|
White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data
|
Karen Neuman
,
Jacob Osborn
,
Goodwin
,
Goodwin Procter LLP
|
|
Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process
|
Marina Krotofil
,
Honeywell
|
|
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
|
Andy Robbins
,
Will Schroeder
,
Specter Ops
|
|
Adventures in Attacking Wind Farm Control Networks
|
Jason Staggs
,
University of Tulsa
|
|
Evolutionary Kernel Fuzzing
|
Richard Johnson
,
Cisco Talos Group
|
|
Real Humans Simulated Attacks: Usability Testing with Attack Scenarios
|
Lorrie Cranor
,
Carnegie Mellon University
|
|
Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid
|
Robert Lee
,
Joe Slowik
,
Ben Miller
,
Anton Cherepanov
,
Robert Lipovsky
,
Dragos, Inc.
,
ESET
|
|
Break
|
|
|
Escalating Insider Threats Using VMware's API
|
Ofri Ziv
,
GuardiCore
|
|
Hacking Hardware with a $10 SD Card Reader
|
Amir Etemadieh
,
Khoa Hoang
,
CJ Heres
,
Cylance
,
Draper Laboratory
|
|
Redesigning PKI to Solve Revocation Expiration and Rotation Problems
|
Brian Knopf
,
Neustar
|
|
rVMI: A New Paradigm for Full System Analysis
|
Jonas Pfoh
,
Sebastian Vogl
,
FireEye, Inc.
|
|
Exploiting Network Printers
|
Jens Müller
,
Chair for Network and Data Security, Ruhr University Bochum
|
|
Developing Trust and Gitting Betrayed
|
Clint Gibler
,
Noah Beddome
,
NCC Group
|
|
Free-Fall: Hacking Tesla from Wireless to CAN Bus
|
Sen Nie
,
Ling Liu
,
Yuefeng Du
,
Tencent Keen Security Lab
|
|
Behind the Plexiglass Curtain: Stats and Stories from the Black Hat NOC
|
Neil Wyler
,
Bart Stump
,
RSA
,
Red Sky Solutions, LLC
|
|
Skype & Type: Keystroke Leakage over VoIP
|
Daniele Lain
,
Mauro Conti
,
Gene Tsudik
,
Alberto Compagno
,
University of Padua
,
University of California, Irvine
,
Cisco Systems
|
|
Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions
|
Lidia Giuliano
,
Mike Spaulding
|
|
Intel AMT Stealth Breakthrough
|
Dmitriy Evdokimov
,
Alexander Ermolov
,
Maksim Malyutin
,
Embedi
|
|
IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
|
Tongbo Luo
,
Zhaoyan Xu
,
Xin Ouyang
,
Xing Jin
,
Palo Alto Networks
|
|
Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone
|
Alex Stamos
,
Facebook
|
|
Intel SGX Remote Attestation is Not Sufficient
|
Yogesh Swami
,
Cryptography Research, Rambus
|
|
They're Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention
|
John Ventura
,
Optiv Security, Inc.
|
|
Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices)
|
Gabi Nakibly
,
The Technion
|
|
Bug Collisions Meet Government Vulnerability Disclosure
|
Trey Herr
,
Jason Healey
,
Kim Zetter
,
Lillian Ablon
,
Katie Moussouris
,
Belfer Center Cyber Security Project, Harvard Kennedy School
,
Columbia SIPA
,
RAND Corporation
,
Luta Security, Inc.
|
|
'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback
|
Haoqi Shan
,
Jun Li
,
Yuwei Zheng
,
Lin Huang
,
Qing Yang
,
UnicornTeam, 360 Technology
|
|
Go to Hunt Then Sleep
|
David Bianco
,
Robert Lee
,
Target
,
Dragos, Inc.
|
|
Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
|
Yuriy Bulygin
,
Mikhail Gorobets
,
Oleksandr Bazhaniuk
,
Andrew Furtak
,
McAfee
|
|
Business Hall Welcome Reception (Sponsored by Forcepoint McAfee LogRhythm & Tenable Network Security)
|
|
|
Honey I Shrunk the Attack Surface – Adventures in Android Security Hardening
|
Nick Kralevich
,
Google Inc.
|
|
Taking Over the World Through MQTT - Aftermath
|
Lucas Lundgren
,
IOActive, Inc.
|
|
Pwnie Awards
|
Dino Dai Zovi
,
Capsule8, Inc.
|
|
The Epocholypse 2038: What's in Store for the Next 20 Years
|
Mikko Hypponen
,
F-Secure
|
|
Challenges of Cooperation Across Cyberspace
|
Jeff Moss
,
Marina Kaljurand
,
Joseph Nye
,
Bill Woodcock
,
Khoo Boon Hui
,
Wolfgang Kleinwachter
,
Global Commission on the Stability of Cyberspace
|
|
The Industrial Revolution of Lateral Movement
|
Tal Be'ery
,
Tal Maor
,
Microsoft Corporation
|
|
SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers' Lives Much Harder on Mobile Networks
|
Martin Kacer
,
Philippe Langlois
,
P1 Security
|
|
Breaking the Laws of Robotics: Attacking Industrial Robots
|
Davide Quarta
,
Marcello Pogliani
,
Mario Polino
,
Federico Maggi
,
Andrea Maria Zanchettin
,
Stefano Zanero
,
Politecnico di Milano
,
Trend Micro, Inc.
|
|
Breaking the x86 Instruction Set
|
Christopher Domas
,
Battelle Memorial Institute
|
|
The Art of Securing 100 Products
|
Nir Valtman
,
NCR Corporation
|
|
Coffee Service
|
|
|
Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
|
Sebastian Lekies
,
Krzysztof Kotowicz
,
Eduardo Vela
,
Google Inc.
|
|
Ichthyology: Phishing as a Science
|
Karla Burnett
,
Stripe
|
|
Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound
|
Zhengbo Wang
,
Wang Kang
,
Bo Yang
,
Shangyuan LI
,
Aimin Pan
,
Mobile Security Team of Alibaba Group
,
CAICT
,
Tsinghua University
|
|
RBN Reloaded - Amplifying Signals from the Underground
|
Dhia Mahjoub
,
David Rodriguez
,
Jason Passwaters
,
Cisco Umbrella (OpenDNS)
,
Intel 471
|
|
Web Cache Deception Attack
|
Omer Gil
|
|
WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
|
Mathy Vanhoef
,
KU Leuven
|
|
Attacking Encrypted USB Keys the Hard(ware) Way
|
Jean-Michel Picod
,
Rémi Audebert
,
Elie Bursztein
,
Google Inc.
|
|
Blue Pill for Your Phone
|
Oleksandr Bazhaniuk
,
Yuriy Bulygin
|
|
The Active Directory Botnet
|
Ty Miller
,
Paul Kalinin
,
Threat Intelligence Pty Ltd
|
|
kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse
|
Marios Pomonis
,
Columbia University
|
|
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
|
Orange Tsai
,
DEVCORE
|
|
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
|
Nitay Artenstein
,
Exodus Intelligence
|
|
Electronegativity - A Study of Electron Security
|
Luca Carettoni
,
Doyensec
|
|
Influencing the Market to Improve Security
|
Justine Bone
,
Chris Wysopal
,
MedSec
,
Veracode
|
|
Friday the 13th: JSON Attacks
|
Alvaro Muñoz
,
Oleksandr Mirosh
,
HPE
|
|
AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically
|
Jinho Jung
,
Chanil Jeon
,
Max Wolotsky
,
Insu Yun
,
Taesoo Kim
,
Georgia Institute of Technology
|
|
The Avalanche Takedown: Landslide for Law Enforcement
|
Tom Grasso
,
Federal Bureau of Investigation - Cyber Division
|
|
OpenCrypto: Unchaining the JavaCard Ecosystem
|
Vasilios Mavroudis
,
George Danezis
,
Petr Svenda
,
Dan Cvrcek
,
University College London
,
Masaryk University
,
Enigma Bridge Ltd
|
|
Ice Cream Social (Sponsored by Code42 Software Core Security Cybereason Darktrace F5 Networks iboss Malwarebytes & Optiv Security)
|
|
|
WSUSpendu: How to Hang WSUS Clients
|
Romain Coltel
,
Yves Le Provost
,
Alsid
,
ANSSI
|
|
Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
|
Rodrigo Branco
,
Vincent Zimmer
,
Bruce Monroe
,
Intel Corporation
|
|
Datacenter Orchestration Security and Insecurity: Assessing Kubernetes Mesos and Docker at Scale
|
Dino Dai Zovi
,
Capsule8, Inc.
|
|
Automated Testing of Crypto Software Using Differential Fuzzing
|
Jean-Philippe Aumasson
,
Yolan Romailler
,
Kudelski Security
|
|
Practical Tips for Defending Web Applications in the Age of DevOps
|
Zane Lackey
,
Signal Sciences
|
|
Defeating Samsung KNOX with Zero Privilege
|
Di Shen
,
Tencent Keen Security Lab
|
|
Infecting the Enterprise: Abusing Office365+Powershell for Covert C2
|
Craig Dods
,
Juniper Networks
|
|
Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
|
Mateusz Jurczyk
,
Google Project Zero
|
|
Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network
|
Omar Eissa
,
ERNW GmbH
|
|
Protecting Visual Assets: Digital Image Counter-Forensics
|
Nikita Mazurov
,
Kenneth Brown
,
Malmo University
,
VMware
|
|
Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization
|
Jason Nichols
,
SAIC
|
|
Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
|
Michael Cherny
,
Sagie Dulce
,
Aqua Security
|
|
The Adventures of AV and the Leaky Sandbox
|
Itzik Kotler
,
Amit Klein
,
SafeBreach
|
|
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
|
James Kettle
,
PortSwigger Web Security
|
|
New Adventures in Spying 3G and 4G Users: Locate Track & Monitor
|
Ravishankar Borgaonkar
,
Shinjo Park
,
Lucca Hirschi
,
Altaf Shaik
,
Andrew Martin
,
Jean-Pierre Seifert
,
University of Oxford
,
TU Berlin
,
ETH Zürich
|
|
Protecting Pentests: Recommendations for Performing More Secure Tests
|
Wesley McGrew
,
HORNE Cyber
|
|
Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard
|
Sarah Zatko
,
Eason Goodale
,
Cyber Independent Testing Lab
,
Disconnect
|
|
The Shadow Brokers – Cyber Fear Game-Changers
|
Matt Suiche
,
Comae Technologies
|
|
Why Most Cyber Security Training Fails and What We Can Do About it
|
Arun Vishwanath
,
University at Buffalo
|
|
Mimosa Bar (Sponsored by AlienVault Arbor Networks Carbon Black CrowdStrike Cylance DarkMatter Digital Guardian & IBM)
|
|
|
Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits
|
Lillian Ablon
,
RAND Corporation
|
|
How We Created the First SHA-1 Collision and What it Means for Hash Security
|
Elie Bursztein
,
Google Inc.
|
|
Game of Chromes: Owning the Web with Zombie Chrome Extensions
|
Tomer Cohen
,
Wix.com
|
|
Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud)
|
Haroon Meer
,
Marco Slaviero
,
Thinkst
|
|
And Then the Script-Kiddie Said Let There be No Light. Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?
|
Anastasis Keliris
,
Mihalis Maniatakos
,
Charalambos Konstantinou
,
New York University
,
New York University Abu Dhabi
|
|
Champagne Toast (Sponsored by ESET North America Fidelis Cybersecurity Fortinet Leidos Palo Alto Networks Raytheon & Symantec)
|
|
|
Breaking Electronic Door Locks Like You're on CSI: Cyber
|
Colin O'Flynn
,
NewAE Technology Inc.
|
|
Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software
|
April C. Wright
,
Verizon Wireline
|
|
Evilsploit – A Universal Hardware Hacking Toolkit
|
Chui Yew Leong
,
Mingming Wan
,
Guangzhou TYA Information Technology Co., Ltd.
|
|
The Future of ApplePwn - How to Save Your Money
|
Timur Yunusov
,
Positive Technologies
|
|
All Your SMS & Contacts Belong to ADUPS & Others
|
Ryan Johnson
,
Angelos Stavrou
,
Azzedine Benameur
,
Kryptowire
|
|
Delivering Javascript to World+Dog
|
Kyle Randolph
,
Optimizely
|
|
Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
|
Yanick Fratantonio
,
Chenxiong Qian
,
Simon Pak Ho Chung
,
Wenke Lee
,
University of California, Santa Barbara
,
Georgia Institute of Technology
|
|
The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines
|
Natalie Silvanovich
,
Google Inc.
|
|
PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection Traffic Analysis and Beyond
|
Stefan Prandl
,
Curtin University
|
|
Smoothie Social (Sponsored by Bromium Proofpoint Inc. Rapid7 SentinelOne Trend Micro Webroot StackPath & Tanium)
|
|
|
Betraying the BIOS: Where the Guardians of the BIOS are Failing
|
Alex Matrosov
,
Cylance
|
|
Garbage In Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data
|
Hillary Sanders
,
Sophos Group PLC
|
|
Evading Microsoft ATA for Active Directory Domination
|
Nikhil Mittal
,
PentesterAcademy
|
|
Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity
|
Justin Harvey
,
Accenture
|
|
Fighting Targeted Malware in the Mobile Ecosystem
|
Megan Ruthven
,
Andrew Blaich
,
Google Inc.
,
Lookout
|
|
What They're Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs
|
Chaim Sanders
,
Rob Olson
,
Rochester Institute of Technology/Zerofox
,
Rochester Institute of Technology
|
|
Digital Vengeance: Exploiting the Most Notorious C&C; Toolkits
|
Waylon Grange
,
Symantec
|
|
Fad or Future? Getting Past the Bug Bounty Hype
|
Kymberlee Price
,
Angelo Prado
,
Charles Valentine
,
Lori Rangel
,
Microsoft Corporation
,
salesforce.com
,
Indeed
,
Silent Circle
|
|
Hacking Serverless Runtimes: Profiling AWS Lambda Azure Functions and More
|
Andrew Krug
,
Graham Jones
,
Mozilla
,
Legitscript
|
|
Tracking Ransomware End to End
|
Luca Invernizzi
,
Kylie McRoberts
,
Elie Bursztein
,
Google Inc.
|
|
Hunting GPS Jammers
|
Vlad Gostomelsky
,
Spirent Federal
|
|
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C; Server
|
Patrick Wardle
,
Objective-See
|
|
So You Want to Market Your Security Product...
|
Aaron Alva
,
Terrell McSweeny
,
Federal Trade Commission
|
|
Go Nuclear: Breaking Radiation Monitoring Devices
|
Ruben Santamarta
,
IOActive, Inc.
|
|
Wire Me Through Machine Learning
|
Ankit Singh
,
Vijay Thaware
,
Symantec
|
|
Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev
|
Harold Chun
,
Norman Barbosa
,
United States Attorney's Office for the Western District of Washington, U.S. Department of Justice
|
|
Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging Write-What-Where Vulnerabilities in Creators Update
|
Morten Schenk
,
Improsec
|
|
ShieldFS: The Last Word in Ransomware Resilient File Systems
|
Andrea Continella
,
Alessandro Guagnelli
,
Giovanni Zingaro
,
Giulio De Pasquale
,
Alessandro Barenghi
,
Stefano Zanero
,
Federico Maggi
,
Politecnico di Milano
,
Trend Micro, Inc.
|
|
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
|
Daniel Bohannon
,
Lee Holmes
,
Mandiant, a division of FireEye, Inc.
,
Microsoft Corporation
|
|
When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices
|
Billy Rios
,
Jonathan Butts
,
Whitescope
,
QED
|
|
Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization
|
Nathan Bates
,
Bryce Kunz
,
Adobe Systems, Inc.
|
|
Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller
|
Anna Trikalinou
,
Dan Lake
,
Intel Corporation
|
|
Many Birds One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software
|
Siji Feng
,
Zhi Zhou
,
Kun Yang
,
Beijing Chaitin Tech Co. Ltd.
|
|
Intercepting iCloud Keychain
|
Alex Radocea
,
Longterm Security, Inc.
|
|
(in)Security in Building Automation: How to Create Dark Buildings with Light Speed
|
Thomas Brandstetter
,
Limes Security / University of Applied Sciences St. Poelten
|
|
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
|
Kelly Shortridge
,
BAE Systems Applied Intelligence
|
|
FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches
|
Nicholas Gray
,
Thomas Zinner
,
Phuoc Tran-Gia
,
Manuel Sommer
,
University of Würzburg/ Chair of Communication Networks
,
University of Wurzburg
|
|
What's on the Wireless? Automating RF Signal Identification
|
Michael Ossmann
,
Dominic Spill
,
Great Scott Gadgets
|
|
Bot vs. Bot for Evading Machine Learning Malware Detection
|
Hyrum Anderson
,
Endgame
|
|
Exploit Kit Cornucopia
|
Brad Antoniewicz
,
Matt Foley
,
Cisco Cloud Security
|