Fire & Ice: Making and Breaking macOS Firewalls
|
Patrick Wardle
,
Digita Security
|
I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine
|
Alex Levinson
,
Dan Borges
|
Automated Discovery of Deserialization Gadget Chains
|
Ian Haken
,
Netflix
|
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
|
Ryan Johnson
,
Angelos Stavrou
,
Kryptowire
|
barcOwned—Popping shells with your cereal box
|
Michael West
,
magicspacekiwi (Colin Campbell)
,
CyberArk
|
You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts
|
Zhenxuan Bai
,
Yuwei Zheng
,
Senhua Wang
,
Kunzhe Chai
,
Unicorn Team, Qihoo 360 Technology Co. Ltd.
,
PegasusTeam at 360 Radio Security Research Department, 360 Technology
|
Finding Xori: Malware Analysis Triage with Automated Disassembly
|
Amanda Rousseau
,
Rich Seymour
,
Endgame, Inc.
,
Endgame Inc
|
Compression Oracle Attacks on VPN Networks
|
Nafeez
|
Practical & Improved Wifi MitM with Mana
|
singe
,
SensePost
|
You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System
|
Dr. Jeanna N. Matthews:
,
Nathan Adams
,
Jerome Greco
,
Data and Society
,
Clarkson University
,
Forensic Bioinformatic Services
,
Legal Aid Society
|
Playback: a TLS 1.3 story
|
Alfonso García Alguacil
,
Alejo Murillo Moya
,
Cisco Systems
,
EMEAR, Cisco
|
The Mouse is Mightier than the Sword
|
Patrick Wardle
,
Digita Security
|
Betrayed by the keyboard: How what you type can give you away
|
Matt Wixey
,
PwC
|
Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug
|
Sheila A. Berta
,
Sergio De Los Santos
,
Eleven Paths
|
Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear
|
zenofex
|
Jailbreaking the 3DS through 7 years of hardening
|
smea
|
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
|
Joe Rozner
|
Playing Malware Injection with Exploit thoughts
|
Sheng-Hao Ma
,
NTUST
|
Compromising online accounts by cracking voicemail systems
|
Martin Vigo
|
Oh Noes!—A Role Playing Incident Response Game
|
Bruce Potter
,
Robert Potter
,
The Shmoo Group
|
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era
|
Andrea Marcelli
,
Politecnico di Torino
|
Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills.
|
Daniel Zolnikov
,
Montana State Representative
|
Privacy Is Equality—And It's Far from Dead
|
Sarah St. Vincent
,
National Security, Surveillance
|
Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems
|
m010ch_
|
Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware
|
Maksim Shudrak
,
Salesforce
|
Reverse Engineering, hacking documentary series
|
Michael Lee Nirenberg
,
Dave Buchwald
,
Restraining Order, Ltd
|
Reverse Engineering Windows Defender's Emulator
|
Alexei Bulazel
|
Outsmarting the Smart City
|
Daniel "unicornFurnace" Crowley
,
Mauro Paredes
,
Jen "savagejen" Savage
,
IBM X-Force Red
|
Disrupting the Digital Dystopia or What the hell is happening in computer law?
|
Nathan White
,
Nate Cardozo
,
Access Now
,
EFF
|
Breaking Smart Speakers: We are Listening to You.
|
Wu HuiYu
,
Qian Wenxiang
,
Tencent Blade Team
|
Booby Trapping Boxes
|
Ladar Levison
,
hon1nbo
,
Lavabit LLC
,
Hacking & Coffee LLC
|
You can run, but you can't hide. Reverse engineering using X-Ray.
|
George Tarnovsky
,
Cisco Systems
|
Trouble in the tubes: How internet routing security breaks down and how you can do it at home
|
Lane Broadbent
,
Vivint
|
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller
|
Feng Xiao
,
Jianwei Huang
,
Peng Liu
,
Cybersecurity
|
EFF Fireside Hax (AKA Ask the EFF)
|
Kurt Opsahl
,
Nate Cardozo
,
Jamie Lee Williams
,
Andrés Arrieta
,
Katiza Rodriguez
,
Nathan 'nash' Sheard
,
Electronic Frontier Foundation
,
EFF
|
Detecting Blue Team Research Through Targeted Ads
|
0x200b
|
Ring 0/-2 Rootkits: bypassing defenses
|
Alexandre Borges
,
Blackstorm Security
|
Sex Work After SESTA/FOSTA
|
Maggie Mayhem
|
PANEL: DEF CON GROUPS
|
Brent White (B1TK1LL3R)
,
Jeff Moss (The Dark Tangent)
,
Jayson E. Street
,
S0ups
,
Tim Roberts (byt3boy)
,
Casey Bourbonnais
,
April Wright
|
Hacking BLE Bicycle Locks for Fun and a Small Profit
|
Vincent Tan
,
MWR InfoSecurity
|
One-Click to OWA
|
William Martin
|
It WISN't me, attacking industrial wireless mesh networks
|
Erwin Paternotte
,
Mattijs van Ommeren
,
Nixu
|
Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability
|
Yuwei Zheng
,
Shaokun Cao
,
Yunding Jian
,
Mingchuang Qun
,
Unicorn Team, Qihoo 360 Technology Co. Ltd.
,
the Radio Security Research Department of 360 Technology
|
Last mile authentication problem: Exploiting the missing link in end-to-end secure communication
|
Thanh Bui
,
Siddharth Rao
,
Aalto University, Finland
|
Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape
|
Matt Goerzen
,
Dr. Jeanna Matthews
,
Joan Donovan
,
Data and Society
,
Clarkson University
|
Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch
|
Dongsung Kim
,
Hyoung-Kee Choi
,
Sungkyunkwan University
|
D0 N0 H4RM: A Healthcare Security Conversation
|
Christian"quaddi" Dameff
,
Jeff "r3plicant" Tully
,
Kirill Levchenko
,
Beau Woods
,
Roberto Suarez
,
Jay Radcliffe
,
Joshua Corman
,
David Nathans
,
The University of California San Diego
,
University of California Davis
,
University of California San Diego
|
ThinSIM-based Attacks on Mobile Money Systems
|
Rowan Phipps
,
University of Washington
|
Weaponizing Unicode: Homographs Beyond IDNs
|
The Tarquin
,
Amazon.com
|
In Soviet Russia Smartcard Hacks You
|
Eric Sesterhenn
,
D-Sec GmbH
,
X41, D-Sec GmbH
|
4G—Who is paying your cellular phone bill?
|
Dr. Silke Holtmanns
,
Isha Singh
,
Nokia Bell Labs
,
Aalto University in Helsinki
|
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones
|
Eduardo Izycki
,
Rodrigo Colli
|
Micro-Renovator: Bringing Processor Firmware up to Code
|
Matt King
|
The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask)
|
Elinor Mills
,
DilDog
,
Joe Grand, Kingpin
,
Space Rogue
,
Mudge
,
Silicosis
,
John Tan
,
Weld Pond
,
L0pht Heavy Industries
,
Bateman Group
,
Veracode
,
X-Force Red, IBM
,
Stripe
|
One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers
|
Xiaolong Bai
,
Min (Spark) Zheng
,
Alibaba Inc.
|
What the Fax!?
|
Yaniv Balmas
,
Eyal Itkin
,
Check Point Software Technologies
|
The ring 0 façade: awakening the processor's inner demons
|
Christopher Domas
|
Inside the Fake Science Factory
|
Edgar Munchhausen
|
An Attacker Looks at Docker: Approaching Multi-Container Applications
|
Wesley McGrew
,
HORNE Cyber
|
Exploiting Active Directory Administrator Insecurities
|
Sean Metcalf
,
Trimarc
|
Lost and Found Certificates: dealing with residual certificates for pre-owned domains
|
Ian Foster
,
Dylan Ayrey
|
Defending the 2018 Midterm Elections from Foreign Adversaries
|
Joshua M Franklin
,
Kevin Franklin
|
GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs
|
Christopher Domas
|
The Road to Resilience: How Real Hacking Redeems this Damnable Profession
|
Richard Thieme, a.k.a. neural cowboy
,
ThiemeWorks
|
All your math are belong to us
|
sghctoma
,
PR-Audit Ltd., Hungary
|
Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program
|
Guang Gong
,
Wenlin Yang
,
Jianjun Dai
,
Alpha Team, Qihoo 360 Technology Co. Ltd.
|
Ridealong Adventures—Critical Issues with Police Body Cameras
|
Josh Mitchell
,
Nuix
|
Man-In-The-Disk
|
Slava Makkaveev
,
Check Point
|
Your Voice is My Passport
|
_delta_zero
,
Azeem Aqil
,
Salesforce
|
Searching for the Light: Adventures with OpticSpy
|
Joe Grand
|
Reaping and breaking keys at scale: when crypto meets big data
|
Yolan Romailler
,
Nils Amiet
,
Kudelski Security
|
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems
|
Leigh-Anne Galloway
,
Tim Yunusov
,
Positive Technologies
|
All your family secrets belong to us—Worrisome security issues in tracker apps
|
Dr. Siegfried Rasthofer
,
Stephan Huber
,
Dr. Steven Arzt
,
Fraunhofer SIT
|
Attacking the macOS Kernel Graphics Driver
|
Yu Wang
,
Didi Research America
|
Project Interceptor: avoiding counter-drone systems with nanodrones
|
David Melendez Cano
,
Albalá Ingenieros S.A.
|
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
|
Jos Wetzels
,
Marina Krotofil
,
Midnight Blue Labs
|
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
|
Gabriel Ryan
,
Digital Silence
|
One-liners to Rule Them All
|
egypt
,
William Vu
,
Black Hills Information Security
,
Rapid7
|
Privacy infrastructure, challenges and opportunities
|
yawnbox
,
Emerald Onion
|
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits
|
zerosum0x0
|
Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities
|
Matt Knight
,
Ryan Speers
,
Cruise Automation
,
Ionic Security
|
Welcome To DEF CON & Badge Maker Talk
|
The Dark Tangent
|
Dragnet—Your Social Engineering Sidekick
|
Truman Kain
,
Tevora
|
One Step Ahead of Cheaters -- Instrumenting Android Emulators
|
Nevermoe (@n3v3rm03)
,
DeNA Co., Ltd.
|
De-anonymizing Programmers from Source Code and Binaries
|
Rachel Greenstadt
,
Dr. Aylin Caliskan
,
Drexel University
,
George Washington University
|
Infecting The Embedded Supply Chain
|
Zach
,
Alex
,
Somerset Recon
|
Your Bank's Digital Side Door
|
Steven Danneman
,
Security Innovation
|
Securing our Nation's Election Infrastructure
|
Jeanette Manfra
,
Office of Cybersecurity and Communications, Department of Homeland Security
|
Building the Hacker Tracker
|
Whitney Champion
,
Seth Law
,
Redpoint Security
|
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
|
ldionmarcil
,
GoSecure
|
House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries
|
Sanat Sharma
|
Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers
|
Nick Cano
,
Cylance
|
A Journey Into Hexagon: Dissecting a Qualcomm Baseband
|
Seamus Burke
|
Revolting Radios
|
Michael Ossmann
,
Dominic Spill
,
Great Scott Gadgets
|
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading
|
Ruo Ando
,
Center for Cybersecurity Research and Development, National Institute of Informatics, Japan
|
WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT
|
Si
,
Agent X
|
NSA Talks Cybersecurity
|
Rob Joyce
|
Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more.
|
Josep Pi Rodriguez
,
IOActive, Inc.
|
SMBetray—Backdooring and breaking signatures
|
William Martin
|
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
|
Orange Tsai
,
DEVCORE
|
80 to 0 in under 5 seconds: Falsifying a medical patient's vitals
|
Douglas McKee
,
the McAfee Advanced Threat Research team
|
Lora Smart Water Meter Security Analysis
|
Yingtao Zeng
,
Lin Huang
,
Jun Li
,
the Radio Security Research Department of 360 Technology
,
UnicornTeam
,
360 Security Technology
|
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit
|
Morgan ``indrora'' Gangwere
|
Fasten your seatbelts: We are escaping iOS 11 sandbox!
|
Min (Spark) Zheng
,
Xiaolong Bai
,
Alibaba Inc.
|
Who Controls the Controllers—Hacking Crestron IoT Automation Systems
|
Ricky "HeadlessZeke" Lawshae
,
Trend Micro, Inc.
|
Tineola: Taking a Bite Out of Enterprise Blockchain
|
Stark Riedesel
,
Parsia Hakimian
,
Synopsys
|
DEF CON 101 Panel
|
HighWiz
,
Nikita
,
Roamer
,
Chris "Suggy" Sumner
,
Jericho
,
Wiseacre
,
Shaggy
,
Online Privacy Foundation
,
The Mountain
|
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices
|
Dennis Giese
|
Building Absurd Christmas Light Shows
|
Rob Joyce
|
Hacking PLCs and Causing Havoc on Critical Infrastructures
|
Thiago Alves
,
the University of Alabama in Huntsville
|
You'd better secure your BLE devices or we'll kick your butts !
|
Damien "virtualabs" Cauquil
,
Digital Security
|
UEFI exploitation for the masses
|
Mickey Shkatov
,
Jesse Michael
|