Star 0


Title Humans
Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators Tongbo Luo , Xing Jin , Palo Alto Networks
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions Vincent Tan , Vantage Point Security
Ouroboros: Tearing Xen Hypervisor with the Snake Shangcong Luan , Alibaba Group Holding Limited
Capturing 0day Exploits with PERFectly Placed Hardware Traps Cody Pierce , Matt Spisak , Kenneth Fitch , Endgame
The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack Lei Ji , Yunding Jian , Qihoo 360 Technology Co., Ltd
What's the DFIRence for ICS? Chris Sistrunk , Josh Triplett , FireEye, Inc.
Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools Wesley McGrew , HORNE Cyber
TCP Injection Attacks in the Wild - A Large Scale Study Gabi Nakibly , Rafael -- Advanced Defense Systems
Unleash the Infection Monkey: A Modern Alternative to Pen-Tests Ofri Ziv , Guardicore
Horse Pill: A New Type of Linux Rootkit Michael Leibowitz , Intel Corporation
Windows 10 Segment Heap Internals Mark Vincent Yason , IBM
Beyond the MCSE: Active Directory for the Security Professional Sean Metcalf , Trimarc
Drone Attacks on Industrial Wireless: A New Front in Cyber Security Jeff Melrose , Yokogawa
The Remote Malicious Butler Did It! Tal Be'ery , Chaim Hoch , Microsoft Corporation
Breaking FIDO: Are Exploits in There? Jerrod Chong , Yubico
Side-Channel Attacks on Everyday Applications Taylor Hornby , Zcash
Can You Trust Me Now? An Exploration into the Mobile Threat Landscape Josh Thomas , Shawn Moyer , Atredis Partners
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX Yeongjin Jang , Sangho Lee , Taesoo Kim , Georgia Institute of Technology
When Governments Attack: State Sponsored Malware Attacks Against Activists Lawyers and Journalists Cooper Quintin , Eva Galperin , Electronic Frontier Foundation
Hackproofing Oracle eBusiness Suite David Litchfield , Google Inc.
Xenpwn: Breaking Paravirtualized Devices Felix Wilhelm , ERNW GmbH
Memory Forensics Using Virtual Machine Introspection for Cloud Computing Tobias Zillner , Zillner IT-Security
Samsung Pay: Tokenized Numbers Flaws and Issues Salvador Mendoza , Modesto Junior College
Augmenting Static Analysis Using Pintool: Ablation Paul Mehta , Cylance Inc.
badWPAD Maxim Goncharov , Trend Micro, Inc.
Cyber War in Perspective: Analysis from the Crisis in Ukraine Kenneth Geers , NATO Cyber Centre
1000 Ways to Die in Mobile OAuth Yuan Tian , Eric Chen , Shuo Chen , Yutong Pei , Robert Kotcher , Patrick Tague , Carnegie Mellon University , Gridspace , Microsoft Research , Uber , Expii
An Inconvenient Trust: User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems Patrick Gage Kelley , University of New Mexico
Applied Machine Learning for Data Exfil and Other Fun Topics Matt Wolff , Brian Wallace , Xuan Zhao , Cylance
I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache Cara Marie , NCC Group
When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement Jennifer Granick , Riana Pfefferkorn , Stanford Center for Internet and Society
Cunning with CNG: Soliciting Secrets from Schannel Jake Kambic
Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits Yulong Zhang , Tao Wei , Baidu Security Lab
Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process Anders Fogh , Daniel Gruss , Protect Software GmbH , Graz University Of Technology
Crippling HTTPS with Unholy PAC Itzik Kotler , Amit Klein , SafeBreach
GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Slawomir Jasek , SecuRing
Analysis of the Attack Surface of Windows 10 Virtualization-Based Security Rafal Wojtczuk , Bromium
Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root Liang Chen , Qidan He , Marco Grassi , Yubin Fu , Tencent Keen Security Lab
AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion Alexei Bulazel , Rensselaer Polytechnic Institute
CANSPY: A Platform for Auditing CAN Devices Jonathan-Christofer Demay , Arnaud Lebrun , AIRBUS Defence and Space CyberSecurity
Advanced CAN Injection Techniques for Vehicle Networks Charlie Miller , Chris Valasek , Uber ATC
OSS Security Maturity: Time to Put On Your Big Boy Pants! Jake Kouns , Christine Gadsby , Risk Based Security , BlackBerry
Does Dropping USB Drives in Parking Lots and Other Places Really Work? Elie Bursztein , Google Inc.
Access Keys Will Kill You Before You Kill the Password Loic Simon , NCC Group
Brute-Forcing Lockdown Harddrive PIN Codes Colin O'Flynn
SGX Secure Enclaves in Practice: Security and Crypto Review Jean-Philippe Aumasson , Luis Merino , Kudelski Security
HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things Catherine (Kate) Pearce , Carl Vincent , Cisco Systems
Keystone Engine: Next Generation Assembler Framework Nguyen Anh Quynh
A Retrospective on the Use of Export Cryptography David Adrian , University of Michigan
Understanding HL7 2.x Standards Pen Testing and Defending HL7 2.x Messages Anirudh Duggal , Royal Philips - Healthcare
Behind the Scenes of iOS Security Ivan Krstic , Apple
HTTP Cookie Hijacking in the Wild: Security and Privacy Implications Suphannee Sivakorn , Jason Polakis , Columbia University
The Tao of Hardware the Te of Implants Joe FitzPatrick ,
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Sean Devlin , Hanno Böck , Aaron Zauner , Philipp Jovanovic , SBA-Research , Swiss Federal Institute of Technology Lausanne (EPFL)
Pangu 9 Internals Tielei Wang , Hao Xu , Xiaobo Chen , PanguTeam
Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter John Seymour , Philip Tully , ZeroFOX
The Art of Reverse Engineering Flash Exploits Jeong Wook Oh , Microsoft Corporation
An Insider's Guide to Cyber-Insurance and Security Guarantees Jeremiah Grossman , SentinelOne
Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization Nan Zhang , System Security Lab, Indiana University Bloomington
Breaking Hardware-Enforced Security with Hypervisors Joseph Sharkey , Siege Technologies
Breaking Payment Points of Interaction (POI) Nir Valtman , Patrick Watson , NCR Corporation
Investigating DDOS - Architecture Actors and Attribution Elliott Peterson , Andre Correa , Federal Bureau of Investigation , Malware Patrol -
Security Through Design - Making Security Better by Designing for People Jelle Niemantsverdriet , Deloitte
Web Application Firewalls: Analysis of Detection Logic Vladimir Ivanov , Positive Technologies
Hardening AWS Environments and Automating Incident Response for AWS Compromises Andrew Krug , Alex McCormack
Iran's Soft-War for Internet Dominance Claudio Guarnieri , Collin Anderson
Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network Neil Wyler , Bart Stump , RSA , Optiv Security
The Hidden Architecture of our Time: Why This Internet Worked How We Could Lose It and the Role Hackers Play Dan Kaminsky , White Ops
A Lightbulb Worm? Colin O'Flynn
Captain Hook: Pirating AVs to Bypass Exploit Mitigations Udi Yavo , Tomer Bitton , enSilo Inc
Language Properties of Phone Scammers: Cyberdefense at the Level of the Human Judith Tabron , Hofstra University
Welcome & Introduction to Black Hat USA 2016 Jeff Moss , U.S. Department of Homeland Security Advisory Council
Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks Nethanel Gelernter , Cyberpion
Blunting the Phisher's Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges Arun Vishwanath , University at Buffalo
Towards a Holistic Approach in Building Intelligence to Fight Crimeware Dhia Mahjoub , Mykhailo Sakaly , Thomas Mathew , OpenDNS , Intel 471
Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf Luyi Xing , Xiaolong Bai , System Security Lab, Indiana University Bloomington , TNList, Tsinghua University, Beijing
Using EMET to Disable EMET Abdulellah Alsaheel , Raghav Pande , FireEye, Inc.
Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy Marco Ortisi , ENCS (European Network for CyberSecurity)
Hacking Next-Gen ATMs: From Capture to Cashout Weston Hecker , Rapid7
Watching Commodity Malware Get Sold to a Targeted Actor Israel Barak , Cybereason
Windows 10 Mitigation Improvements Matt Miller , David Weston , Microsoft Corporation
The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android Nick Kralevich , Google Inc.
Account Jumping Post Infection Persistency & Lateral Movement in AWS Dan Amiga , Dor Knafo , Fireglass
PINdemonium: A DBI-Based Generic Unpacker for Windows Executable Sebastiano Mariani , Lorenzo Fontana , Polimi
Building a Product Security Incident Response Team: Learnings from the Hivemind Kymberlee Price , Bugcrowd
$hell on Earth: From Browser to System Compromise Matt Molinyawe , Jasiel Spelman , Abdul-Aziz Hariri , Joshua Smith , Trend Micro's Zero Day Initiative
Building Trust & Enabling Innovation for Voice Enabled IoT Lynn Terwoerds , Executive Women's Forum
Pwning Your Java Messaging with Deserialization Vulnerabilities Matthias Kaiser , Code White
Over the Edge: Silently Owning Windows 10's Secure Browser Erik Bosman , Kaveh Razavi , Herbert Bos , Cristiano Giuffrida , Vrije Universiteit Amsterdam
The Year in Flash Natalie Silvanovich , Google Inc.
Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency Sean Malone , FusionX
Dark Side of the DNS Force Erik Wu , Acalvio
HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows Tom Van Goethem , Mathy Vanhoef , KU Leuven
BadTunnel: How Do I Get Big Brother Power? Yang Yu , Tencent, Inc.
A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land Alvaro Munoz , Oleksandr Mirosh , Hewlett Packard Enterprise
Demystifying the Secure Enclave Processor Tarjei Mandt , Mathew Solnik , David Wang , Azimuth Security , OffCell Research
The Linux Kernel Hidden Inside Windows 10 Alex Ionescu , CrowdStrike, Inc.
AirBnBeware: Short Term Rentals Long Term Pwnage Jeremy Galloway , Atlassian
Dungeons Dragons and Security Tiphaine Romand Latapie , Airbus Group Innovations
Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace Jason Healey , Columbia University SIPA
VOIP WARS: The Phreakers Awaken Fatih Ozavci , Context Information Security Ltd.
PLC-Blaster: A Worm Living Solely in the PLC Ralf Spenneberg , Maik Brüggemann , Hendrik Schwartke , OpenSource Security Ralf Spenneberg
Into The Core - In-Depth Exploration of Windows 10 IoT Core Paul Sabanal , IBM Security X-Force
DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes Rodrigo Rubira Branco , Rohit Mothe , Intel Corporation
An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network Konstantin Berlin , Invincea Labs, LLC
O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications Yuhei Otsubo , National Police Agency, Japan
Viral Video - Exploiting SSRF in Video Converters Nikolay Ermishkin , Maxim Andreev , Group
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It Nikhil Mittal
Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable Tom Nipravsky , Deep Instinct
Measuring Adversary Costs to Exploit Commercial Software: The Government-Bootstrapped Non-Profit C.I.T.L. Mudge , Sarah Zatko , CITL
Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking? Changhoon Yoon , Seungsoo Lee , KAIST
Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud Aude Marzuoli , Pindrop
Abusing Bleeding Edge Web Standards for AppSec Glory Bryant Zadegan , Ryan Lester , The Advisory Board Company , Cyph
Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness Zinaida Benenson , University of Erlangen-Nuremberg
Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI Sergey Bratus , Maxwell Koo , Julian Bangert , Dartmouth College , Narf Industries , MIT
The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM Ralf Hund , VMRay
Crumbling the Supercookie and Other Ways the FCC Protects Your Internet Traffic Travis LeBlanc , Jonathan Mayer , Federal Communications Commission
Design Approaches for Security Automation Peleus Uhley , Adobe Systems, Inc.
GreatFET: Making GoodFET Great Again Michael Ossmann , Great Scott Gadgets