Star 0

Talks

Title Humans
White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data Karen Neuman , Jacob Osborn , Goodwin , Goodwin Procter LLP
Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process Marina Krotofil , Honeywell
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors Andy Robbins , Will Schroeder , Specter Ops
Adventures in Attacking Wind Farm Control Networks Jason Staggs , University of Tulsa
Evolutionary Kernel Fuzzing Richard Johnson , Cisco Talos Group
Real Humans Simulated Attacks: Usability Testing with Attack Scenarios Lorrie Cranor , Carnegie Mellon University
Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid Robert Lee , Joe Slowik , Ben Miller , Anton Cherepanov , Robert Lipovsky , Dragos, Inc. , ESET
Break
Escalating Insider Threats Using VMware's API Ofri Ziv , GuardiCore
Hacking Hardware with a $10 SD Card Reader Amir Etemadieh , Khoa Hoang , CJ Heres , Cylance , Draper Laboratory
Redesigning PKI to Solve Revocation Expiration and Rotation Problems Brian Knopf , Neustar
rVMI: A New Paradigm for Full System Analysis Jonas Pfoh , Sebastian Vogl , FireEye, Inc.
Exploiting Network Printers Jens Müller , Chair for Network and Data Security, Ruhr University Bochum
Developing Trust and Gitting Betrayed Clint Gibler , Noah Beddome , NCC Group
Free-Fall: Hacking Tesla from Wireless to CAN Bus Sen Nie , Ling Liu , Yuefeng Du , Tencent Keen Security Lab
Behind the Plexiglass Curtain: Stats and Stories from the Black Hat NOC Neil Wyler , Bart Stump , RSA , Red Sky Solutions, LLC
Skype & Type: Keystroke Leakage over VoIP Daniele Lain , Mauro Conti , Gene Tsudik , Alberto Compagno , University of Padua , University of California, Irvine , Cisco Systems
Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions Lidia Giuliano , Mike Spaulding
Intel AMT Stealth Breakthrough Dmitriy Evdokimov , Alexander Ermolov , Maksim Malyutin , Embedi
IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices Tongbo Luo , Zhaoyan Xu , Xin Ouyang , Xing Jin , Palo Alto Networks
Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone Alex Stamos , Facebook
Intel SGX Remote Attestation is Not Sufficient Yogesh Swami , Cryptography Research, Rambus
They're Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention John Ventura , Optiv Security, Inc.
Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices) Gabi Nakibly , The Technion
Bug Collisions Meet Government Vulnerability Disclosure Trey Herr , Jason Healey , Kim Zetter , Lillian Ablon , Katie Moussouris , Belfer Center Cyber Security Project, Harvard Kennedy School , Columbia SIPA , RAND Corporation , Luta Security, Inc.
'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback Haoqi Shan , Jun Li , Yuwei Zheng , Lin Huang , Qing Yang , UnicornTeam, 360 Technology
Go to Hunt Then Sleep David Bianco , Robert Lee , Target , Dragos, Inc.
Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks Yuriy Bulygin , Mikhail Gorobets , Oleksandr Bazhaniuk , Andrew Furtak , McAfee
Business Hall Welcome Reception (Sponsored by Forcepoint McAfee LogRhythm & Tenable Network Security)
Honey I Shrunk the Attack Surface – Adventures in Android Security Hardening Nick Kralevich , Google Inc.
Taking Over the World Through MQTT - Aftermath Lucas Lundgren , IOActive, Inc.
Pwnie Awards Dino Dai Zovi , Capsule8, Inc.
The Epocholypse 2038: What's in Store for the Next 20 Years Mikko Hypponen , F-Secure
Challenges of Cooperation Across Cyberspace Jeff Moss , Marina Kaljurand , Joseph Nye , Bill Woodcock , Khoo Boon Hui , Wolfgang Kleinwachter , Global Commission on the Stability of Cyberspace
The Industrial Revolution of Lateral Movement Tal Be'ery , Tal Maor , Microsoft Corporation
SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers' Lives Much Harder on Mobile Networks Martin Kacer , Philippe Langlois , P1 Security
Breaking the Laws of Robotics: Attacking Industrial Robots Davide Quarta , Marcello Pogliani , Mario Polino , Federico Maggi , Andrea Maria Zanchettin , Stefano Zanero , Politecnico di Milano , Trend Micro, Inc.
Breaking the x86 Instruction Set Christopher Domas , Battelle Memorial Institute
The Art of Securing 100 Products Nir Valtman , NCR Corporation
Coffee Service
Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets Sebastian Lekies , Krzysztof Kotowicz , Eduardo Vela , Google Inc.
Ichthyology: Phishing as a Science Karla Burnett , Stripe
Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound Zhengbo Wang , Wang Kang , Bo Yang , Shangyuan LI , Aimin Pan , Mobile Security Team of Alibaba Group , CAICT , Tsinghua University
RBN Reloaded - Amplifying Signals from the Underground Dhia Mahjoub , David Rodriguez , Jason Passwaters , Cisco Umbrella (OpenDNS) , Intel 471
Web Cache Deception Attack Omer Gil
WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake Mathy Vanhoef , KU Leuven
Attacking Encrypted USB Keys the Hard(ware) Way Jean-Michel Picod , Rémi Audebert , Elie Bursztein , Google Inc.
Blue Pill for Your Phone Oleksandr Bazhaniuk , Yuriy Bulygin
The Active Directory Botnet Ty Miller , Paul Kalinin , Threat Intelligence Pty Ltd
kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse Marios Pomonis , Columbia University
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! Orange Tsai , DEVCORE
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets Nitay Artenstein , Exodus Intelligence
Electronegativity - A Study of Electron Security Luca Carettoni , Doyensec
Influencing the Market to Improve Security Justine Bone , Chris Wysopal , MedSec , Veracode
Friday the 13th: JSON Attacks Alvaro Muñoz , Oleksandr Mirosh , HPE
AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically Jinho Jung , Chanil Jeon , Max Wolotsky , Insu Yun , Taesoo Kim , Georgia Institute of Technology
The Avalanche Takedown: Landslide for Law Enforcement Tom Grasso , Federal Bureau of Investigation - Cyber Division
OpenCrypto: Unchaining the JavaCard Ecosystem Vasilios Mavroudis , George Danezis , Petr Svenda , Dan Cvrcek , University College London , Masaryk University , Enigma Bridge Ltd
Ice Cream Social (Sponsored by Code42 Software Core Security Cybereason Darktrace F5 Networks iboss Malwarebytes & Optiv Security)
WSUSpendu: How to Hang WSUS Clients Romain Coltel , Yves Le Provost , Alsid , ANSSI
Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities Rodrigo Branco , Vincent Zimmer , Bruce Monroe , Intel Corporation
Datacenter Orchestration Security and Insecurity: Assessing Kubernetes Mesos and Docker at Scale Dino Dai Zovi , Capsule8, Inc.
Automated Testing of Crypto Software Using Differential Fuzzing Jean-Philippe Aumasson , Yolan Romailler , Kudelski Security
Practical Tips for Defending Web Applications in the Age of DevOps Zane Lackey , Signal Sciences
Defeating Samsung KNOX with Zero Privilege Di Shen , Tencent Keen Security Lab
Infecting the Enterprise: Abusing Office365+Powershell for Covert C2 Craig Dods , Juniper Networks
Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking Mateusz Jurczyk , Google Project Zero
Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network Omar Eissa , ERNW GmbH
Protecting Visual Assets: Digital Image Counter-Forensics Nikita Mazurov , Kenneth Brown , Malmo University , VMware
Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization Jason Nichols , SAIC
Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers Michael Cherny , Sagie Dulce , Aqua Security
The Adventures of AV and the Leaky Sandbox Itzik Kotler , Amit Klein , SafeBreach
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface James Kettle , PortSwigger Web Security
New Adventures in Spying 3G and 4G Users: Locate Track & Monitor Ravishankar Borgaonkar , Shinjo Park , Lucca Hirschi , Altaf Shaik , Andrew Martin , Jean-Pierre Seifert , University of Oxford , TU Berlin , ETH Zürich
Protecting Pentests: Recommendations for Performing More Secure Tests Wesley McGrew , HORNE Cyber
Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard Sarah Zatko , Eason Goodale , Cyber Independent Testing Lab , Disconnect
The Shadow Brokers – Cyber Fear Game-Changers Matt Suiche , Comae Technologies
Why Most Cyber Security Training Fails and What We Can Do About it Arun Vishwanath , University at Buffalo
Mimosa Bar (Sponsored by AlienVault Arbor Networks Carbon Black CrowdStrike Cylance DarkMatter Digital Guardian & IBM)
Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits Lillian Ablon , RAND Corporation
How We Created the First SHA-1 Collision and What it Means for Hash Security Elie Bursztein , Google Inc.
Game of Chromes: Owning the Web with Zombie Chrome Extensions Tomer Cohen , Wix.com
Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud) Haroon Meer , Marco Slaviero , Thinkst
And Then the Script-Kiddie Said Let There be No Light. Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors? Anastasis Keliris , Mihalis Maniatakos , Charalambos Konstantinou , New York University , New York University Abu Dhabi
Champagne Toast (Sponsored by ESET North America Fidelis Cybersecurity Fortinet Leidos Palo Alto Networks Raytheon & Symantec)
Breaking Electronic Door Locks Like You're on CSI: Cyber Colin O'Flynn , NewAE Technology Inc.
Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software April C. Wright , Verizon Wireline
Evilsploit – A Universal Hardware Hacking Toolkit Chui Yew Leong , Mingming Wan , Guangzhou TYA Information Technology Co., Ltd.
The Future of ApplePwn - How to Save Your Money Timur Yunusov , Positive Technologies
All Your SMS & Contacts Belong to ADUPS & Others Ryan Johnson , Angelos Stavrou , Azzedine Benameur , Kryptowire
Delivering Javascript to World+Dog Kyle Randolph , Optimizely
Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop Yanick Fratantonio , Chenxiong Qian , Simon Pak Ho Chung , Wenke Lee , University of California, Santa Barbara , Georgia Institute of Technology
The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines Natalie Silvanovich , Google Inc.
PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection Traffic Analysis and Beyond Stefan Prandl , Curtin University
Smoothie Social (Sponsored by Bromium Proofpoint Inc. Rapid7 SentinelOne Trend Micro Webroot StackPath & Tanium)
Betraying the BIOS: Where the Guardians of the BIOS are Failing Alex Matrosov , Cylance
Garbage In Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data Hillary Sanders , Sophos Group PLC
Evading Microsoft ATA for Active Directory Domination Nikhil Mittal , PentesterAcademy
Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity Justin Harvey , Accenture
Fighting Targeted Malware in the Mobile Ecosystem Megan Ruthven , Andrew Blaich , Google Inc. , Lookout
What They're Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs Chaim Sanders , Rob Olson , Rochester Institute of Technology/Zerofox , Rochester Institute of Technology
Digital Vengeance: Exploiting the Most Notorious C&C; Toolkits Waylon Grange , Symantec
Fad or Future? Getting Past the Bug Bounty Hype Kymberlee Price , Angelo Prado , Charles Valentine , Lori Rangel , Microsoft Corporation , salesforce.com , Indeed , Silent Circle
Hacking Serverless Runtimes: Profiling AWS Lambda Azure Functions and More Andrew Krug , Graham Jones , Mozilla , Legitscript
Tracking Ransomware End to End Luca Invernizzi , Kylie McRoberts , Elie Bursztein , Google Inc.
Hunting GPS Jammers Vlad Gostomelsky , Spirent Federal
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C; Server Patrick Wardle , Objective-See
So You Want to Market Your Security Product... Aaron Alva , Terrell McSweeny , Federal Trade Commission
Go Nuclear: Breaking Radiation Monitoring Devices Ruben Santamarta , IOActive, Inc.
Wire Me Through Machine Learning Ankit Singh , Vijay Thaware , Symantec
Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev Harold Chun , Norman Barbosa , United States Attorney's Office for the Western District of Washington, U.S. Department of Justice
Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging Write-What-Where Vulnerabilities in Creators Update Morten Schenk , Improsec
ShieldFS: The Last Word in Ransomware Resilient File Systems Andrea Continella , Alessandro Guagnelli , Giovanni Zingaro , Giulio De Pasquale , Alessandro Barenghi , Stefano Zanero , Federico Maggi , Politecnico di Milano , Trend Micro, Inc.
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science Daniel Bohannon , Lee Holmes , Mandiant, a division of FireEye, Inc. , Microsoft Corporation
When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices Billy Rios , Jonathan Butts , Whitescope , QED
Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization Nathan Bates , Bryce Kunz , Adobe Systems, Inc.
Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller Anna Trikalinou , Dan Lake , Intel Corporation
Many Birds One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software Siji Feng , Zhi Zhou , Kun Yang , Beijing Chaitin Tech Co. Ltd.
Intercepting iCloud Keychain Alex Radocea , Longterm Security, Inc.
(in)Security in Building Automation: How to Create Dark Buildings with Light Speed Thomas Brandstetter , Limes Security / University of Applied Sciences St. Poelten
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game Kelly Shortridge , BAE Systems Applied Intelligence
FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches Nicholas Gray , Thomas Zinner , Phuoc Tran-Gia , Manuel Sommer , University of Würzburg/ Chair of Communication Networks , University of Wurzburg
What's on the Wireless? Automating RF Signal Identification Michael Ossmann , Dominic Spill , Great Scott Gadgets
Bot vs. Bot for Evading Machine Learning Malware Detection Hyrum Anderson , Endgame
Exploit Kit Cornucopia Brad Antoniewicz , Matt Foley , Cisco Cloud Security