Star 1


Title Humans
Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild Jean-Ian Boutin , Frederic Vachon , ESET
RustZone: Writing Trusted Applications in Rust Eric Evenchick , Atredis Partners
Level Up Your Security Mindset Nathan Hamiel , Kudelski Security
Network Defender Archeology: An NSM Case Study in Lateral Movement with DCOM Justin Warner , Alex Sirr , Gigamon
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces Igor Korkin
Container Attack Surface Reduction Beyond Name Space Isolation Azzedine Benameur , Jay Chien-An Chen , Lei Ding , Michalis Polychronakis , Accenture Security Lab , Computer Science Department Stony Brook University
AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace Vijay Thaware , Niranjan Agnihotri , Symantec
The Last Line of Defense: Understanding and Attacking Apple File System on iOS Xiaolong Bai , Min (Spark) Zheng , Alibaba Inc.
Old New Things: An Examination of the Philips TriMedia Architecture Nahuel Cayetano Riva , Quarkslab
A Measured Response to a Grain of Rice Joe FitzPatrick ,
Attacking Hardware Systems Using Resonance and the Laws of Physics Ivan Reedman , IBM X-Force Red
Thermanator and the Thermal Residue Attack Tyler Kaczmarek , Ercan Ozturk , Gene Tsudik , UC Irvine
In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild Nick Sullivan , Luke Valenta , Cloudflare , University of Pennsylvania
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses Martijn Bogaard , Niek Timmers , Riscure
Cutting Edge: Microsoft Browser Security — From People Who Owned It Chuanda Ding , Zhipeng Huo , Wei Wei , Tencent Security Xuanwu Lab
Eternal War in XNU Kernel Objects Min (Spark) Zheng , Xiaolong Bai , Hunter@OrionLab , Alibaba Inc.
I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor Takuya Watanabe , NTT
BLEEDINGBIT: Your APs Belong to Us Ben Seri , Dor Zusman , Armis
The Mummy 2018 – Microsoft Accidentally Summons Back Ugly Attacks from the Past Ran Menscher , Ran Menscher Security Research
Perfectly Deniable Steganographic Disk Encryption Dominic Schaub , Discrete Integration Corp.
When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence Magal Baz , Tom Sela , Illusive Networks
Cloud-Native Sandboxes for Microservices: Understanding New Threats and Attacks Tongbo Luo , Zhaoyan Xu , , Palo Alto Networks
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses Martijn Bogaard , Niek Timmers , Riscure
Don't Eat Spaghetti with a Spoon - An Analysis of the Practical Value of Threat Intelligence Charl van der Walt , Sid Pillarisetty , SensePost SecureData , SecureData
When Machines Can't Talk: Security and Privacy Issues of Machine-to-Machine Data Protocols Federico Maggi , Davide Quarta , Trend Micro, Inc. , EURECOM
Locknote: Conclusions and Key Takeaways from Black Hat Europe 2018 Jeff Moss , Global Commission on the Stability of Cyberspace
Off-Path Attacks Against PKI Haya Shulman , Elias Heftrig , Fraunhofer Institute for Secure Information Technology SIT
PASTA: Portable Automotive Security Testbed with Adaptability Tsuyoshi Toyama , Takuya Yoshida , Hisashi Oguma , Tsutomu Matsumoto , Toyota InfoTechnology Center , Yokohama National University
Real-Time Detection of Attacks Leveraging Domain Administrator Privilege Wataru Matsuda , Mariko Fujimoto , Takuho Mitsunaga , The University of Tokyo
Developments and Challenges in Cybersecurity from the Nation-State Perspective Marina Kaljurand , Global Commission on the Stability of Cyberspace
Deep Impact: Recognizing Unknown Malicious Activities from Zero Knowledge Hiroshi Suzuki , Hisao Nashiwa , Internet Initiative Japan Inc.
Broken Links: Emergence and Future of Software-Supply Chain Compromises Ryan Kazanciyan , Tanium
Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX Tim (Wadhwa-)Brown , Cisco Systems
Keeping Secrets: Emerging Practice in Database Encryption Kenn White , MongoDB
Drill Apple Core: Up and Down - Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit Dongyang Wu , Yuefeng Li , Juwei Lin , Trend Micro, Inc.
Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling Kristin Del Rosso , Michael Flossman , Lookout
Evolving Security Experts Among Teenagers Nahman Khayet , Shlomi Boutnaru , Rezilion
DeepPhish: Simulating Malicious AI Alejandro Correa Bahnsen , Cyxtera Technologies
Straight Outta VMware: Modern Exploitation of the SVGA Device for Guest-to-Host Escapes Zisis Sialveras , CENSUS S.A.
Attacking and Defending Blockchains: From Horror Stories to Secure Wallets Jean-Philippe Aumasson , Kudelski Security
Perception Deception: Physical Adversarial Attack Challenges and Tactics for DNN-Based Object Detection Zhenyu Zhong , Weilin Xu , Yunhan Jia , Tao Wei , X-Lab, Baidu USA , Department of Computer Science at the University of Virginia , Baidu Security Lab
How to Build Synthetic Persons in Cyberspace Fernando Maymi , Alex Nickels , Soar Technology
The Undeniable Truth: How Remote Attestation Circumvents Deniability Guarantees in Secure Messaging Protocols Lachlan Gunn , Ricardo Vieitez Parra , N Asokan , Aalto University
Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC Neil Wyler , Bart Stump , RSA , Red Sky Solutions, LLC
No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank Riccardo Spolaor , Riccardo Bonafede , Veelasha Moonsamy , Mauro Conti , University of Oxford, UK , University of Padua, Italy , Utrecht University, The Netherlands
SDL at Scale: Growing Security Champions Ryan O'Boyle , CA Veracode
Video Killed the Text Star: OSINT Approach Francisco Gomez , Cesar Jimenez , Devo Inc