Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection

Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor

Abusing XSLT for Practical Attacks

Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card

Adventures in Femtoland: 350 Yuan for Invaluable Fun

Ah! Universal Android Rooting is Back

Android Security State of the Union

API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers

Assessing and Exploiting BigNum Vulnerabilities

Attacking ECMAScript Engines with Redefinition

Attacking Hypervisors Using Firmware and Hardware

Attacking Interoperability - An OLE Edition

Attacking Your Trusted Core: Exploiting Trustzone on Android

Automated Human Vulnerability Scanning with AVA

Back Doors and Front Doors Breaking the Unbreakable System

Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture

Behind the Mask: The Agenda Tricks and Tactics of the Federal Trade Commission as they Regulate Cybersecurity

BGP Stream

Big Game Hunting: The Peculiarities of Nation-State Malware Research

Breaking Access Controls with BLEKey

Breaking Honeypots for Fun and Profit

Breaking HTTPS with BGP Hijacking

Breaking Payloads with Runtime Code Stripping and Image Freezing

Bring Back the Honeypots

Bringing a Cannon to a Knife Fight

Broadcasting Your Attack: Security Testing DAB Radio in Cars

Bypass Control Flow Guard Comprehensively

Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS

Certifi-gate: Front-Door Access to Pwning Millions of Androids

Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical Security

Commercial Mobile Spyware - Detecting the Undetectable

CrackLord: Maximizing Password Cracking Boxes

Crash & Pay: How to Own and Clone Contactless Payment Devices

Dance Like Nobodys Watching Encrypt Like Everyone Is: A Peek Inside the Black Hat Network

Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing

Deep Learning on Disassembly

Defeating Machine Learning: What Your Security Vendor is Not Telling You

Defeating Pass-the-Hash: Separation of Powers

Distributing the Reconstruction of High-Level Intermediate Representation for Large Scale Malware Analysis

Dom Flow - Untangling the DOM for More Easy-Juicy Bugs

Emanate Like a Boss: Generalized Covert Data Exfiltration with Funtenna

Exploiting Out-of-Order Execution for Covert Cross-VM Communication

Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

Exploiting XXE Vulnerabilities in File Parsing Functionality

Faux Disk Encryption: Realities of Secure Storage on Mobile Devices

FileCry - The New Age of XXE

Fingerprints on Mobile Devices: Abusing and Leaking

Forging the USB Armory an Open Source Secure Flash-Drive-Sized Computer

From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning and the SOC

Fuzzing Android System Services by Binder Call to Escalate Privilege

GameOver Zeus: Badguys and Backends

Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware

Harnessing Intelligence from Malware Repositories

Hidden Risks of Biometric Identifiers and How to Avoid Them

HI THIS IS URGENT PLZ FIX ASAP: Critical Vulnerabilities and Bug Bounty Programs

How to Hack Government: Technologists as Policy Makers

How to Implement IT Security After a Cyber Meltdown

How Vulnerable are We to Scams?

Information Access and Information Sharing: Where We are and Where We are Going

Internet-Facing PLCs - A New Back Orifice

Internet Plumbing for Security Professionals: The State of BGP Security

Internet-Scale File Analysis

Is the NSA Still Listening to Your Phone Calls? A Surveillance Debate: Congressional Success or Epic Fail

Mobile Point of Scam: Attacking the Square Reader

Most Ransomware Isnt as Complex as You Might Think

My Bro the ELK: Obtaining Context from Security Events

Optimized Fuzzing IOKit in iOS

Panel: Getting It Right: Straight Talk on Threat & Information Sharing

Panel: How the Wassenaar Arrangements Export Control of Intrusion Software Affects the Security Industry

Pen Testing a City

Red vs Blue: Modern Active Directory Attacks Detection and Protection

Remote Exploitation of an Unaltered Passenger Vehicle

Remote Physical Damage 101 - Bread and Butter Attacks

Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware

Return to Where? You Cant Exploit What You Cant Find

Review and Exploit Neglected Attack Surfaces in iOS 8

Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion

ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion

Securing Your Big Data Environment

Server-Side Template Injection: RCE for the Modern Web App

SMBv2: Sharing More than Just Your Files

Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities

Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service

Stagefright: Scary Code in the Heart of Android

Staying Persistent in Software Defined Networks

Stranger Danger! What is the Risk from 3rd Party Libraries?

Subverting Satellite Receivers for Botnet and Profit

Switches Get Stitches

Take a Hacker to Work Day - How Federal Prosecutors Use the CFAA

Taking Event Correlation with You

Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS

Taxonomic Modeling of Security Threats in Software Defined Networking

The Applications of Deep Learning on Traffic Identification

The Battle for Free Speech on the Internet

The Kali Linux Dojo Workshop #1: Rolling Your Own - Generating Custom Kali Linux 20 ISOs

The Kali Linux Dojo Workshop #2: Kali USB Setups with Persistent Stores and LUKS Nuke Support

The Lifecycle of a Revolution

The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems

The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation

The Nodejs Highway: Attacks are at Full Throttle

The NSA Playset: A Year of Toys and Tools

These are Not Your Grand Daddys CPU Performance Counters - CPU Hardware Performance Counters for Security

The Tactical Application Security Program: Getting Stuff Done

THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware

ThunderStrike 2: Sith Strike

TrustKit: Code Injection on iOS 8 for the Greater Good

Understanding and Managing Entropy Usage

Understanding the Attack Surface and Attack Resilience of Project Spartans New EdgeHTML Rendering Engine

Unicorn: Next Generation CPU Emulator Framework

Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware

Web Timing Attacks Made Practical

When IoT Attacks: Hacking a Linux-Powered Rifle

Why Security Data Science Matters and How Its Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence

Winning the Online Banking War

Writing Bad @$$ Malware for OS X

WSUSpect - Compromising the Windows Enterprise via Windows Update

ZigBee Exploited the Good the Bad and the Ugly