|
The SecDevOpronomicon - Arcane Secrets for Scaling your Company’s Security
|
Clint Gibler
,
NCC Group
|
|
PostgreSQL Threats and Attacks in the Wild
|
Mozilla
|
|
Opening Remarks
|
|
|
Living Security Escape Room (Session 1.3)
|
|
|
Sponsor Registration
|
|
|
Fundamentals of Corporate Physical Access: Attack Surface and Approach
|
Eric Michaud
,
Rift Recon
|
|
Six degrees of infiltration: Using graph to understand your infrastructure and optimize security decision making
|
|
|
How to Hack Radios: A Practical Approach to RF Physical Layers
|
Matt Knight
,
Cruise Automation
|
|
Living Security Escape Room (Session 1.6)
|
|
|
Starting a security program: Thrills and Spills
|
|
|
Tales of Red Teaming, aka "Continuous Intrusion Continuous Deception"
|
|
|
Lessons learned implementing meaningful access controls to customer data
|
|
|
Simple. Open. Mobile: A Look at the Future of Strong Authentication
|
Jerrod Chong
,
Yubico
|
|
Raffle
|
|
|
A Case Study of MacOS Supply Chain Compromise
|
Dropbox
|
|
Demystifying DNS Security – Practical Steps for Reducing Exposure and Detecting Compromise
|
Jim Nitterauer
,
AppRiver, LLC
|
|
Pensieve: Finding malicious artifacts in container environments
|
|
|
Living Security Escape Room (Session 2.3)
|
|
|
Modern Red Team Immersion Bootcamp, Condensed
|
|
|
KubeScope for the Extraordinary World of Containers
|
Tongbo Luo
,
Zhaoyan Xu
|
|
Fuzzing Ruby and C Extensions
|
ZX Security
|
|
The IoT Hacker's Toolkit
|
Google Inc.
|
|
Living Security Escape Room (Session 1.4)
|
|
|
Netrepser – A JavaScript targeted attack
|
|
|
Living Security Escape Room (Session 2.1)
|
|
|
Building a Predictive Pipeline to Rapidly Detect Phishing Domains
|
|
|
T-shirt Sales
|
|
|
The Memory of a Meltdown, and no we don't mean Britney
|
|
|
From Bounties to Bureaucracy - The Hidden Market Factors of Exploit Economics
|
Brian Gorenc
|
|
Party!
|
|
|
Closing Ceremony
|
|
|
So you think you can patch: The game show that questions your security assumptions
|
Allan Friedman
,
Wendy Nather
,
McAfee
,
Duo Security
|
|
No more XSS: Deploying CSP with nonces and strict-dynamic
|
|
|
IoT Village
|
Independent Security Evaluators
,
Salesforce
|
|
Capture The Flag
|
Google Inc.
,
HackerOne
|
|
Spymaster Challenge
|
Cisco Systems
|
|
Living Security Escape Room (Session 2.5)
|
|
|
Keep it Like a Secret: When Android Apps Contain Private Keys
|
Will Dormann
,
CERT/CC
|
|
The Bucket List: Experiences Operating S3 Honeypots
|
|
|
Prospecting Ransomware Tech
|
|
|
Data Driven Bug Bounty
|
|
|
Crimeware Chaos: Empirical Analysis of HTTP-based Botnet C&C Panels
|
Aditya K Sood
|
|
Unraveling the Threat of Chrome Based Malware
|
Justin Warner
|
|
Hacking the Law: Are Bug Bounties a True Safe Harbor?
|
Amit Elazari
|
|
Living Security Escape Room (Session 1.1)
|
|
|
Lockpick Village
|
Flashpoint
|
|
Living Security Escape Room (Session 1.5)
|
|
|
Navigating the Vast Ocean of Browser Fingerprints
|
|
|
Securing DNSSEC with Ritual and Ceremony (or for steampunks, How Neo-Victorians Keep Out Cads and Bounders)
|
|
|
Machine Learning: Too smart for its own good.
|
|
|
T-shirt Sales
|
|
|
privacy for safety - opsec when the threat is in the home
|
|
|
Information Desk
|
|
|
Deconstructing APT28's XAgent for OSX
|
|
|
Fix All The Things: Rapid-fire Stories of Creative Solutions to InfoSec Problems
|
|
|
Living Security Escape Room (Session 1.2)
|
|
|
Living Security Escape Room (Session 2.2)
|
|
|
Listen to your Engine: Unearthing Security Signals from the Modern Linux Kernel
|
|
|
Living Security Escape Room (Session 2.4)
|
|
|
Lockpick Village
|
Flashpoint
|
|
IoT Village
|
Independent Security Evaluators
,
Salesforce
|
|
Caught my WebApp cheating on me!
|
|
|
Your Secrets are Showing! -- How to find if your developers are leaking secrets?
|
|
|
Building Intelligent Automatons with Semantic Reasoning and Horse Glue
|
|
|
Raffle
|
|
|
Spymaster Challenge
|
Cisco Systems
|
|
You want to step outside? What we can learn from Google’s fight with phishing
|
Google Inc.
|
|
Overcoming obstacles in operationalizing security: A tale from the trenches
|
|
|
Iron Clad Development: Building Secure Web and Webservice Applications
|
|
|
Bring in the $$ : Moving Security from Cost Center to Revenue Generator
|
|
|
Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active
|
|
|
Capture The Flag
|
Google Inc.
,
HackerOne
|
|
Blue Team Fundamentals
|
|
|
Managing secrets in your cloud environment: AWS, GCP, and containers (and beyond)
|
Cloudflare
,
Google Inc.
|
|
Sponsors Registration
|
|
|
Rise of coinminers
|
|
|
Violent Python
|
Instructor
|
|
Crypto Hero
|
Instructor
|
|
An Open Source Malware Classifier and Dataset
|
Endgame
|
|
Using ancient math to speed up security assessments of Windows executables
|
Kaiser Permanente
|
|
Logging, Monitoring, and Alerting in AWS (The TL;DR)
|
|
|
Fighting Secrets In Source Code With TruffleHog
|
|
|
Opening Remarks
|
|
|
Honeypots 2.0: A New ‘Twist’ on Defending Enterprise Networks with Dynamic Deception at Scale
|
Tripwire
|
|
Introduction to Windows Kernel Mode Debugging
|
Endgame
|
|
Women in Security Mixer
|
Apple
|