A Brief History of Mitigation: The Path to EL1 in iOS 11

A Deep Dive into macOS MDM (and How it can be Compromised)

A Dive in to Hyper-V Architecture & Vulnerabilities

AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries

AI & ML in Cyber Security - Why Algorithms are Dangerous

An Attacker Looks at Docker: Approaching Multi-Container Applications

Another Flip in the Row

Applied Self-Driving Car Security

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware

A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme

Automated Discovery of Deserialization Gadget Chains

Back to the Future: A Radical Insecure Design of KVM on ARM

Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure

Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre

Black Box is Dead. Long Live Black Box!

Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths

Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!

Breaking the IIoT: Hacking industrial Control Gateways

Catch me Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time

Compression Oracle Attacks on VPN Networks

Decompiler Internals: Microcode

Deep Dive into an ICS Firewall Looking for the Fire Hole

DeepLocker - Concealing Targeted Attacks with AI Locksmithing

Deep Neural Networks for Hackers: Methods Applications and Open Source Tools

Demystifying PTSD in the Cybersecurity Environment

Detecting Credential Compromise in AWS

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities

Dissecting Non-Malicious Artifacts: One IP at a Time

Don't @ Me: Hunting Twitter Bots at Scale

Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering

Exploitation of a Modern Smartphone Baseband

Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection

Finding Xori: Malware Analysis Triage with Automated Disassembly

Fire & Ice: Making and Breaking macOS Firewalls

Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina

For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems

From Bot to Robot: How Abilities and Law Change with Physicality

From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities

From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

Hardening Hyper-V through Offensive Security Research

Holding on for Tonight: Addiction in InfoSec

How can Communities Move Forward After Incidents of Sexual Harassment or Assault?

How can Someone with Autism Specifically Enhance the Cyber Security Workforce?

How I Learned to Stop Worrying and Love the SBOM

Identity Theft: Attacks on SSO Systems

I for One Welcome Our New Power Analysis Overlords

InfoSec Philosophies for the Corrupt Economy

IoT Malware: Comprehensive Survey Analysis Framework and Case Studies

Is the Mafia Taking Over Cybercrime?

It's a PHP Unserialization Vulnerability Jim but Not as We Know It

KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous

Kernel Mode Threats and Practical Defenses

Last Call for SATCOM Security

Legal Landmines: How Law and Policy are Rapidly Shaping Information Security

Legal Liability for IOT Cybersecurity Vulnerabilities

Lessons and Lulz: The 4th Annual Black Hat USA NOC Report

Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines

Lowering the Bar: Deep Learning for Side Channel Analysis

LTE Network Automation Under Threat

Mainframe \[z/OS\] Reverse Engineering and Exploit Development

Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware

Meltdown: Basics Details Consequences

Mental Health Hacks: Fighting Burnout Depression and Suicide in the Hacker Community

Miasm: Reverse Engineering Framework

Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims

New Norms and Policies in Cyber-Diplomacy

New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers

None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service

No Royal Road … Notes on Dangerous Game

Open Sesame: Picking Locks with Cortana

Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes

Outsmarting the Smart City

Over-the-Air: How we Remotely Compromised the Gateway BCM and Autopilot ECUs of Tesla Cars

Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives

Playback: A TLS 1.3 Story

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Protecting the Protector Hardening Machine Learning Defenses Against Adversarial Attacks

Real Eyes Realize Real Lies: Beating Deception Technologies

Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots

Remotely Attacking System Firmware

Return of Bleichenbacher's Oracle Threat (ROBOT)

Reversing a Japanese Wireless SD Card - From Zero to Code Execution

Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers

SDL That Won't Break the Bank

SirenJack: Cracking a 'Secure' Emergency Warning Siren System

Snooping on Cellular Gateways and Their Critical Role in ICS

Software Attacks on Hardware Wallets

So I became a Domain Controller

Squeezing a Key through a Carry Bit

Stealth Mango and the Prevalence of Mobile Surveillanceware

Stop that Release There's a Vulnerability!

Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops

Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology

The Air-Gap Jumpers

The Finest Penetration Testing Framework for Software-Defined Networks

The Problems and Promise of WebAssembly

There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently

The Science of Hiring and Retaining Female Cybersecurity Engineers

The Unbearable Lightness of BMC's

The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet

Threat Modeling in 2018: Attacks Impacts and Other Updates

TLBleed: When Protecting Your CPU Caches is Not Enough

Too Soft\[ware Defined\] Networks: SD-WAN Vulnerability Assessment

TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems Forever

Two-Factor Authentication Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key

Understanding and Exploiting Implanted Medical Devices

Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library

WebAssembly: A New World of Native Exploits on the Browser

Why so Spurious? How a Highly Error-Prone x86/x64 CPU Feature can be Abused to Achieve Local Privilege Escalation on Many Operating Systems

Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator

WireGuard: Next Generation Secure Network Tunnel

Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities

Your Voice is My Passport

ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?