|
COMMSEC: Somebody Call a Doctor: Hacking a Hospital for Fun and Profit
|
Asaf Cohen
,
Ofir Kamil
,
Maglan
|
|
COMMSEC: Keynterceptor: Press Any Key to Continue
|
Niels van Dijkhuizen
,
CSIRT
|
|
COMMSEC: Steganography Ante Portas
|
Steffen Wendzel
,
Worms University of Applied Sciences
|
|
Mirror Mirror: Rooting Android 8 with a Kernel Space Mirroring Attack
|
Yong Wang
,
Yang Song
,
Alibaba Group Holding Limited
|
|
3-DAY TRAINING 2: Modern Malware Warfare: Basics, Delivery, and Advanced Analysis
|
Dr. Jared DeMott
,
Josh Stroschein
,
VDA Labs
|
|
COMMSEC: Smart Contract (In)Security
|
Ben Schmidt
,
PolySwarm
|
|
The Odd One: Applying Machine Learning to User Behavior Anomaly Analysis
|
Eugene Neyolov
,
ERPScan
|
|
COMMSEC: Digging Deep: How to Find and Exploit Bugs in IoT Devices
|
Kelvin Wong
|
|
TRAINING 3 – Making and Breaking Machine Learning Systems
|
Clarence Chio
,
Shape Security
|
|
Look Ma, No Win32_Process Needed: Expanding Your WMI Lateral Movement Arsenal
|
Philip Tsukerman
,
Cybereason Innovation Team
|
|
Yoga for Hackers: Aligning your (Chakra) Core
|
Nadira Mohsin
|
|
From Quantitative Change to Qualitative Change – A New Fuzzing Method for Android
|
Zhang Qing
,
Bai Guangdong
,
Xiaomi Inc.
,
Singapore Institute of Technology
|
|
COMMSEC: Privacy and Protection for Criminals: Behaviors and Patterns of Rogue Hosting Providers
|
Sarah Brown
,
Dhia Mahjoub
,
Security Links
,
Cisco Umbrella (OpenDNS)
|
|
Mind the Gap: Uncovering the Android Patch Gap Through Binary-Only Patch Level Analysis
|
Karsten Nohl
,
Jakob Lell
,
SRLabs
|
|
HITB LAB: Wireless Hacking with HackCUBE
|
Yunding Jian
,
Jie Fu
,
Chaoran Wang
,
Qihoo 360 Technology Co., Ltd
|
|
Defense-in-Depth Techniques for Modern Web Applications and Google’s Journey with CSP
|
Michele Spagnuolo
,
Lukas Weichselbaum
,
Google Inc.
|
|
3-DAY TRAINING 4 – Source Code Auditing Like a Ninja
|
Joern Schneeweisz
,
Stefan Seefeldt
,
Recurity Labs
|
|
HITB LAB: From Zero to ARM Assembly Bind Shellcode
|
Maria ‘Azeria’ Markstedter
,
Azeria Labs
|
|
HITB LAB: A Hands On Introduction To Software Defined Radio
|
Didier Stevens
,
NVISO
|
|
Reference This: Sandbox Evasion Using VBA Referencing
|
Aviv Grafi
,
Amit Dori
,
Votiro
|
|
Sneaky Element: Real World Attacks Against Secure Elements
|
Don Bailey
,
Lab Mouse Security
|
|
Yoga for Hackers: Aligning your (Chakra) Core
|
Nadira Mohsin
|
|
Ghost Tunnel: Covert Data Exfiltration Channel to Circumvent Air Gapping
|
Jun Li
,
Kunzhe Chai
,
Hongjian Cao
,
Qihoo 360 Technology Co., Ltd
|
|
Hacking Intelligent Buildings: Pwning KNX & ZigBee Networks
|
HuiYu Wu
,
YuXiang Li
,
Yong Yang
,
Tencent Blade Team
,
Tencent Security Platform Department
|
|
KEYNOTE 2: A Risk Assessment of Logo Disclosures
|
Jennifer Leggio
,
Flashpoint
|
|
WELCOME ADDRESS: Hacks, Sticks, and Carrots: Improving Incentives for Cybersecurity
|
Michel van Eeten
,
Delft University of Technology
|
|
3-DAY TRAINING 6: Out Of The Blue: Attacking BLE, NFC, HCE and More
|
Slawomir Jasek
,
SecuRing
|
|
COMMSEC: PyREBox: Making Dynamic Instrumentation Great Again
|
Xabier Ugarte-Pedrero
,
Cisco Talos Group
|
|
Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit
|
Bernhard Mueller
,
Consensys
|
|
COMMSEC: The Sound of a Targeted Attack: Attacking IoT Speakers
|
Stephen Hilt
,
Trend Micro, Inc.
|
|
3-DAY TRAINING 1: The ARM Exploit Laboratory
|
Saumil Shah
,
SK Chong
,
Net-Square
,
ASK Pentest
|
|
Fuzzing Javascript Engines for Fun and Pwnage
|
Areum Lee
,
Jeonghoon Shin
,
Sejong University
,
B.o.B Program
|
|
COMMSEC: Creating an Isolated Data Center Security Policy Model Using SmartNICs
|
Ofir Arkin
,
Mellanox Technologies
|
|
Brida: When Burp Suite meets Frida
|
Federico Dotta
,
Piergiovanni Cipolloni
,
@Mediaservice.net S.r.l.
|
|
COMMSEC: Faster, Wider, Greater: Modern Pentest Tricks
|
Thomas Debize
,
Wavestone
|
|
Seems Exploitable: Exposing Hidden Exploitable Behaviors Using Extended Differential Fuzzing
|
Fernando Arnaboldi
,
IOActive, Inc.
|
|
COMMSEC: ProdSec: A Technical Approach
|
Jeremy Brown
,
NVIDIA
|
|
In Through The Out Door: Backdooring & Remotely Controlling Cars With The Bicho
|
Sheila Ayelen Berta
,
Claudio Caracciolo
,
Eleven Paths
,
ElevenPaths
|
|
Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
|
Daniel Bohannon
,
Mandiant
|
|
COMMSEC: Under Cover of Darkness: Hiding Tasks via Hardware Task Switching
|
Kyeong Joo Jung
,
Stonybrook University
|
|
COMMSEC: Practical Quantum Computing for Hackers Without a PhD
|
Yann Allain
,
SERMA SAFETY AND SECURITY
|
|
COMMSEC: Still Breaching Your Perimeter – A Deep Dive Into Malicious Documents
|
Josh Stroschein
,
VDA Labs
|
|
COMMSEC: The Life & Death of Kernel Object Abuse
|
Saif ElSherei
,
Ian Kronquist
,
Microsoft Corporation
,
Microsoft Security Response Center (MSRC)
|
|
Mallet: Towards a Generic Intercepting Proxy
|
Rogan Dawes
,
SensePost
|
|
HITB LAB: Friends, Romans, Countrymen – Lend Me Your kernel_task Port
|
Jonathan Levin
,
Technologeeks
|
|
Call Me Maybe: Establishing Covert Channels By Abusing GSM AT Commands
|
Alfonso Munoz
,
Jorge Cuadrado Saez
,
Innovation 4 Security - BBVA Group
|
|
CLOSING KEYNOTE: Security is What We Make of It – Blockchain and Beyond
|
Amber Baldet
,
J.P. Morgan
|
|
3-DAY TRAINING 5 – Pentesting & Exploiting Highly Secured Enterprise Networks
|
Vikram Salunke
,
Vmaskers
|
|
3-DAY TRAINING 7: Mastering Burp Suite Pro: 100% Hands-On
|
Nicolas Gregoire
|
|
COMMSEC: EasyROP: Automatic Generation of ROP Chains Using a Turing-Complete Instruction Set
|
Ricardo J. Rodríguez
,
Daniel Uroz
,
Centro Universitario de la Defensa
|
|
Ticket to Ride: Abusing The Travel and Hospitality Industry for Profit
|
Vladimir Kropotov
,
Fyodor Yarochkin
,
Mayra Fuentes
,
Lion Gu
,
Trend Micro, Inc.
|
|
GSEC LUCKY DRAW: Win a trip to Singapore
|
|
|
Facebook Security Invite-Only Evening
|
|
|
Eating The Core of an Apple: How to Analyze and Find Bugs in MacOS and iOS Kernel Drivers
|
Xiaolong Bai
,
Min (Spark) Zheng
,
Alibaba Group Holding Limited
|
|
KEYNOTE 1: The Future, The Past, and … Wait, Where the Hell are We Now?
|
Marion Marschalek
,
Intel Corporation
|
|
HITB LAB: Predicting Malicious Domains Using Convolutional Neural Networks
|
David Rodriguez
,
Jingchuan Chen
,
Dhia Mahjoub
,
Cisco Umbrella (OpenDNS)
|
|
HITB TCP/IP Party (sponsored by NIXU)
|
|
|
Over The Edge: Pwning The Windows Kernel
|
Rancho Han
,
Tencent Zhanlu Lab
|
|
Attacking Microsoft’s .NET Framework Through CLR
|
Yu Hong
,
Shikang Xing
,
Qihoo 360CERT
|