5min web audit: Security in the startup world

A Brief History of Exploitation

A Bug or Malware? Catastrophic consequences either way.

Abusing Active Directory in Post-Exploitation

Active Directory: Real Defense for Domain Admins

Advanced Incident Response with Bro

Advanced Red Teaming: All your Badge Are Belong To Us

A girl, some passion, and some tech stuff

A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services

All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches

Am I an Imposter?

Analyzing Weak Areas of the Federal Cloud Security Program

Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed

Are you a Beefeater -- focused on protecting your crown jewels?

Are You a Janitor- Or a Cleaner

Around the world in 80 cons

Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades

Attack Paths

Attacks and Countermeasures: Advanced Network Traffic Manipulation

A Year in the (Backdoor) Factory

Back by popular demand -- Adaptive Penetration Testing Part Two

Bad Advice- Unintended Consequences- and Broken Paradigms

Ball and Chain (A New Paradigm in Stored Password Security)

Bending and Twisting Networks

Bridging the gap between red and blue

Building a Modern Security Engineering Organization

Building a Web Application Vulnerability Management Program

Building Better Botnets with IPv6

Burp For All Languages

Bypassing Internet Explorer’s XSS Filter

C3CM: Defeating the Command- Control- and Communications of Digital Assailants

Call of Community: Modern Warfare

Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP

Chicken of the APT: Understanding Targeted Attackers with Incubation!

Closing Ceremonies

CMS Hacking Tricks

Code Insecurity or Code in Security

Control Flow Graph Based Virus Scanning

DDoS Botnet: 1000 Knives and a Scalpel!

Defensive talks NOT 'sexy'? What's sexier than catching an attack like Target- APT- SET or your Pen Tester? Let me show you some sexy logging

DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model?

Dolla Dolla Bump Key

Electronic locks in firearms -- Oh My!

Ethical Control: Ethics and Privacy in a Target-Rich Environment

Et tu- Kerberos?

Everybody gets clickjacked: Hard knock lessons on bug bounties

Exploiting Browsers Like A Boss w/ WhiteLightning!

Exploring Layer 2 Network Security in Virtualized Environments

Fighting Back Against SSL Inspection

Gender Differences in Social Engineering: Does Sex Matter?

GET A Grip on Your Hustle: Glassdoor Exfil Toolkit

Getting Windows to Play with Itself: A Pen Tester's Guide to Windows API Abuse

Girl… Fault Interrupted

Give me your data! Obtaining sensitive data without breaking in

Gone in 60 minutes -- Practical Approach to Hacking an Enterprise with Yasuo

GROK

Hackers Are People Too

Hacking Mainframes; Vulnerabilities in applications exposed over TN3270

Hacking the media for fame and profit

Hacking your way into the APRS Network on the Cheap

Hardware Tamper Resistance: Why and How?

Hiding the breadcrumbs: Forensics and anti-forensics on SAP systems

How building a better hacker accidentally built a better defender

How not to suck at pen testing

How to Give the Best Pen Test of Your Life

How to Secure and Sys Admin Windows like a Boss.

How to Stop a Hack

Human Trafficking in the Digital Age

Hunting Malware on Linux Production Servers: The Windigo Backstory

I Am The Cavalry: Year [0]

If it fits- it sniffs: Adventures in WarShipping

Information Security Team Management: How to keep your edge while embracing the dark side

InfoSec -- from the mouth of babes (or an 8 year old)

Interceptor: A PowerShell SSL MITM Script

Interns Down for What?

Introducting Network-Socut: Defending The Soft Center of Your Network

Introduction to System Hardening

i r web app hacking (and so can you!)

It’s Not Easy Being Purple

Just What The Doctor Ordered?

Macro Malware Lives! -- Putting the sexy back into MS-Office document macros

Mainframes, Mopeds and Mischief: A PenTester's Year in Review

Making BadUSB Work For You

Making Mongo Cry-Attacking NoSQL for Pen Testers

Mirage — Next Gen Honeyports

More New Shiny in the Metasploit Framework

NeXpose For Automated Compromise Detection

NoSQL Injections: Moving Beyond ‘or ‘1’=’1′

Offensive Safe Words -- Exploiting a Bad Dom(admins’)

Ok -- so you’ve been pwned -- now what?

Once upon a time… (InfoSec History 101)

Open Source Threat Intelligence: Developing a Threat intelligence program using open source tools and public sources

PassCrackNet: When everything else fails- just crack hashes.

Passing the Torch: Old School Red Teaming- New School Tactics

Patching the Human Vulns

Penetrate your OWA

Physical Security: From Locks to Dox

Planning for Failure

powercat

Powershell Drink the Kool-Aid

Practical PowerShell Programming for Professional People

Proactive Application Security

Project SCEVRON: SCan EVrything with ruby RONin

Protocol Me Maybe? How to Date SCADA

Quantifying The Adversary: Introducing GuerillaSearch and GuerillaPivot

RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours

Real World Intrusion Response

Red Teaming: Back and Forth, 5ever

Red white and blue. Making sense of Red Teaming for good.

Saving the world from the zombie apocalypse

Secrets of DNS

Securing Your A$$ets from Espionage

Shellcode Time: Come on Grab Your Friends

Simple Network Management Pwnd

Single Chip Microcontrollers: Beyond Arduino

Snarf - Capitalizing on Man-in-the-Middle

Snort & OpenAppID: How to Build an Open Source Next Generation Firewall

Social Engineering your progeny to be hackers

Soft Skills for a Technical World

So You Want To Murder a Software Patent

Step On In, The Waters Fine!

Subverting ML Detections for Fun and Profit

Surviving until Dawn

SWF Seeking Lazy Admin for Cross Domain Action

The Canary in the Cloud

The Human Buffer Overflow aka Amygdala Hijacking

The Internet Of Insecure Things: 10 Most Wanted List

The Multibillion Dollar Industry That’s Ignored

The Road to Compliancy Success Plus Plus

The Social Engineering Savants -- The Psychopathic Profile

The Wireless World of the Internet of Things

They touched you WHERE? When trusting a security questionnaire isn’t enough!

Things Being a New Parent of Twins Teaches You About Security

Third Party Code: FIX ALL THE THINGS

Threat Modeling for Realz

University Education In Security Panel

Vulnerability Assessment 2.0

We don’t need no stinking Internet.

Welcome to the Family

What Dungeons & Dragons Taught Me About INFOSEC

What happened to the ‘A’? How to leverage BCP/DR for your Info Sec Program

What to expect when you’re expecting…a pentest

Why Aim for the Ground?

wifu^2

You’re in the butter zone now- baby.

ZitMo NoM