99 Reasons Your Perimeter Is Leaking - Evolution of C&C

Abusing IoT Medical Devices For Your Precious Health Records

A “Crash” Course in Exploiting Buffer Overflows (Live Demos!)

Advanced Deception Technology Through Behavioral Biometrics

Android App Penetration Testing 101

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10

App-o-Lockalypse now!

A Process is No One: Hunting for Token Manipulation

Attacking Azure Environments with PowerShell

Blue Blood Injection: Transitioning Red to Purple

Breaking Into Your Building: A Hackers Guide to Unauthorized Access

Brutal Blogging - Go for the Jugular

Bug Hunting in RouterOS

Building an Empire with (Iron)Python

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Changing Our Mindset From Technical To Psychological Defenses

Clippy for the Dark Web: Looks Like You’re Trying to Buy Some Dank Kush, Can I Help You With That?

Cloud Computing Therapy Session

Cloud Forensics: Putting The Bits Back Together

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine

Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community

Comparing apples to Apple

CTFs: Leveling Up Through Competition

Cyber Intelligence: There Are No Rules, and No Certainties

Decision Analysis Applications in Threat Analysis Frameworks

Deploying Deceptive Systems: Luring Attackers from the Shadows

Detecting WMI exploitation

Dexter: the friendly forensics expert on the Coinbase security team

Disaster Strikes: A Hacker's Cook book

Draw a Bigger Circle: InfoSec Evolves

Driving Away Social Anxiety

Escoteric Hashcat Attacks

Everything Else I Learned About Security I Learned From Hip-Hop

Extending Burp to Find Struts and XXE Vulnerabilities

Fingerprinting Encrypted Channels for Detection

Foxtrot C2: A Journey of Payload Delivery

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It

Fuzz your smartphone from 4G base station side

Getting Control of Your Vendors Before They Take You Down

Getting Started in CCDC

Going on a Printer Safari – Hunting Zebra Printers

Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight

Gryffindor | Pure JavaScript, Covert Exploitation

Hackers, Hugs, & Drugs: Mental Health in Infosec

Hacking Mobile Applications with Frida

Ham Radio 4 Hackers

Hardware Slashing, Smashing, and Reconstructing for Root access

Hey! I found a vulnerability – now what?

Hillbilly Storytime: Pentest Fails

How online dating made me better at threat modeling

How Russian Cyber Propaganda Really Works

How to influence security technology in kiwi underpants

How to put on a Con for Fun and (Non) Profit

How to test Network Investigative Techniques(NITs) used by the FBI

I Can Be Apple, and So Can You

In-Memory Persistence: Terminate & Stay Resident Redux

Instant Response: Making IR faster than you thought possible!

Introduction to x86 Assembly

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)

Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow

IOCs Today, Intelligence-Led Security Tomorrow

IoT: Not Even Your Bed Is Safe

IronPython... omfg

IRS, HR, Microsoft and your Grandma: What they all have in common

Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device

Just Let Yourself In

Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil

Lessons Learned by the WordPress Security Team

Living in a Secure Container, Down by the River

Living off the land: enterprise post-exploitation

#LOLBins - Nothing to LOL about!

#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection

M&A Defense and Integration – All that Glitters is not Gold

Maintaining post-exploitation opsec in a world with EDR

Make Me Your Dark Web Personal Shopper!

Mapping wifi networks and triggering on interesting traffic patterns

Media hacks: an Infosec guide to dealing with journalists

Metasploit Town Hall 0x4

Mirai, Satori, OMG, and Owari - IoT Botnets Oh My

MS17-010?

Ninja Looting Like a Pirate

NOOb OSINT in 30 Minutes or less!

No Place Like Home: Real Estate OSINT and OPSec Fails

Offensive Browser Extension Development

Off-grid coms and power

On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone

Opening Ceremonies

Opening Ceremony

OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it

Pacu: Attack and Post-Exploitation in AWS

Panel Discussion - At a Glance: Information Security

Patching: Show me where it hurts

Perfect Storm: Taking the Helm of Kubernetes

PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget

Protect Your Payloads: Modern Keying Techniques

Pwning in the Sandbox: OSX Macro Exploitation & Beyond

Red Mirror: Bringing Telemetry to Red Teaming

Red Teaming gaps and musings

RFID Luggage Tags, IATA vs Real Life

Ridesharks

RID Hijacking: Maintaining Access on Windows Machines

SAEDY: Subversion and Espionage Directed Against You

Ship Hacking: a Primer for Today’s Pirate

Silent Compromise: Social Engineering Fortune 500 Businesses

Social Engineering At Work – How to use positive influence to gain management buy-in for anything

So many pentesting tools from a $4 Arduino

State of Win32k Security: Revisiting Insecure design

Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework

Tales From the Bug Mine - Highlights from the Android VRP

The History of the Future of Cyber-Education

The Layer2 Nightmare

The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.

The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs

The MS Office Magic Show

The Unintended Risks of Trusting Active Directory

Threat Hunting with a Raspberry Pi

Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes

Ubiquitous Shells

VBA Stomping - Advanced Malware Techniques

Victor or Victim? Strategies for Avoiding an InfoSec Cold War

We are all on the spectrum: What my 10-year-old taught me about leading teams

WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids

Web App 101: Getting the lay of the land

Web app testing classroom in a box - the good, the bad and the ugly

When Macs Come Under ATT&CK

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests

Your Training Data is Bad and You Should Feel Bad