|
Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators
|
Tongbo Luo
,
Xing Jin
,
Palo Alto Networks
|
|
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
|
Vincent Tan
,
Vantage Point Security
|
|
Ouroboros: Tearing Xen Hypervisor with the Snake
|
Shangcong Luan
,
Alibaba Group Holding Limited
|
|
Capturing 0day Exploits with PERFectly Placed Hardware Traps
|
Cody Pierce
,
Matt Spisak
,
Kenneth Fitch
,
Endgame
|
|
The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack
|
Lei Ji
,
Yunding Jian
,
Qihoo 360 Technology Co., Ltd
|
|
What's the DFIRence for ICS?
|
Chris Sistrunk
,
Josh Triplett
,
FireEye, Inc.
|
|
Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
|
Wesley McGrew
,
HORNE Cyber
|
|
TCP Injection Attacks in the Wild - A Large Scale Study
|
Gabi Nakibly
,
Rafael -- Advanced Defense Systems
|
|
Unleash the Infection Monkey: A Modern Alternative to Pen-Tests
|
Ofri Ziv
,
Guardicore
|
|
Horse Pill: A New Type of Linux Rootkit
|
Michael Leibowitz
,
Intel Corporation
|
|
Windows 10 Segment Heap Internals
|
Mark Vincent Yason
,
IBM
|
|
Beyond the MCSE: Active Directory for the Security Professional
|
Sean Metcalf
,
Trimarc
|
|
Drone Attacks on Industrial Wireless: A New Front in Cyber Security
|
Jeff Melrose
,
Yokogawa
|
|
The Remote Malicious Butler Did It!
|
Tal Be'ery
,
Chaim Hoch
,
Microsoft Corporation
|
|
Breaking FIDO: Are Exploits in There?
|
Jerrod Chong
,
Yubico
|
|
Side-Channel Attacks on Everyday Applications
|
Taylor Hornby
,
Zcash
|
|
Can You Trust Me Now? An Exploration into the Mobile Threat Landscape
|
Josh Thomas
,
Shawn Moyer
,
Atredis Partners
|
|
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX
|
Yeongjin Jang
,
Sangho Lee
,
Taesoo Kim
,
Georgia Institute of Technology
|
|
When Governments Attack: State Sponsored Malware Attacks Against Activists Lawyers and Journalists
|
Cooper Quintin
,
Eva Galperin
,
Electronic Frontier Foundation
|
|
Hackproofing Oracle eBusiness Suite
|
David Litchfield
,
Google Inc.
|
|
Xenpwn: Breaking Paravirtualized Devices
|
Felix Wilhelm
,
ERNW GmbH
|
|
Memory Forensics Using Virtual Machine Introspection for Cloud Computing
|
Tobias Zillner
,
Zillner IT-Security
|
|
Samsung Pay: Tokenized Numbers Flaws and Issues
|
Salvador Mendoza
,
Modesto Junior College
|
|
Augmenting Static Analysis Using Pintool: Ablation
|
Paul Mehta
,
Cylance Inc.
|
|
badWPAD
|
Maxim Goncharov
,
Trend Micro, Inc.
|
|
Cyber War in Perspective: Analysis from the Crisis in Ukraine
|
Kenneth Geers
,
NATO Cyber Centre
|
|
1000 Ways to Die in Mobile OAuth
|
Yuan Tian
,
Eric Chen
,
Shuo Chen
,
Yutong Pei
,
Robert Kotcher
,
Patrick Tague
,
Carnegie Mellon University
,
Gridspace
,
Microsoft Research
,
Uber
,
Expii
|
|
An Inconvenient Trust: User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems
|
Patrick Gage Kelley
,
University of New Mexico
|
|
Applied Machine Learning for Data Exfil and Other Fun Topics
|
Matt Wolff
,
Brian Wallace
,
Xuan Zhao
,
Cylance
|
|
I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache
|
Cara Marie
,
NCC Group
|
|
When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement
|
Jennifer Granick
,
Riana Pfefferkorn
,
Stanford Center for Internet and Society
|
|
Cunning with CNG: Soliciting Secrets from Schannel
|
Jake Kambic
|
|
Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits
|
Yulong Zhang
,
Tao Wei
,
Baidu Security Lab
|
|
Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process
|
Anders Fogh
,
Daniel Gruss
,
Protect Software GmbH
,
Graz University Of Technology
|
|
Crippling HTTPS with Unholy PAC
|
Itzik Kotler
,
Amit Klein
,
SafeBreach
|
|
GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool
|
Slawomir Jasek
,
SecuRing
|
|
Analysis of the Attack Surface of Windows 10 Virtualization-Based Security
|
Rafal Wojtczuk
,
Bromium
|
|
Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root
|
Liang Chen
,
Qidan He
,
Marco Grassi
,
Yubin Fu
,
Tencent Keen Security Lab
|
|
AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion
|
Alexei Bulazel
,
Rensselaer Polytechnic Institute
|
|
CANSPY: A Platform for Auditing CAN Devices
|
Jonathan-Christofer Demay
,
Arnaud Lebrun
,
AIRBUS Defence and Space CyberSecurity
|
|
Advanced CAN Injection Techniques for Vehicle Networks
|
Charlie Miller
,
Chris Valasek
,
Uber ATC
|
|
OSS Security Maturity: Time to Put On Your Big Boy Pants!
|
Jake Kouns
,
Christine Gadsby
,
Risk Based Security
,
BlackBerry
|
|
Does Dropping USB Drives in Parking Lots and Other Places Really Work?
|
Elie Bursztein
,
Google Inc.
|
|
Access Keys Will Kill You Before You Kill the Password
|
Loic Simon
,
NCC Group
|
|
Brute-Forcing Lockdown Harddrive PIN Codes
|
Colin O'Flynn
|
|
SGX Secure Enclaves in Practice: Security and Crypto Review
|
Jean-Philippe Aumasson
,
Luis Merino
,
Kudelski Security
|
|
HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things
|
Catherine (Kate) Pearce
,
Carl Vincent
,
Cisco Systems
|
|
Keystone Engine: Next Generation Assembler Framework
|
Nguyen Anh Quynh
|
|
A Retrospective on the Use of Export Cryptography
|
David Adrian
,
University of Michigan
|
|
Understanding HL7 2.x Standards Pen Testing and Defending HL7 2.x Messages
|
Anirudh Duggal
,
Royal Philips - Healthcare
|
|
Behind the Scenes of iOS Security
|
Ivan Krstic
,
Apple
|
|
HTTP Cookie Hijacking in the Wild: Security and Privacy Implications
|
Suphannee Sivakorn
,
Jason Polakis
,
Columbia University
|
|
The Tao of Hardware the Te of Implants
|
Joe FitzPatrick
,
SecuringHardware.com
|
|
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
|
Sean Devlin
,
Hanno Böck
,
Aaron Zauner
,
Philipp Jovanovic
,
SBA-Research
,
Swiss Federal Institute of Technology Lausanne (EPFL)
|
|
Pangu 9 Internals
|
Tielei Wang
,
Hao Xu
,
Xiaobo Chen
,
PanguTeam
|
|
Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter
|
John Seymour
,
Philip Tully
,
ZeroFOX
|
|
The Art of Reverse Engineering Flash Exploits
|
Jeong Wook Oh
,
Microsoft Corporation
|
|
An Insider's Guide to Cyber-Insurance and Security Guarantees
|
Jeremiah Grossman
,
SentinelOne
|
|
Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization
|
Nan Zhang
,
System Security Lab, Indiana University Bloomington
|
|
Breaking Hardware-Enforced Security with Hypervisors
|
Joseph Sharkey
,
Siege Technologies
|
|
Breaking Payment Points of Interaction (POI)
|
Nir Valtman
,
Patrick Watson
,
NCR Corporation
|
|
Investigating DDOS - Architecture Actors and Attribution
|
Elliott Peterson
,
Andre Correa
,
Federal Bureau of Investigation
,
Malware Patrol - malwarepatrol.net
|
|
Security Through Design - Making Security Better by Designing for People
|
Jelle Niemantsverdriet
,
Deloitte
|
|
Web Application Firewalls: Analysis of Detection Logic
|
Vladimir Ivanov
,
Positive Technologies
|
|
Hardening AWS Environments and Automating Incident Response for AWS Compromises
|
Andrew Krug
,
Alex McCormack
|
|
Iran's Soft-War for Internet Dominance
|
Claudio Guarnieri
,
Collin Anderson
|
|
Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network
|
Neil Wyler
,
Bart Stump
,
RSA
,
Optiv Security
|
|
The Hidden Architecture of our Time: Why This Internet Worked How We Could Lose It and the Role Hackers Play
|
Dan Kaminsky
,
White Ops
|
|
A Lightbulb Worm?
|
Colin O'Flynn
|
|
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
|
Udi Yavo
,
Tomer Bitton
,
enSilo Inc
|
|
Language Properties of Phone Scammers: Cyberdefense at the Level of the Human
|
Judith Tabron
,
Hofstra University
|
|
Welcome & Introduction to Black Hat USA 2016
|
Jeff Moss
,
U.S. Department of Homeland Security Advisory Council
|
|
Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks
|
Nethanel Gelernter
,
Cyberpion
|
|
Blunting the Phisher's Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges
|
Arun Vishwanath
,
University at Buffalo
|
|
Towards a Holistic Approach in Building Intelligence to Fight Crimeware
|
Dhia Mahjoub
,
Mykhailo Sakaly
,
Thomas Mathew
,
OpenDNS
,
Intel 471
|
|
Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf
|
Luyi Xing
,
Xiaolong Bai
,
System Security Lab, Indiana University Bloomington
,
TNList, Tsinghua University, Beijing
|
|
Using EMET to Disable EMET
|
Abdulellah Alsaheel
,
Raghav Pande
,
FireEye, Inc.
|
|
Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy
|
Marco Ortisi
,
ENCS (European Network for CyberSecurity)
|
|
Hacking Next-Gen ATMs: From Capture to Cashout
|
Weston Hecker
,
Rapid7
|
|
Watching Commodity Malware Get Sold to a Targeted Actor
|
Israel Barak
,
Cybereason
|
|
Windows 10 Mitigation Improvements
|
Matt Miller
,
David Weston
,
Microsoft Corporation
|
|
The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android
|
Nick Kralevich
,
Google Inc.
|
|
Account Jumping Post Infection Persistency & Lateral Movement in AWS
|
Dan Amiga
,
Dor Knafo
,
Fireglass
|
|
PINdemonium: A DBI-Based Generic Unpacker for Windows Executable
|
Sebastiano Mariani
,
Lorenzo Fontana
,
Polimi
|
|
Building a Product Security Incident Response Team: Learnings from the Hivemind
|
Kymberlee Price
,
Bugcrowd
|
|
$hell on Earth: From Browser to System Compromise
|
Matt Molinyawe
,
Jasiel Spelman
,
Abdul-Aziz Hariri
,
Joshua Smith
,
Trend Micro's Zero Day Initiative
|
|
Building Trust & Enabling Innovation for Voice Enabled IoT
|
Lynn Terwoerds
,
Executive Women's Forum
|
|
Pwning Your Java Messaging with Deserialization Vulnerabilities
|
Matthias Kaiser
,
Code White
|
|
Over the Edge: Silently Owning Windows 10's Secure Browser
|
Erik Bosman
,
Kaveh Razavi
,
Herbert Bos
,
Cristiano Giuffrida
,
Vrije Universiteit Amsterdam
|
|
The Year in Flash
|
Natalie Silvanovich
,
Google Inc.
|
|
Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency
|
Sean Malone
,
FusionX
|
|
Dark Side of the DNS Force
|
Erik Wu
,
Acalvio
|
|
HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows
|
Tom Van Goethem
,
Mathy Vanhoef
,
KU Leuven
|
|
BadTunnel: How Do I Get Big Brother Power?
|
Yang Yu
,
Tencent, Inc.
|
|
A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land
|
Alvaro Munoz
,
Oleksandr Mirosh
,
Hewlett Packard Enterprise
|
|
Demystifying the Secure Enclave Processor
|
Tarjei Mandt
,
Mathew Solnik
,
David Wang
,
Azimuth Security
,
OffCell Research
|
|
The Linux Kernel Hidden Inside Windows 10
|
Alex Ionescu
,
CrowdStrike, Inc.
|
|
AirBnBeware: Short Term Rentals Long Term Pwnage
|
Jeremy Galloway
,
Atlassian
|
|
Dungeons Dragons and Security
|
Tiphaine Romand Latapie
,
Airbus Group Innovations
|
|
Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace
|
Jason Healey
,
Columbia University SIPA
|
|
VOIP WARS: The Phreakers Awaken
|
Fatih Ozavci
,
Context Information Security Ltd.
|
|
PLC-Blaster: A Worm Living Solely in the PLC
|
Ralf Spenneberg
,
Maik Brüggemann
,
Hendrik Schwartke
,
OpenSource Security Ralf Spenneberg
|
|
Into The Core - In-Depth Exploration of Windows 10 IoT Core
|
Paul Sabanal
,
IBM Security X-Force
|
|
DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes
|
Rodrigo Rubira Branco
,
Rohit Mothe
,
Intel Corporation
|
|
An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network
|
Konstantin Berlin
,
Invincea Labs, LLC
|
|
O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications
|
Yuhei Otsubo
,
National Police Agency, Japan
|
|
Viral Video - Exploiting SSRF in Video Converters
|
Nikolay Ermishkin
,
Maxim Andreev
,
Mail.ru Group
|
|
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
|
Nikhil Mittal
|
|
Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable
|
Tom Nipravsky
,
Deep Instinct
|
|
Measuring Adversary Costs to Exploit Commercial Software: The Government-Bootstrapped Non-Profit C.I.T.L.
|
Mudge
,
Sarah Zatko
,
CITL
|
|
Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking?
|
Changhoon Yoon
,
Seungsoo Lee
,
KAIST
|
|
Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud
|
Aude Marzuoli
,
Pindrop
|
|
Abusing Bleeding Edge Web Standards for AppSec Glory
|
Bryant Zadegan
,
Ryan Lester
,
The Advisory Board Company
,
Cyph
|
|
Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness
|
Zinaida Benenson
,
University of Erlangen-Nuremberg
|
|
Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI
|
Sergey Bratus
,
Maxwell Koo
,
Julian Bangert
,
Dartmouth College
,
Narf Industries
,
MIT
|
|
The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM
|
Ralf Hund
,
VMRay
|
|
Crumbling the Supercookie and Other Ways the FCC Protects Your Internet Traffic
|
Travis LeBlanc
,
Jonathan Mayer
,
Federal Communications Commission
|
|
Design Approaches for Security Automation
|
Peleus Uhley
,
Adobe Systems, Inc.
|
|
GreatFET: Making GoodFET Great Again
|
Michael Ossmann
,
Great Scott Gadgets
|