Abusing XSLT for Practical Attacks
|
Fernando Arnaboldi
,
IOActive, Inc.
|
Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware
|
Joshua Pitts
,
Leviathan Security Group
|
Harnessing Intelligence from Malware Repositories
|
Arun Lakhotia
,
Vivek Notani
,
University of Louisiana at Lafayette
|
Broadcasting Your Attack: Security Testing DAB Radio in Cars
|
Andy Davis
,
NCC Group
|
WSUSpect - Compromising the Windows Enterprise via Windows Update
|
Paul Stone
,
Alex Chapman
,
Context Information Security Ltd.
|
How to Implement IT Security After a Cyber Meltdown
|
Christina Kubecka
,
HypaSec
|
How Vulnerable are We to Scams?
|
Markus Jakobsson
,
Ting-Fang Yen
,
ZapFraud
,
DataVisor, Inc.
|
Defeating Pass-the-Hash: Separation of Powers
|
Seth Moore
,
Baris Saydag
,
Microsoft Corporation
|
Bypass Control Flow Guard Comprehensively
|
Yunhai Zhang
,
NSFOCUS
|
Pen Testing a City
|
Greg Conti
,
Tom Cross
,
David Raymond
,
West Point
,
Drawbridge Networks
,
USMA
|
Forging the USB Armory an Open Source Secure Flash-Drive-Sized Computer
|
Andrea Barisani
,
Daniele Bianco
,
Inverse Path S.r.l.
|
ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion
|
Giorgos Poulios
,
Christoforos Ntantogian
,
Christos Xenakis
,
University of Piraeus, Department of Digital Systems
|
Attacking Your Trusted Core: Exploiting Trustzone on Android
|
Di Shen
|
CrackLord: Maximizing Password Cracking Boxes
|
Lucas Morris
,
Michael McAtee
,
Crowe Horwath LLP
|
Internet-Facing PLCs - A New Back Orifice
|
Johannes Klick
,
Stephan Lau
,
Daniel Marzin
,
Jan-Ole Malchow
,
Volker Roth
,
SCADACS (Freie Universität Berlin)
|
Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
|
Daniel Mayer
,
Drew Suarez
,
NCC Group
|
Staying Persistent in Software Defined Networks
|
Gregory Pickett
,
Hellfire Security
|
Fingerprints on Mobile Devices: Abusing and Leaking
|
Yulong Zhang
,
Tao Wei
,
FireEye, Inc.
|
Understanding and Managing Entropy Usage
|
Bruce Potter
,
Sasha Wood
,
KEYW Corporation
,
KEYW Coproration
|
The Nodejs Highway: Attacks are at Full Throttle
|
Maty Siman
,
Amit Ashbel
,
Checkmarx
|
Optimized Fuzzing IOKit in iOS
|
Lei Long
,
Peng Xiao
,
Aimin Pan
,
Mobile Security of Alibaba
|
ThunderStrike 2: Sith Strike
|
Trammell Hudson
,
Xeno Kovah
,
Corey Kallenberg
,
Two Sigma
,
LegbaCore
,
The MITRE Corporation
|
These are Not Your Grand Daddys CPU Performance Counters - CPU Hardware Performance Counters for Security
|
Nishad Herath
,
Anders Fogh
,
Qualys, Inc.
,
Protect Software GmbH
|
Most Ransomware Isnt as Complex as You Might Think
|
Engin Kirda
,
Lastline, Inc.
|
BGP Stream
|
Dan Hubbard
,
Andree Toonk
,
OpenDNS
|
Fuzzing Android System Services by Binder Call to Escalate Privilege
|
Guang Gong
,
Qihoo 360
|
Taxonomic Modeling of Security Threats in Software Defined Networking
|
Jennia Hizver
|
ZigBee Exploited the Good the Bad and the Ugly
|
Tobias Zillner
,
Sebastian Strobl
,
Cognosec GmbH
|
Defeating Machine Learning: What Your Security Vendor is Not Telling You
|
Bob Klein
,
Ryan Peters
,
BluVector
|
Attacking ECMAScript Engines with Redefinition
|
Natalie Silvanovich
,
Google Inc.
|
FileCry - The New Age of XXE
|
Xiaoran Wang
,
Sergey Gorbaty
,
Salesforce
|
The Tactical Application Security Program: Getting Stuff Done
|
Cory Scott
,
David Cintz
,
LinkedIn
|
Android Security State of the Union
|
Adrian Ludwig
,
Google Inc.
|
GameOver Zeus: Badguys and Backends
|
Elliott Peterson
,
Michael Sandee
,
Tillmann Werner
,
FBI
,
Fox-IT
,
CrowdStrike, Inc.
|
Web Timing Attacks Made Practical
|
Timothy Morgan
,
Jason Morgan
,
Blindspot Security LLC
,
The Ohio State University
|
Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture
|
Alex Ionescu
,
CrowdStrike, Inc.
|
Dance Like Nobodys Watching Encrypt Like Everyone Is: A Peek Inside the Black Hat Network
|
Neil Wyler
,
Bart Stump
|
Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges
|
Mark Seaborn
,
Halvar Flake
,
Google Inc.
|
The Battle for Free Speech on the Internet
|
Matthew Prince
,
CloudFlare
|
Stagefright: Scary Code in the Heart of Android
|
Joshua Drake
,
Zimperium
|
Assessing and Exploiting BigNum Vulnerabilities
|
Ralf-Philipp Weinmann
,
Comsecuris
|
Behind the Mask: The Agenda Tricks and Tactics of the Federal Trade Commission as they Regulate Cybersecurity
|
Michael Daugherty
,
LabMD
|
HI THIS IS URGENT PLZ FIX ASAP: Critical Vulnerabilities and Bug Bounty Programs
|
Kymberlee Price
,
Bugcrowd
|
Back Doors and Front Doors Breaking the Unbreakable System
|
James Denaro
,
Matthew Green
,
CipherLaw
,
Johns Hopkins University
|
Review and Exploit Neglected Attack Surfaces in iOS 8
|
Tielei Wang
,
HAO XU
,
Xiaobo Chen
,
PanguTeam
|
Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS
|
Mike Brooks
,
Matthew Bryant
,
BishopFox
,
Bishop Fox
|
Stranger Danger! What is the Risk from 3rd Party Libraries?
|
Jake Kouns
,
Risk Based Security
|
Panel: Getting It Right: Straight Talk on Threat & Information Sharing
|
Trey Ford
,
Kevin Bankston
,
Rebekah Brown
,
Brian Engle
,
Mark Hammell
,
Rapid7
,
Open Technology Institute
,
Retail Cyber Intelligence Sharing Center
,
Facebook
|
Attacking Hypervisors Using Firmware and Hardware
|
Yuriy Bulygin
,
Alexander Matrosov
,
Mikhail Gorobets
,
Oleksandr Bazhaniuk
,
Intel Security, Advanced Threat Research
,
Intel Corporation
,
Intel Security
|
Panel: How the Wassenaar Arrangements Export Control of Intrusion Software Affects the Security Industry
|
Kim Zetter
,
Collin Anderson
,
Nate Cardozo
,
Katie Moussouris
,
Dino Dai Zovi
,
Adriel Desautels
,
Wired
,
EFF
,
HackerOne
,
Square
,
Netragard, Inc.
|
Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service
|
Colby Moore
,
Synack
|
From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning and the SOC
|
Joseph Zadeh
,
Splunk
|
Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card
|
Olivier Thomas
,
Texplained
|
Distributing the Reconstruction of High-Level Intermediate Representation for Large Scale Malware Analysis
|
Rodrigo Branco
,
Gabriel Negreira Barbosa
,
Eugene Rodionov
,
Alexander Matrosov
,
Intel Corporation
|
SMBv2: Sharing More than Just Your Files
|
Jonathan Brossard
,
Hormazd Billimoria
,
salesforce.com
|
Big Game Hunting: The Peculiarities of Nation-State Malware Research
|
Morgan Marquis-Boire
,
Marion Marschalek
,
Claudio Guarnieri
,
Citizen Lab, University of Toronto
,
Cyphort, Inc.
|
Is the NSA Still Listening to Your Phone Calls? A Surveillance Debate: Congressional Success or Epic Fail
|
Mark Jaycox
,
Jamil Jaffer
,
Electronic Frontier Foundation
,
George Mason University School of Law
|
How to Hack Government: Technologists as Policy Makers
|
Ashkan Soltani
,
Terrell McSweeny
,
Federal Trade Commission
|
Writing Bad @$$ Malware for OS X
|
Patrick Wardle
,
Synack
|
Remote Physical Damage 101 - Bread and Butter Attacks
|
Jason Larsen
,
IOActive, Inc.
|
Deep Learning on Disassembly
|
Matt Wolff
,
Andrew Davis
,
Cylance
|
Exploiting XXE Vulnerabilities in File Parsing Functionality
|
Willis Vandevanter
,
Silent Robot Systems
|
TrustKit: Code Injection on iOS 8 for the Greater Good
|
Alban Diquet
,
Eric Castro
,
Angela On-kit Chow
,
Data Theorem
,
Yahoo!
|
Breaking Access Controls with BLEKey
|
Eric Evenchick
,
Mark Baseggio
,
Accuvant
|
When IoT Attacks: Hacking a Linux-Powered Rifle
|
Runa A. Sandvik
,
Michael Auger
|
Certifi-gate: Front-Door Access to Pwning Millions of Androids
|
Ohad Bobrov
,
Avi Bashan
,
Check Point
|
Subverting Satellite Receivers for Botnet and Profit
|
Sofiane Talmat
,
IOActive, Inc.
|
The Lifecycle of a Revolution
|
Jennifer Granick
,
Stanford Center for Internet and Society
|
Take a Hacker to Work Day - How Federal Prosecutors Use the CFAA
|
Leonard Bailey
,
Department of Justice
|
The NSA Playset: A Year of Toys and Tools
|
Michael Ossmann
,
Great Scott Gadgets
|
THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware
|
Yeongung Park
,
Jun Young Choi
,
ETRI
|
Ah! Universal Android Rooting is Back
|
Wen Xu
,
KeenTeam
|
Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection
|
Brian Gorenc
,
Abdul-Aziz Hariri
,
Simon Zuckerbraun
,
Zero Day Initiative, HP Security Research
,
Hewlett-Packard Company
|
Hidden Risks of Biometric Identifiers and How to Avoid Them
|
Thomas Keenan
,
University of Calgary
|
Bringing a Cannon to a Knife Fight
|
Adam Kozy
,
Johannes Gilger
,
CrowdStrike, Inc.
|
Information Access and Information Sharing: Where We are and Where We are Going
|
Alejandro Mayorkas
,
Department of Homeland Security
|
Taking Event Correlation with You
|
Rob King
,
KoreLogic, Inc.
|
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
|
Alex Pinto
,
Alexandre Sieira
,
Niddel
|
The Kali Linux Dojo Workshop #1: Rolling Your Own - Generating Custom Kali Linux 20 ISOs
|
Mati Aharoni
,
Kali Linux Project
|
The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
|
Christopher Domas
|
Dom Flow - Untangling the DOM for More Easy-Juicy Bugs
|
Ahamed Nafeez
|
Breaking HTTPS with BGP Hijacking
|
Artyom Gavrichenkov
,
Qrator Labs
|
Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities
|
James Forshaw
,
Google Inc.
|
The Kali Linux Dojo Workshop #2: Kali USB Setups with Persistent Stores and LUKS Nuke Support
|
|
Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
|
Marina Krotofil
,
European Network for Cyber Security
|
The Applications of Deep Learning on Traffic Identification
|
Zhanyi Wang
,
Chuanming Huang
,
Zhuo Zhang
,
Bo Liu
,
Qihoo 360 Technology Co., Ltd
|
Return to Where? You Cant Exploit What You Cant Find
|
Christopher Liebchen
,
Ahmad-Reza Sadeghi
,
Andrei Homescu
,
Stephen Crane
,
Technische Universität Darmstadt
,
Intel CRI-SC
,
University of California, Irvine
|
The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems
|
Kyle Wilhoit
,
Stephen Hilt
,
Trend Micro, Inc.
|
Internet-Scale File Analysis
|
Zachary Hanif
,
Tamas Lengyel
,
George Webster
,
Novetta
,
Technical University Munich
|
Remote Exploitation of an Unaltered Passenger Vehicle
|
Charlie Miller
,
Chris Valasek
,
Twitter
,
IOActive, Inc.
|
Red vs Blue: Modern Active Directory Attacks Detection and Protection
|
Sean Metcalf
,
DAn Solutions
|
Server-Side Template Injection: RCE for the Modern Web App
|
James Kettle
,
PortSwigger Web Security
|
Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS
|
Paul Vixie
,
Farsight Security, Inc.
|
Switches Get Stitches
|
Colin Cassidy
,
Robert Lee
,
Eireann Leverett
,
IOActive, Inc.
,
Dragos Security LLC
,
Cambridge Centre for Risk Studies
|
Breaking Honeypots for Fun and Profit
|
Dean Sysman
,
Gadi Evron
,
Itamar Sher
,
Cymmetria
|
API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers
|
Seokwoo Choi
|
Unicorn: Next Generation CPU Emulator Framework
|
Hoang-Vu Dang
,
Coseinc
,
UIUC
,
Nguyen Anh Quynh
|
Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor
|
Matthew Graeber
|
Breaking Payloads with Runtime Code Stripping and Image Freezing
|
Collin Mulliner
,
Matthias Neugschwandtner
,
Northeastern University
,
IBM Zurich
|
Securing Your Big Data Environment
|
Ajit Gaddam
,
VISA, Inc.
|
Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware
|
Alex Long
,
Invincea Labs
|
My Bro the ELK: Obtaining Context from Security Events
|
Travis Smith
,
Tripwire
|
Bring Back the Honeypots
|
Haroon Meer
,
Marco Slaviero
,
Thinkst
|
Understanding the Attack Surface and Attack Resilience of Project Spartans New EdgeHTML Rendering Engine
|
Mark Vincent Yason
,
IBM
|
Exploiting Out-of-Order Execution for Covert Cross-VM Communication
|
Sophia D'Antoine
,
Trail of Bits
|
Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
|
Christopher Kruegel
,
Yan Shoshitaishvili
,
Lastline, Inc.
,
UC Santa Barbara
|
Adventures in Femtoland: 350 Yuan for Invaluable Fun
|
Alexey Osipov
,
Alexander Zaitsev
|
Internet Plumbing for Security Professionals: The State of BGP Security
|
Wim Remes
,
Rapid7
|
Emanate Like a Boss: Generalized Covert Data Exfiltration with Funtenna
|
Ang Cui
,
Columbia University
|
Commercial Mobile Spyware - Detecting the Undetectable
|
Joshua Dalman
,
Valerie Hantke
,
Fidelis Cybersecurity, Inc.
|
Why Security Data Science Matters and How Its Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence
|
Joshua Saxe
,
Invincea Labs
|
Mobile Point of Scam: Attacking the Square Reader
|
Alexandrea Mellen
,
John Moore
,
Artem Losev
,
Boston University
|
Attacking Interoperability - An OLE Edition
|
Haifei Li
,
Bing Sun
,
Intel Security Group
|
Winning the Online Banking War
|
Sean Park
,
Trend Micro, Inc.
|
Crash & Pay: How to Own and Clone Contactless Payment Devices
|
Peter Fillmore
|
Automated Human Vulnerability Scanning with AVA
|
Laura Bell
,
SafeStack Limited
|
Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical Security
|
Yu Yu
,
Shanghai Jiao Tong University
|