• A

  • ABOVE MY PAY GRADE: CYBER RESPONSE AT THE NATIONAL LEVEL

    Jason Healey
    Thu, 14:15 - 15:15
    Roman 1 & 3

  • ABUSING WEB APIS THROUGH SCRIPTED ANDROID APPLICATIONS

    Daniel Peck
    Thu, 10:15 - 10:45
    Roman 1 & 3

  • ANDROID: ONE ROOT TO OWN THEM ALL

    Jeff Forristal
    Thu, 11:45 - 12:45
    Augustus 1 & 2

  • A PRACTICAL ATTACK AGAINST MDM SOLUTIONS

    Daniel Brodie, Michael Shaulov
    Wed, 15:30 - 16:30
    Palace 3

  • A TALE OF ONE SOFTWARE BYPASS OF WINDOWS 8 SECURE BOOT

    Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew Furtak
    Wed, 11:45 - 12:15
    Palace 1
  • B

  • BEYOND THE APPLICATION: CELLULAR PRIVACY REGULATION SPACE

    Christie Dudley
    Wed, 10:15 - 10:45
    Palace 1

  • BIG DATA FOR WEB APPLICATION SECURITY

    Mike Arpaia, Kyle Barry
    Thu, 10:45 - 11:15
    Roman 1 & 3

  • BINARYPIG - SCALABLE MALWARE ANALYTICS IN HADOOP

    Telvis Calhoun, Zachary Hanif, Jason Trost
    Wed, 17:00 - 18:00
    Roman 1 & 3

  • BIOS SECURITY

    John Butterworth, Corey Kallenberg, Xeno Kovah
    Wed, 14:15 - 15:15
    Augustus 5 & 6

  • BLACKBERRYOS 10 FROM A SECURITY PERSPECTIVE

    Ralf-Philipp Weinmann
    Wed, 10:15 - 11:15
    Roman 4

  • BLACK-BOX ASSESSMENT OF PSEUDORANDOM ALGORITHMS

    Christopher Abad, Gabriel Acevedo, Derek Soeder
    Wed, 11:45 - 12:45
    Roman 2

  • BLUETOOTH SMART: THE GOOD, THE BAD, THE UGLY, AND THE FIX!

    Mike Ryan
    Thu, 10:15 - 11:15
    Palace 1

  • BOCHSPWN: IDENTIFYING 0-DAYS VIA SYSTEM-WIDE MEMORY ACCESS PATTERN ANALYSIS

    Gynvael Coldwind, Mateusz Jurczyk
    Thu, 11:45 - 12:45
    Roman 2

  • BUGALYZE.COM - DETECTING BUGS USING DECOMPILATION AND DATA FLOW ANALYSIS

    Silvio Cesare
    Thu, 17:00 - 18:00
    Palace 2

  • BUYING INTO THE BIAS: WHY VULNERABILITY STATISTICS SUCK

    Steve Christey, Brian Martin
    Wed, 15:30 - 16:30
    Palace 1
  • C

  • CLICKJACKING REVISITED: A PERCEPTUAL VIEW OF UI SECURITY

    Devdatta Akhawe
    Wed, 15:30 - 16:00
    Augustus 1 & 2

  • CMX: IEEE CLEAN FILE METADATA EXCHANGE

    Mark Kennedy, Igor Muttik
    Thu, 10:15 - 10:45
    Roman 2

  • COMBATING THE INSIDER THREAT AT THE FBI: REAL WORLD LESSONS LEARNED

    Patrick Reidy
    Wed, 10:15 - 11:15
    Augustus 5 & 6

  • COMPROMISING INDUSTRIAL FACILITIES FROM 40 MILES AWAY

    Lucas Apa, Carlos Mario Penagos
    Thu, 15:30 - 16:30
    Palace 3

  • CREEPYDOL: CHEAP, DISTRIBUTED STALKING

    Brendan O'Connor
    Thu, 15:30 - 16:30
    Roman 2

  • CROWDSOURCE: AN OPEN SOURCE, CROWD TRAINED MACHINE LEARNING MODEL FOR MALWARE CAPABILITY DETECTION

    Joshua Saxe
    Wed, 10:45 - 11:15
    Palace 2
  • D

  • DEFENDING NETWORKS WITH INCOMPLETE INFORMATION: A MACHINE LEARNING APPROACH

    Alex Pinto
    Thu, 17:00 - 18:00
    Roman 4

  • DENIAL OF SERVICE AS A SERVICE - ASYMMETRICAL WARFARE AT ITS FINEST

    Robert Masse
    Wed, 12:15 - 12:45
    Palace 2

  • DENYING SERVICE TO DDOS PROTECTION SERVICES

    Allison Nixon
    Wed, 11:45 - 12:15
    Palace 2

  • DISSECTING CSRF ATTACKS & COUNTERMEASURES

    Sergey Shekyan, Mike Shema, Vaagn Toukharian
    Thu, 11:45 - 12:45
    Roman 1 & 3
  • E

  • END-TO-END ANALYSIS OF A DOMAIN GENERATING ALGORITHM MALWARE FAMILY

    Jason Geffner
    Wed, 14:15 - 15:15
    Roman 2

  • ENERGY FRAUD AND ORCHESTRATED BLACKOUTS: ISSUES WITH WIRELESS METERING PROTOCOLS (WM-BUS)

    Cyrill Brunschwiler
    Thu, 11:45 - 12:45
    Roman 4

  • EVADING DEEP INSPECTION FOR FUN AND SHELL

    Antti Levomäki, Olli-Pekka Niemi
    Wed, 14:15 - 15:15
    Augustus 3 & 4

  • EXPLOITING NETWORK SURVEILLANCE CAMERAS LIKE A HOLLYWOOD HACKER

    Craig Heffner
    Thu, 15:30 - 16:30
    Augustus 1 & 2
  • F

  • FACT AND FICTION: DEFENDING YOUR MEDICAL DEVICES

    Jerome Radcliffe
    Wed, 14:15 - 15:15
    Roman 1 & 3

  • FULLY ARBITRARY 802.3 PACKET INJECTION: MAXIMIZING THE ETHERNET ATTACK SURFACE

    Andrea Barisani, Daniele Bianco
    Thu, 10:15 - 11:15
    Augustus 5 & 6

  • FUNDERBOLT: ADVENTURES IN THUNDERBOLT DMA ATTACKS

    Russ Sevinsky
    Thu, 14:15 - 15:15
    Augustus 5 & 6
  • H

  • HACKING LIKE IN THE MOVIES: VISUALIZING PAGE TABLES FOR LOCAL EXPLOITATION

    Alexandru Radocea, Georg Wicherski
    Thu, 17:00 - 18:00
    Palace 3

  • HACKING, SURVEILLING, AND DECEIVING VICTIMS ON SMART TV

    SeungJin Lee
    Thu, 15:30 - 16:30
    Augustus 3 & 4

  • HIDING @ DEPTH - EXPLORING, SUBVERTING AND BREAKING NAND FLASH MEMORY

    Josh Thomas
    Wed, 17:00 - 18:00
    Augustus 1 & 2

  • HOME INVASION V2.0 - ATTACKING NETWORK-CONTROLLED HARDWARE

    David Bryan, Dan Crowley, Jennifer Savage
    Thu, 17:00 - 18:00
    Augustus 5 & 6

  • HONEY, I’M HOME!! - HACKING Z-WAVE HOME AUTOMATION SYSTEMS

    Behrang Fouladi, Sahand Ghanoun
    Thu, 10:15 - 11:15
    Augustus 1 & 2

  • HOT KNIVES THROUGH BUTTER: BYPASSING AUTOMATED ANALYSIS SYSTEMS

    Zheng Bu, Abhishek Singh
    Thu, 14:15 - 15:15
    Roman 4

  • HOW CVSS IS DOSSING YOUR PATCHING POLICY (AND WASTING YOUR MONEY)

    Luca Allodi, Fabio Massacci
    Wed, 17:00 - 18:00
    Palace 1

  • HOW TO BUILD A SPYPHONE

    Kevin McNamee
    Wed, 10:15 - 11:15
    Augustus 3 & 4

  • HOW TO GROW A TREE (TAINT-ENABLED REVERSE ENGINEERING ENVIRONMENT) FROM CBASS (CROSS-PLATFORM BINARY AUTOMATED SYMBOLIC-EXECUTION SYSTEM)

    James Just, Nathan Li, Xing Li, Loc Nguyen
    Wed, 15:30 - 16:30
    Roman 4

  • HUNTING THE SHADOWS: IN DEPTH ANALYSIS OF ESCALATED APT ATTACKS

    Ming-Chang Chiu, Tsung Pei Kan, Benson Wu, Fyodor Yarochkin
    Thu, 11:45 - 12:45
    Palace 2
  • I

  • I CAN HEAR YOU NOW: TRAFFIC INTERCEPTION AND REMOTE MOBILE PHONE CLONING WITH A COMPROMISED CDMA FEMTOCELL

    Doug DePerry, Andrew Rahimi, Tom Ritter
    Wed, 14:15 - 15:15
    Palace 1

  • IMPLANTABLE MEDICAL DEVICES: HACKING HUMANS

    Barnaby Jack
    Thu, 14:15 - 15:15
    Augustus 3 & 4

  • IS THAT A GOVERNMENT IN YOUR NETWORK OR ARE YOU JUST HAPPY TO SEE ME?

    Eric M. Fiterman
    Thu, 15:30 - 16:30
    Palace 2
  • J

  • JAVA EVERY-DAYS: EXPLOITING SOFTWARE RUNNING ON 3 BILLION DEVICES

    Brian Gorenc, Jasiel Spelman
    Wed, 10:15 - 11:15
    Augustus 1 & 2

  • JAVASCRIPT STATIC SECURITY ANALYSIS MADE EASY WITH JSPRIME

    Nishant Das Patnaik, Sarathi Sabyasachi Sahoo
    Wed, 15:30 - 16:30
    Roman 2

  • JTAGULATOR: ASSISTED DISCOVERY OF ON-CHIP DEBUG INTERFACES

    Joe Grand
    Thu, 14:15 - 16:30
    Florentine

  • JUST-IN-TIME CODE REUSE: THE MORE THINGS CHANGE, THE MORE THEY STAY THE SAME

    Lucas Davi, Kevin Snow
    Wed, 11:45 - 12:15
    Augustus 5 & 6
  • K

  • KEYNOTE - DAY ONE

    General Keith B. Alexander
    Wed, 09:00 - 10:00
    Roman 2

  • KEYNOTE - TAKE RISK, DON’T FAIL

    Brian Muirhead
    Thu, 09:00 - 10:00
    Roman 2
  • L

  • LAWFUL ACCESS PANEL

    Matt Blaze, Alan Davidson, Brewster Kahle, Jennifer Valentino-DeVries
    Wed, 14:15 - 15:15
    Augustus 1 & 2

  • LEGAL ASPECTS OF FULL SPECTRUM COMPUTER NETWORK (ACTIVE) DEFENSE

    Robert Clark
    Wed, 14:15 - 15:15
    Palace 3

  • LEGAL CONSIDERATIONS FOR CELLULAR RESEARCH

    Marcia Hofmann, Kurt Opsahl
    Wed, 10:45 - 11:15
    Palace 1

  • LESSONS FROM SURVIVING A 300GBPS DENIAL OF SERVICE ATTACK

    Matthew Prince
    Wed, 10:15 - 11:15
    Palace 3

  • LET'S GET PHYSICAL: BREAKING HOME SECURITY SYSTEMS AND BYPASSING BUILDINGS CONTROLS

    Drew Porter, Stephen Smith
    Wed, 15:30 - 16:30
    Augustus 3 & 4

  • LTE BOOMS WITH VULNERABILITIES

    Ankit Gupta
    Wed, 16:00 - 16:30
    Palace 2
  • M

  • MACTANS: INJECTING MALWARE INTO IOS DEVICES VIA MALICIOUS CHARGERS

    Yeongjin Jang, Billy Lau, Chengyu Song
    Wed, 17:00 - 18:00
    Augustus 3 & 4

  • MAINFRAMES: THE PAST WILL COME BACK TO HAUNT YOU

    Phil Young
    Wed, 10:15 - 11:15
    Roman 2

  • MALICIOUS FILE FOR EXPLOITING FORENSIC SOFTWARE

    Takahiro Haruyama, Hiroshi Suzuki
    Wed, 17:30 - 18:00
    Roman 2

  • MALTEGO TUNGSTEN AS A COLLABORATIVE ATTACK PLATFORM

    Andrew MacPherson, Roelof Temmingh
    Wed, 15:30 - 16:30
    Roman 1 & 3

  • METHODOLOGIES FOR HACKING EMBEDDED SECURITY APPLIANCES

    Rob Bathurst, Mark Carey
    Wed, 10:15 - 12:45
    Florentine

  • MILLION BROWSER BOTNET

    Jeremiah Grossman, Matt Johansen
    Wed, 11:45 - 12:15
    Augustus 3 & 4

  • MOBILE MALWARE: WHY THE TRADITIONAL AV PARADIGM IS DOOMED AND HOW TO USE PHYSICS TO DETECT UNDESIRABLE ROUTINES

    Markus Jakobsson, Guy Stewart
    Thu, 10:45 - 11:15
    Roman 2

  • MOBILE ROOTKITS: EXPLOITING AND ROOTKITTING ARM TRUSTZONE

    Thomas Roth
    Thu, 10:15 - 11:15
    Palace 3

  • MULTIPLEXED WIRED ATTACK SURFACES

    Kyle Osborn, Michael Ossmann
    Thu, 17:00 - 18:00
    Palace 1
  • N

  • NEW TRENDS IN FASTFLUX NETWORKS

    Xinran Wang, Wei Xu
    Wed, 10:15 - 10:45
    Palace 2
  • O

  • OPSEC FAILURES OF SPIES

    Matthew Cole
    Wed, 16:00 - 16:30
    Palace 1

  • OPTIROP: HUNTING FOR ROP GADGETS IN STYLE

    Nguyen Anh Quynh
    Thu, 17:00 - 18:00
    Roman 2

  • OUT OF CONTROL: DEMONSTRATING SCADA DEVICE EXPLOITATION

    Eric Forner, Brian Meixell
    Thu, 14:15 - 15:15
    Palace 3

  • OWNING THE ROUTING TABLE - PART II

    Gabi Nakibly
    Thu, 17:00 - 18:00
    Augustus 1 & 2
  • P

  • PASS-THE-HASH 2: THE ADMIN'S REVENGE

    Chris Campbell, Alva Duckwall
    Thu, 10:15 - 11:15
    Roman 4

  • PASS THE HASH AND OTHER CREDENTIAL THEFT AND REUSE: MITIGATING THE RISK OF LATERAL MOVEMENT AND PRIVILEGE ESCALATION

    Patrick Jungles, Mark Simos
    Wed, 14:15 - 15:15
    Roman 4

  • PASSWORD HASHING: THE FUTURE IS NOW

    Jean-Philippe Aumasson
    Wed, 12:15 - 12:45
    Roman 4

  • PDF ATTACK: A JOURNEY FROM THE EXPLOIT KIT TO THE SHELLCODE

    Jose Miguel Esparza
    Wed, 14:15 - 16:30
    Florentine

  • PIXEL PERFECT TIMING ATTACKS WITH HTML5

    Paul Stone
    Wed, 17:00 - 18:00
    Palace 3

  • POST EXPLOITATION OPERATIONS WITH CLOUD SYNCHRONIZATION SERVICES

    Jacob Williams
    Thu, 15:30 - 16:30
    Roman 4

  • POWER ANALYSIS ATTACKS FOR CHEAPSKATES

    Colin O'Flynn
    Wed, 11:45 - 12:45
    Roman 1 & 3

  • PREDICTING SUSCEPTIBILITY TO SOCIAL BOTS ON TWITTER

    Chris Sumner, Randall Wald
    Wed, 17:00 - 18:00
    Roman 4

  • PRESS ROOT TO CONTINUE: DETECTING OSX AND WINDOWS BOOTKITS WITH RDFU

    Tomislav Pericin, Mario Vuksan
    Thu, 14:15 - 15:15
    Palace 1
  • R

  • REVEALING EMBEDDED FINGERPRINTS: DERIVING INTELLIGENCE FROM USB STACK INTERACTIONS

    Andy Davis
    Thu, 11:45 - 12:45
    Augustus 5 & 6

  • RFID HACKING: LIVE FREE OR RFID HARD

    Francis Brown
    Thu, 15:30 - 16:30
    Augustus 5 & 6

  • ROOTING SIM CARDS

    Karsten Nohl
    Wed, 17:00 - 18:00
    Augustus 5 & 6
  • S

  • SHATTERING ILLUSIONS IN LOCK-FREE WORLDS: COMPILER/HARDWARE BEHAVIORS IN OSES AND VMS

    Marc Blanchou
    Wed, 11:45 - 12:15
    Roman 4

  • SMASHING THE FONT SCALER ENGINE IN WINDOWS KERNEL

    Ling Chuan Lee, Chan Lee Yee
    Wed, 17:00 - 18:00
    Palace 2

  • SPY-JACKING THE BOOTERS

    Lance James, Brian Krebs
    Thu, 17:00 - 18:00
    Augustus 3 & 4

  • SSL, GONE IN 30 SECONDS - A BREACH BEYOND CRIME

    Yoel Gluck, Neal Harris, Angelo Prado
    Thu, 15:30 - 16:30
    Palace 1

  • STEPPING P3WNS: ADVENTURES IN FULL-SPECTRUM EMBEDDED EXPLOITATION (AND DEFENSE!)

    Michael Costello, Ang Cui, Salvatore. J. Stolfo
    Thu, 11:45 - 12:45
    Augustus 3 & 4
  • T

  • TERIDIAN SOC EXPLOITATION: EXPLORATION OF HARVARD ARCHITECTURE SMART GRID SYSTEMS

    Nathan Keltner, Josh Thomas
    Thu, 17:00 - 18:00
    Roman 1 & 3

  • THE FACTORING DEAD: PREPARING FOR THE CRYPTOPOCALYPSE

    Thomas Ptacek, Tom Ritter, Javed Samuel, Alex Stamos
    Thu, 10:15 - 11:15
    Augustus 3 & 4

  • THE OUTER LIMITS: HACKING THE SAMSUNG SMART TV

    Aaron Grattafiori, Josh Yavor
    Thu, 11:45 - 12:45
    Palace 3

  • THE SCADA THAT DIDN'T CRY WOLF- WHO'S REALLY ATTACKING YOUR ICS DEVICES- PART DEUX!

    Kyle Wilhoit
    Thu, 10:15 - 11:15
    Palace 2

  • THE WEB IS VULNERABLE: XSS DEFENSE ON THE BATTLEFRONT

    Ryan Barnett, Greg Wroblewski
    Wed, 17:00 - 17:30
    Roman 2

  • TLS 'SECRETS'

    Florent Daigniere
    Wed, 11:45 - 12:15
    Augustus 1 & 2

  • TOR... ALL-THE-THINGS!

    Jason Geffner
    Wed, 15:30 - 16:00
    Augustus 5 & 6

  • TOWN HALL MEETING: CFAA REFORM STRATEGY

    Kurt Opsahl
    Wed, 17:00 - 18:00
    Florentine

  • TRUNCATING TLS CONNECTIONS TO VIOLATE BELIEFS IN WEB APPLICATIONS

    Alfredo Pironti, Ben Smyth
    Wed, 16:00 - 16:30
    Augustus 5 & 6
  • U

  • UART THOU MAD?

    Toby Kohlenberg, Mickey Shkatov
    Thu, 11:45 - 12:45
    Palace 1
  • '

  • ') UNION SELECT `THIS_TALK` AS ('NEW OPTIMIZATION AND OBFUSCATION TECHNIQUES’)%00

    Richard Salgado
    Thu, 14:15 - 15:15
    Palace 2
  • U

  • UNIVERSAL DDOS MITIGATION BYPASS

    Albert Hui, Dr. Wai-Leng Lee, Tony Miu
    Wed, 14:15 - 15:15
    Palace 2

  • UNTWINING TWINE

    Jon Chittenden, Anson Gomes
    Wed, 15:30 - 16:00
    Palace 2

  • USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER

    Ulisses Albuquerque, Joaquim Espinhara
    Thu, 14:15 - 15:15
    Roman 2
  • V

  • VIRTUAL DEOBFUSCATOR - A DARPA CYBER FAST TRACK FUNDED EFFORT

    Jason Raber
    Thu, 15:30 - 16:30
    Roman 1 & 3
  • W

  • WHAT SECURITY RESEARCHERS NEED TO KNOW ABOUT ANTI-HACKING LAW

    Marcia Hofmann
    Wed, 11:45 - 12:45
    Palace 3

  • WHAT'S ON THE WIRE? PHYSICAL LAYER TAPPING WITH PROJECT DAISHO

    Mike Kershaw, Michael Ossmann, Dominic Spill
    Thu, 14:15 - 15:15
    Augustus 1 & 2

  • WITH BIGDATA COMES BIG RESPONSIBILITY: PRACTICAL EXPLOITING OF MDX INJECTIONS

    Alexander Bolshev, Dmitry Chastuhin
    Wed, 10:15 - 11:15
    Roman 1 & 3