|
Lyft Cartography: Automating Security Visibility and Democratization
|
|
|
High Performance VM Introspection Using Virtualization Exceptions
|
|
|
Fuzzing Malware for Fun & Profit: Applying Coverage-Guided Fuzzing to Find and Exploit Bugs in Modern Malware
|
Maksim Shudrak
|
|
Capture The Flag
|
Facebook
|
|
Contact Center Authenticaion
|
|
|
Spy Hunter: Reversing Your First Android Surveillanceware
|
Lookout
|
|
Anti-Privacy Anti-Patterns
|
|
|
Building Secure APIs and Web Applications
|
|
|
A Deep Dive into Go Malware: Using Metadata to Empower the Analyst
|
|
|
Opening Remarks
|
|
|
Crypto & Privacy Village
|
|
|
BSides Career Chit-Chat
|
|
|
Self Care for Security Professionals
|
|
|
RFID Hacking
|
NCC Group
|
|
Automating Web Application Bug Hunting
|
Jerry Gamblin
,
Kenna Security
|
|
Profiling "VIP Accounts" Access Patterns in User-Centric Data Streams
|
|
|
Building Identity for an Open Perimeter
|
Netflix, Inc.
|
|
Using Open Source Log Aggregation Tools to Improve Enterprise Security
|
|
|
How to Build an Application Security Program
|
Jerry Gamblin
,
Kenna Security
|
|
Treat the Problems, Not the Symptoms: Baby Steps to a More Secure Active Directory Environment
|
Igal Gofman
,
XM Cyber
|
|
HTTP Security Headers: A Technology History Through Scar Tissue
|
|
|
Closing Ceremony
|
|
|
Making Sense of Unstructured Threat Data
|
|
|
Sponsor Lounge
|
|
|
IoT Village
|
Independent Security Evaluators
|
|
Back to the SOCless Future: Implementing Monitoring & Response Through Automation
|
|
|
Arcades and Audits: What Gaming Can Do for Your Security Posture
|
|
|
Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations
|
Bishop Fox
|
|
Collect All the Data; Protect All the Things
|
|
|
You Might Still Need Patches for Your Denim, but You No Longer Need Them for Prod
|
Google Inc.
|
|
Goldilocks and the Three ATM Attacks
|
|
|
Don't Boil the Ocean: Using MITRE ATT&CK to Guide Hunting Activity
|
Splunk
|
|
Deploying Two-Factor Authentication to Millions of Users
|
|
|
Two-Faces of WASM Security
|
|
|
Abusing WCF Endpoint for RCE and Privilege Escalation
|
|
|
Hacking with a Heads Up Display
|
|
|
How to Fix the Diversity Gap in Cybersecurity
|
Bugcrowd
|
|
Coffee
|
|
|
Practical Threat Modeling
|
|
|
The Secure Metamorphosis: Streaming Logs with Kafka and TLS
|
|
|
Concrete Steps to Create a Security Culture
|
|
|
Living Security Escape Room
|
|
|
Operation PZCHAO
|
|
|
How to Orchestrate a Cyber Security Incident Tabletop Exercise
|
|
|
Ethical Hacking: DIY Mobile Security Workstation (For Cheap)
|
|
|
Offensive Javascript Techniques for Red Teamers (Or Anyone Really)
|
Dylan Ayrey
|
|
Surfing the Motivation Wave to Create Security Behavior Change
|
Elevate Security
|
|
BADPDF: Stealing Windows Credentials via PDF Files
|
Check Point Software Technologies
|
|
Security Automation Simplified
|
Box
|
|
Navigating Passwordless Authentication with FIDO2 & WebAuthn
|
Jerrod Chong
,
Yubico
|
|
Vendor Security: Where Our Data Goes We Follow
|
|
|
Cats? In My Certificate Transparency Logs? It's More Likely Than You Think
|
Scott Behrens
,
Netflix
|
|
Party
|
|
|
Do You Even Tech Anymore: Management & Leadership in Security?
|
|
|
The Path to Infosec Is Not Always Linear
|
|
|
Slack App Security: Securing Your Workspaces from a Bot Uprising
|
Slack
|
|
Strangeways, Here We Come: A Journey from On-Prem to Cloud First with AWS
|
|
|
Attacking Deep Learning-Based NLP Systems with Malicious Word Embeddings
|
|
|
All Your Containers Are Belong to Us
|
|
|
Implementing a Kick-Butt Training Program: BLUE TEAM GO!
|
|
|
Securing Online Identities with Simple, Secure, Open Standards
|
|
|
Monitoring Minimum Viable Security via osquery on Mac, Windows, Linux, and Containers
|
Guillaume Ross
|
|
WHOIS Calling the 80s to Get Their Finger Back: LOL with Old TCP Services
|
|
|
DevSecOps State of the Union
|
Clint Gibler
,
NCC Group
|
|
Beyond AV: Detection-Oriented File Analysis
|
Target
|
|
Reverse Engineering Mobile Apps
|
|
|
Spymaster Challenge
|
|
|
Owning the Smart Home with Logitech Harmony Hub
|
|
|
Guarding Against Protocol Subversion at Coinbase
|
|
|
Bye-Bye False Positives: Using AI to Improve Detection
|
Ivan Novikov
|
|
Shall We Play a Game?
|
|
|
RadRAT: An all-in-one toolkit for complex espionage ops
|
|
|
Conquer the Enterprise from Inside with Penetration Testing Dropboxes
|
Simon Roses Femerling
,
VULNEX
|
|
Containers: Your Ally in Improving Security
|
|
|
Friend or Replicant: How Attackers Automate and Disguise Themselves in a Shroud of Authenticity to Gain Followers, Control Influence, and Malign Credit
|
|
|
Using the Secrets of Behavioral Science to Influence Security
|
|
|
Journey to Command Injection: Hacking the Lenovo ix4-300d
|
|
|
How to Lose a Container in 10 Minutes
|
Microsoft Corporation
|
|
Career Mutation: A Panel on the Evolution to Management in Security
|
|
|
Lockpick Village
|
|
|
Do Androids Dream of Electric Fences?: Defending Android in the Enterprise
|
Google Inc.
|