|
Abuse of CPE Devices and Recommended Fixes
|
Jonathan Spring
,
Paul Vixie
,
Chris Hallenbeck
,
Carnegie Mellon University
,
Farsight Security, Inc.
,
US-CERT
|
|
Threat Intelligence Library - A New Revolutionary Technology to Enhance the SOC Battle Rhythm!
|
Ryan Trost
|
|
Defeating the Transparency Feature of DBI
|
Kang Li
,
Xiaoning Li
,
University of Georgia
|
|
SAP, Credit Cards, and the Bird that Talks Too Much
|
Ertunga Arsal
,
ESNC
|
|
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications
|
Daniele Gallingani
|
|
Unveiling the Open Source Visualization Engine for Busy Hackers
|
Thibault Reuille
,
Andrew Hay
,
OpenDNS
,
OpenDNS, Inc.
|
|
Multipath TCP: Breaking Today's Networks with Tomorrow's Protocols
|
Catherine Pearce
,
Patrick Thomas
,
Neohapsis
|
|
Digging for IE11 Sandbox Escapes
|
James Forshaw
,
Context Information Security Ltd.
|
|
The Library of Sparta
|
David Raymond
,
Greg Conti
,
Tom Cross
,
USMA
,
West Point
,
Lancope
|
|
What Goes Around Comes Back Around - Exploiting Fundamental Weaknesses in Botnet C&C; Panels!
|
Aditya K Sood
,
Niara, Inc.
|
|
CloudBots: Harvesting Crypto Coins Like a Botnet Farmer
|
Rob Ragan
,
Oscar Salazar
,
Bishop Fox
|
|
Protecting Data In-Use from Firmware and Physical Attacks
|
Steve Weis
,
PrivateCore
|
|
Internet Scanning - Current State and Lessons Learned
|
Mark Schloesser
,
Rapid7
|
|
Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
|
Yeongjin Jang
,
Tielei Wang
,
Byoungyoung Lee
,
Billy Lau
,
Georgia Institute of Technology
|
|
Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells
|
Jacob Holcomb
,
Independent Security Evaluators
|
|
How Smartcard Payment Systems Fail
|
Ross Anderson
,
Cambridge University
|
|
Badger - The Networked Security State Estimation Toolkit
|
Edmond Rogers
,
William Rogers
,
Gabe Weaver
,
University of Illinois
,
University of Illinois at Urbana-Champaign
|
|
I Know Your Filtering Policy Better than You Do: External Enumeration and Exploitation of Email and Web Security Solutions
|
Ben Williams
,
NCC Group
|
|
ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop
|
Alexander Bolshev
,
Gleb Cherbov
,
Digital Security
|
|
Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware
|
Christopher Kruegel
,
Lastline, Inc.
|
|
802.1x and Beyond!
|
Brad Antoniewicz
,
Foundstone
|
|
Governments As Malware Authors: The Next Generation
|
Mikko Hypponen
,
F-Secure
|
|
Reverse Engineering Flash Memory for Fun and Benefit
|
Jeong Wook Oh
,
HP
|
|
Attacking Mobile Broadband Modems Like a Criminal Would
|
Andreas Lindh
,
I Secure Sweden AB
|
|
Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering
|
Martin Johns
,
Ben Stock
,
Sebastian Lekies
,
SAP AG
,
University Erlangen-Nuremberg
|
|
SATCOM Terminals: Hacking by Air, Sea, and Land
|
Ruben Santamarta
,
IOActive, Inc.
|
|
Android FakeID Vulnerability Walkthrough
|
Jeff Forristal
,
Bluebox Security
|
|
Contemporary Automatic Program Analysis
|
Julian Cohen
|
|
Point of Sale System Architecture and Security
|
Lucas Zaichkowsky
,
AccessData
|
|
The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends
|
Lance James
,
John Bambenek
,
Deloitte & Touche LLP
,
Bambenek Consulting
|
|
Thinking Outside the Sandbox - Violating Trust Boundaries in Uncommon Ways
|
Brian Gorenc
,
Jasiel Spelman
,
Zero Day Initiative, HP Security Research
|
|
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring
|
Alex Pinto
,
MLSec Project
|
|
How to Leak a 100-Million-Node Social Graph in Just One Week? - A Reflection on Oauth and API Design in Online Social Networks
|
Pili Hu
,
Wing Cheong Lau
,
The Chinese University of Hong Kong
|
|
Why Control System Cyber-Security Sucks...
|
Dr. Stefan Lders
,
CERN
|
|
Creating a Spider Goat: Using Transactional Memory Support for Security
|
Igor Muttik
,
Alex Nayshtut
,
McAfee / Intel
,
Intel Corporation
|
|
When the Lights Go Out: Hacking Cisco EnergyWise
|
Matthias Luft
,
Ayhan Soner Koca
,
ERNW GmbH
|
|
A Survey of Remote Automotive Attack Surfaces
|
Charlie Miller
,
Christopher Valasek
,
IOActive, Inc.
|
|
Write Once, Pwn Anywhere
|
Yang Yu
,
Tencent, Inc.
|
|
It Just (Net)works: The Truth About iOS 7's Multipeer Connectivity Framework
|
Alban Diquet
,
Data Theorem
|
|
Windows Kernel Graphics Driver Attack Surface
|
Ilja van Sprundel
,
IOActive, Inc.
|
|
Stay Out of the Kitchen: A DLP Security Bake-Off
|
Zach Lanier
,
Kelly Lum
,
Duo Security
|
|
GRR: Find All the Badness, Collect All the Things
|
Greg Castle
,
Google Inc.
|
|
Mobile Device Mismanagement
|
Stephen Breen
,
NTT Com Security
|
|
Lifecycle of a Phone Fraudster: Exposing Fraud Activity from Reconnaissance to Takeover Using Graph Analysis and Acoustical Anomalies
|
Vijay Balasubramaniyan
,
Raj Bandyopadhyay
,
Telvis Calhoun
,
Pindrop Security
|
|
Unwrapping the Truth: Analysis of Mobile Application Wrapping Solutions
|
Ron Gutierrez
,
Stephen Komal
,
Gotham Digital Science
|
|
Pivoting in Amazon Clouds
|
Andres Riancho
|
|
Mission mPOSsible
|
Nils
,
Jon Butler
,
MWR InfoSecurity
|
|
OpenStack Cloud at Yahoo Scale: How to Avoid Disaster
|
Anders Beitnes
,
Yahoo!
|
|
Reverse-Engineering the Supra iBox: Exploitation of a Hardened MSP430-Based Device
|
Braden Thomas
,
Accuvant
|
|
Dynamic Flash Instrumentation for Fun and Profit
|
Timo Hirvonen
,
F-Secure
|
|
Cybersecurity as Realpolitik
|
Dan Geer
,
In-Q-Tel
|
|
48 Dirty Little Secrets Cryptographers Don't Want You To Know
|
Thomas Ptacek
,
Alex Balducci
,
Matasano Security
|
|
Probabilistic Spying on Encrypted Tunnels
|
Brandon Niemczyk
,
Prasad Rao
,
HP
,
HP, Security and Cloud Laboratories
|
|
APT Attribution and DNS Profiling
|
Frankie Li
,
VXRL Research
|
|
Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol
|
Mathew Solnik
,
Marc Blanchou
,
Accuvant LABS
|
|
Learn How to Control Every Room at a Luxury Hotel Remotely: The Dangers of Insecure Home Automation Deployment
|
Jesus Molina
,
Nomeames Group
|
|
MoRE Shadow Walker: The Progression of TLB-Splitting on x86
|
Jacob Torrey
,
Assured Information Security
|
|
Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA?
|
Billy Rios
,
Qualys
|
|
Breaking the Security of Physical Devices
|
Silvio Cesare
,
Qualys
|
|
Bitcoin Transaction Malleability Theory in Practice
|
Daniel Chechik
,
Ben Hayak
,
Trustwave
|
|
SecSi Product Development: Techniques for Ensuring Secure Silicon Applied to Open-Source Verilog Projects
|
Joseph FitzPatrick
,
SecuringHardware.com
|
|
Miniaturization
|
Jason Larsen
,
IOActive, Inc.
|
|
The New Page of Injections Book: Memcached Injections
|
Ivan Novikov
,
Wallarm
|
|
Computrace Backdoor Revisited
|
Vitaliy Kamluk
,
Sergey Belov
,
Anibal Sacco
,
Kaspersky Lab
,
Cubica Labs
|
|
Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces
|
Collin Mulliner
,
Northeastern University
|
|
Saving Cyberspace
|
Jason Healey
,
Atlantic Council
|
|
Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs
|
Tao Wei
,
Yulong Zhang
,
FireEye, Inc.
|
|
Exposing Bootkits with BIOS Emulation
|
Lars Haukli
,
Blue Coat Systems
|
|
Smart Nest Thermostat: A Smart Spy in Your Home
|
Yier Jin
,
Grant Hernandez
,
Daniel Buentello
,
University of Central Florida
,
Mioty
|
|
One Packer to Rule Them All: Empirical Identification, Comparison, and Circumvention of Current Antivirus Detection Techniques
|
Alaeddine Mesbahi
,
Arne Swinnen
,
Verizon
,
NVISO
|
|
The State of Incident Response
|
Bruce Schneier
,
Co3 Systems, Inc.
|
|
Leviathan: Command and Control Communications on Planet Earth
|
Kenneth Geers
,
Kevin Thompson
,
FireEye, Inc.
|
|
A Scalable, Ensemble Approach for Building and Visualizing Deep Code-Sharing Networks Over Millions of Malicious Binaries
|
Joshua Saxe
,
Invincea Labs
|
|
The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques
|
Daniel Lehmann
,
Ahmad-Reza Sadeghi
,
Technische Universitt Darmstadt
,
Technische Universitt Darmstadt & Intel CRI-SC
|
|
Understanding TOCTTOU in the Windows Kernel Font Scaler Engine
|
Yu Wang
,
Qihoo 360
|
|
Understanding IMSI Privacy
|
Ravishankar Borgaonkar
,
Swapnil Udar
,
TU Berlin
,
Aalto University
|
|
Capstone: Next Generation Disassembly Framework
|
Coseinc
,
Nguyen Anh Quynh
|
|
Bringing Software Defined Radio to the Penetration Testing Community
|
Jean-Michel Picod
,
Jonathan-Christofer Demay
,
Arnaud Lebrun
,
AIRBUS Defence and Space CyberSecurity
|
|
Time Trial: Racing Towards Practical Timing Attacks
|
Daniel Mayer
,
Joel Sandin
,
Matasano Security
|
|
The Devil Does Not Exist - The Role of Deception in Cyber
|
Mark Mateski
,
Matt Devost
,
Red Team Journal
,
FusionX, LLC
|
|
My Google Glass Sees Your Passwords!
|
Xinwen Fu
,
Qinggang Yue
,
Zhen Ling
,
University of Massachusetts Lowell
,
Southeast University
|
|
Researching Android Device Security with the Help of a Droid Army
|
Joshua Drake
,
Accuvant LABS
|
|
From Attacks to Action - Building a Usable Threat Model to Drive Defensive Choices
|
Tony Sager
,
Council on CyberSecurity
|
|
SVG: Exploiting Browsers without Image Parsing Bugs
|
Rennie deGraaf
,
iSEC Partners
|
|
How to Wear Your Password
|
Markus Jakobsson
,
Qualcomm
|
|
Extreme Privilege Escalation on Windows 8/UEFI Systems
|
Corey Kallenberg
,
Xeno Kovah
,
John Butterworth
,
Samuel Cornwell
,
The MITRE Corporation
|
|
Abusing Microsoft Kerberos: Sorry You Guys Don't Get It
|
Alva Duckwall
,
Benjamin Delpy
,
Unnamed Startup
|
|
"Nobody is Listening to Your Phone Calls." Really? A Debate and Discussion on the NSA's Activities
|
Mark Jaycox
,
Jamil Jaffer
,
Electronic Frontier Foundation
,
George Mason University School of Law
|
|
Oracle Data Redaction is Broken
|
David Litchfield
,
Datacom TSS
|
|
Why You Need to Detect More Than PtH
|
Matthew Hathaway
,
Jeff Myers
,
Rapid7
|
|
A Journey to Protect Points-of-Sale
|
Nir Valtman
,
NCR
|
|
Reflections on Trusting TrustZone
|
Dan Rosenberg
,
Azimuth Security
|
|
Epidemiology of Software Vulnerabilities: A Study of Attack Surface Spread
|
Kymberlee Price
,
Jake Kouns
,
Synack
,
Risk Based Security
|
|
The Big Chill: Legal Landmines that Stifle Security Research and How to Disarm Them
|
Trey Ford
,
Marcia Hofmann
,
Kevin Bankston
,
Rapid7
,
Law Office of Marcia Hofmann
,
New America Foundation
|
|
Investigating PowerShell Attacks
|
Ryan Kazanciyan
,
Matt Hastings
,
Mandiant, a division of FireEye, Inc.
|
|
RAVAGE - Runtime Analysis of Vulnerabilities and Generation of Exploits
|
Xiaoran Wang
,
Yoel Gluck
,
Salesforce.com
|
|
Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors
|
Rafal Wojtczuk
,
Bromium
|
|
Babar-ians at the Gate: Data Protection at Massive Scale
|
Davi Ottenheimer
,
EMC
|
|
BadUSB - On Accessories that Turn Evil
|
Karsten Nohl
,
Jakob Lell
,
SRLabs
|
|
The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP
|
Antoine Delignat-Lavaud
,
Inria Paris
|
|
Prevalent Characteristics in Modern Malware
|
Rodrigo Branco
,
Gabriel Negreira Barbosa
,
Intel Corporation
|
|
Catching Malware En Masse: DNS and IP Style
|
Dhia Mahjoub
,
Thibault Reuille
,
Andree Toonk
,
OpenDNS
|
|
A Practical Attack Against VDI Solutions
|
Daniel Brodie
,
Michael Shaulov
,
Lacoon Mobile Security
|
|
Data-Only Pwning Microsoft Windows Kernel: Exploitation of Kernel Pool Overflows on Microsoft Windows 8.1
|
Nikita Tarakanov
|
|
VoIP Wars: Attack of the Cisco Phones
|
Fatih Ozavci
,
Sense of Security Pty Ltd
|
|
Abusing Performance Optimization Weaknesses to Bypass ASLR
|
Byoungyoung Lee
,
Yeongjin Jang
,
Tielei Wang
,
Georgia Institute of Technology
|
|
Fingerprinting Web Application Platforms by Variations in PNG Implementations
|
Dominique Bongard
,
0xcite SARL
|
|
Building Safe Systems at Scale - Lessons from Six Months at Yahoo
|
Alex Stamos
,
Yahoo!
|
|
Evasion of High-End IPS Devices in the Age of IPv6
|
Antonios Atlasis
,
Enno Rey
,
secfu.net
,
ERNW GmbH
|
|
Hacking the Wireless World with Software Defined Radio - 2.0
|
Balint Seeber
|