivan
,
Luke Valenta
,
Cloudflare
,
University of Pennsylvania
|
|
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
|
Martijn Bogaard
,
Niek Timmers
,
Riscure
|
|
Cutting Edge: Microsoft Browser Security — From People Who Owned It
|
Chuanda Ding
,
Zhipeng Huo
,
Wei Wei
,
Tencent Security Xuanwu Lab
|
|
Eternal War in XNU Kernel Objects
|
Min (Spark) Zheng
,
Xiaolong Bai
,
Hunter@OrionLab
,
Alibaba Inc.
|
|
I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor
|
Takuya Watanabe
,
NTT
|
|
BLEEDINGBIT: Your APs Belong to Us
|
Ben Seri
,
Dor Zusman
,
Armis
|
|
The Mummy 2018 – Microsoft Accidentally Summons Back Ugly Attacks from the Past
|
Ran Menscher
,
Ran Menscher Security Research
|
|
Perfectly Deniable Steganographic Disk Encryption
|
Dominic Schaub
,
Discrete Integration Corp.
|
|
When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence
|
Magal Baz
,
Tom Sela
,
Illusive Networks
|
|
Cloud-Native Sandboxes for Microservices: Understanding New Threats and Attacks
|
Tongbo Luo
,
Zhaoyan Xu
,
JD.com
,
Palo Alto Networks
|
|
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
|
Martijn Bogaard
,
Niek Timmers
,
Riscure
|
|
Don't Eat Spaghetti with a Spoon - An Analysis of the Practical Value of Threat Intelligence
|
Charl van der Walt
,
Sid Pillarisetty
,
SensePost SecureData
,
SecureData
|
|
When Machines Can't Talk: Security and Privacy Issues of Machine-to-Machine Data Protocols
|
Federico Maggi
,
Davide Quarta
,
Trend Micro, Inc.
,
EURECOM
|
|
Locknote: Conclusions and Key Takeaways from Black Hat Europe 2018
|
Jeff Moss
,
Global Commission on the Stability of Cyberspace
|
|
Off-Path Attacks Against PKI
|
Haya Shulman
,
Elias Heftrig
,
Fraunhofer Institute for Secure Information Technology SIT
|
|
PASTA: Portable Automotive Security Testbed with Adaptability
|
Tsuyoshi Toyama
,
Takuya Yoshida
,
Hisashi Oguma
,
Tsutomu Matsumoto
,
Toyota InfoTechnology Center
,
Yokohama National University
|
|
Real-Time Detection of Attacks Leveraging Domain Administrator Privilege
|
Wataru Matsuda
,
Mariko Fujimoto
,
Takuho Mitsunaga
,
The University of Tokyo
|
|
Developments and Challenges in Cybersecurity from the Nation-State Perspective
|
Marina Kaljurand
,
Global Commission on the Stability of Cyberspace
|
|
Deep Impact: Recognizing Unknown Malicious Activities from Zero Knowledge
|
Hiroshi Suzuki
,
Hisao Nashiwa
,
Internet Initiative Japan Inc.
|
|
Broken Links: Emergence and Future of Software-Supply Chain Compromises
|
Ryan Kazanciyan
,
Tanium
|
|
Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX
|
Tim (Wadhwa-)Brown
,
Cisco Systems
|
|
Keeping Secrets: Emerging Practice in Database Encryption
|
Kenn White
,
MongoDB
|
|
Drill Apple Core: Up and Down - Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit
|
Dongyang Wu
,
Yuefeng Li
,
Juwei Lin
,
Trend Micro, Inc.
|
|
Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling
|
Kristin Del Rosso
,
Michael Flossman
,
Lookout
|
|
Evolving Security Experts Among Teenagers
|
Nahman Khayet
,
Shlomi Boutnaru
,
Rezilion
|
|
DeepPhish: Simulating Malicious AI
|
Alejandro Correa Bahnsen
,
Cyxtera Technologies
|
|
Straight Outta VMware: Modern Exploitation of the SVGA Device for Guest-to-Host Escapes
|
Zisis Sialveras
,
CENSUS S.A.
|
|
Attacking and Defending Blockchains: From Horror Stories to Secure Wallets
|
Jean-Philippe Aumasson
,
Kudelski Security
|
|
Perception Deception: Physical Adversarial Attack Challenges and Tactics for DNN-Based Object Detection
|
Zhenyu Zhong
,
Weilin Xu
,
Yunhan Jia
,
Tao Wei
,
X-Lab, Baidu USA
,
Department of Computer Science at the University of Virginia
,
Baidu Security Lab
|
|
How to Build Synthetic Persons in Cyberspace
|
Fernando Maymi
,
Alex Nickels
,
Soar Technology
|
|
The Undeniable Truth: How Remote Attestation Circumvents Deniability Guarantees in Secure Messaging Protocols
|
Lachlan Gunn
,
Ricardo Vieitez Parra
,
N Asokan
,
Aalto University
|
|
Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC
|
Neil Wyler
,
Bart Stump
,
RSA
,
Red Sky Solutions, LLC
|
|
No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank
|
Riccardo Spolaor
,
Riccardo Bonafede
,
Veelasha Moonsamy
,
Mauro Conti
,
University of Oxford, UK
,
University of Padua, Italy
,
Utrecht University, The Netherlands
|
|
SDL at Scale: Growing Security Champions
|
Ryan O'Boyle
,
CA Veracode
|
|
Video Killed the Text Star: OSINT Approach
|
Francisco Gomez
,
Cesar Jimenez
,
Devo Inc
|