Testing Your Organization's Social Media Awareness
GDPArrrrr: Using Privacy Laws to Steal Identities
Woke Hiring Won't Save Us: An Actionable Approach to Diversity Hiring and Retention
The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring
On Trust: Stories from the Front Lines
Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated
Attack Surface as a Service
Death to the IOC: What's Next in Threat Intelligence
WebAuthn 101 - Demystifying WebAuthn
Rough and Ready: Frameworks to Measure Persistent Engagement and Deterrence
The Enemy Within: Modern Supply Chain Attacks
100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans
Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
Playing Offense and Defense with Deepfakes
Planning a Bug Bounty: The Nuts and Bolts from Concept to Launch
All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices
Information Security in the Public Interest
Project Zero: Five Years of "Make 0Day Hard"
Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs
API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web
Operational Templates for State-Level Attack and Collective Defense of Countries
Breaking Encrypted Databases: Generic Attacks on Range Queries
Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan
Bounty Operations: Best Practices and Common Pitfalls to Avoid in the First 6-12 Months
DevSecOps : What, Why and How
Finding Our Path: How We're Trying to Improve Active Directory Security
Process Injection Techniques - Gotta Catch Them All
Zombie Ant Farming: Practical Tips for Playing Hide and Seek with Linux EDRs
Ghidra - Journey from Classified NSA Tool to Open Source
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale
Firmware Cartography: Charting the Course for Modern Server Compromise
Exploiting Qualcomm WLAN and Modem Over The Air
Infighting Among Russian Security Services in the Cyber Sphere
Managing for Success: Maintaining a Healthy Bug Bounty Program Long Term
Behind the scenes of iOS and Mac Security
0-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars
Predictive Vulnerability Scoring System
Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime
Preventing Authentication Bypass: A Tale of Two Researchers
Making Big Things Better the Dead Cow Way
Inside the Apple T2
Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
Automation Techniques in C++ Reverse Engineering
Backdooring Hardware Devices by Injecting Malicious Payloads on Microcontrollers
Fantastic Red-Team Attacks and How to Find Them
Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
HostSplit: Exploitable Antipatterns in Unicode Normalization
Everybody be Cool, This is a Robbery!
The Discovery of a Government Malware and an Unexpected Spy Scandal
The Future of ATO
Securing Apps in the Open-By-Default Cloud
Adventures in the Underland: The CQForensic Toolkit as a Unique Weapon Against Hackers
Attacking iPhone XS Max
A Compendium of Container Escapes
Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project
Debug for Bug: Crack and Hack Apple Core by Itself - Fun and Profit to Debug and Fuzz Apple Kernel by lldb Script
Command Injection in F5 iRules
Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites
Shifting Knowledge Left: Keeping up with Modern Application Security
Exploring the New World : Remote Exploitation of SQLite and Curl
Paging All Windows Geeks – Finding Evil in Windows 10 Compressed Memory
How to Detect that Your Domains are Being Abused for Phishing by Using DNS
Lessons and Lulz: The 5th Annual Black Hat USA NOC Report
Breaking Samsung's ARM TrustZone