Every Security Team is a Software Team Now
Legal GNSS Spoofing and its Effects on Autonomous Vehicles
Biometric Authentication Under Threat: Liveness Detection Hacking
Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone
A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works
Detecting Deep Fakes with Mice
ClickOnce and You're in - When Appref-ms Abuse is Operating as Intended
SSO Wars: The Token Menace
Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception
PicoDMA: DMA Attacks at Your Fingertips
The Most Secure Browser? Pwning Chrome from 2016 to 2019
Attacking Electric Motors for Fun and Profit
APIC's Adventures in Wonderland
Dragonblood: Attacking the Dragonfly Handshake of WPA3
Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine
Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society
Sensor and Process Fingerprinting in Industrial Control Systems
Behind the Scenes of Intel Security and Manageability Engine
HTTP Desync Attacks: Smashing into the Cell Next Door
It's Not What You Know, It's What You Do: How Data Can Shape Security Engagement
I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy
The Path Less Traveled: Abusing Kubernetes Defaults
Cyber Insurance 101 for CISO’s
New Vulnerabilities in 5G Networks
Selling 0-Days to Governments and Offensive Security Companies
All the 4G Modules Could be Hacked
Worm Charming: Harvesting Malware Lures for Fun and Profit
Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
Chip.Fail - Glitching the Silicon of the Connected World
Lessons From Two Years of Crypto Audits
Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone
Come Join the CAFSA - Continuous Automated Firmware Security Analysis
Integration of Cyber Insurance Into A Risk Management Program
MITRE ATT&CK: The Play at Home Edition
Responding to a Cyber Attack with Missiles
Finding a Needle in an Encrypted Haystack: Leveraging Cryptographic Abilities to Detect the Most Prevalent Attacks on Active Directory
Messaging Layer Security: Towards a New Era of Secure Group Messaging
The Cyber Shell Game – War, Information Warfare, and the Darkening Web
Hacking Your Non-Compete
Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover
Arm IDA and Cross Check: Reversing the Boeing 787's Core Network
Internet-Scale Analysis of AWS Cognito Security
How Do Cyber Insurers View The World?
Controlled Chaos: The Inevitable Marriage of DevOps & Security
He Said, She Said – Poisoned RDP Offense and Defense
Hunting for Bugs, Catching Dragons
Transparency in the Software Supply Chain: Making SBOM a Reality
Reverse Engineering WhatsApp Encryption for Chat Manipulation and More
Detecting Malicious Files with YARA Rules as They Traverse the Network
PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing
MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection
Cybersecurity Risk Assessment for Safety-Critical Systems
Deconstructing the Phishing Campaigns that Target Gmail Users
Defense Against Rapidly Morphing DDOS