Talks

2

• 2FA-Enabled Fraud: Dissecting Operation High Roller

4

• 4140 Ways Your Alarm System Can Fail

A

• Active Directory Reconnaissance, Attacks, and Post-Exploitation

• A Fool’s Game: Building an Awareness & Training Program

• Alice in Exploit Redirection-land – A trip down the rabbit hole

• Ambush – Catching Intruders At Any Point

• Android in the Healthcare Workplace: A Case Study

• An Introduction to Reverse Engineering with Ida Pro Free

• Appearance Hacking 101: The Art of Everyday Camouflage

• Are You HIPAA to the Jive?: How Focus on HIPAA Compliance Over Better Security Practices Hurts Us All

B

• Becoming Mallory – How to Win Creds and Influence Devices

• Beyond Strings – Memory Analysis during Incident Response

• Black Ops

• Breaking into Security

• Building a Database Security Program

• Building Dictionaries and Destroying Hashes Using Amazon EC2

• Building Security into your Mobile Application

• Building the Next Generation IDS with OSINT

• Business Ramifications of Internet’s unclean conflicts

• BYOD: “Bring Your Own Doom or Sane Business Decision?”

C

• Closing Ceremonies

• Collecting Underpants To Win Your Network

• Cookie Cadger: Taking Cookie Hijacking To A New Level

• CounterSploit! (MSF as a defense platform)

• Creating A Powerful User Defense Against Attackers

• Current Trends in Computer Law

• Cyber Fast Track: from the trenches

D

• Dirty Little Secrets Part 2

• Dirty Red Team Tricks II

• DNS Reconnaissance

• Doubt – Deceit – Deficiency and Decency – a Decade of Disillusionment

• Doxing and Anti-Doxing: Information Reconnaissance for the Stalker and the Stalked

E

• Easy Cracking with NetLM Downgrade Attacks

• Easy Passwords = Easy Break-Ins

• Everything they told me about security was wrong

• Everything you wanted to know about Academia (But were too afraid to ask)

• Exploit Development with Ruby – An Intro

F

• Flex Your Rights: The Constitution & Political Activism in the Hacker Community

• Format String Vulnerabilities 101

G

• Ghost in the Wires: The Unbelievable True Story of Kevin Mitnick’s Life as a the World’s Most Wanted Computer Hacker

H

• Hacking Survival: So. You want to compute post-apocalypse?

• Hack Your Way Into A DoD Security Clearance

• House of Cards

• How I Learned To Stop Worrying and Love the Smart Meter

• How I Owned Your Vending Machine

• How screwed are we?

• How to create a one man SOC

• Hunting Evil

I

• Information Overload, Future Shock, IBM & The Nature of Modern Crime

• Introducing the Smartphone Pentest Framework

• Introduction to Metasploit Post Exploitation Modules

• Intro to Linux System Hardening, and Applying it to BackTrack Linux

• Is it time for another firewall or a security awareness program?

• ISO8583: How to pentest when given a target that is not your “normal” target.

• It’s Not Your Perimeter, It’s You That Sucks!

M

• Ma and Pa Sleep with the Door Unlocked: A Look at Information Security in the Small Business

• Managed Service Providers: Pwn One and Done

• Maturing The Penetration Testing Profession

• Medical Device Security: Current State of the Art

• Moar Anti-Forensics – Moar Louise

N

• Next Generation Web Reconnaissance

• Nice to Meet You

• Nonverbal Human Hacking

O

• Off-Grid Communications with Android: Meshing the Mobile World

• Opening Ceremony

P

• Penetration Testing from a Hot Tub Time Machine

• Pentesting for non-pentesters: learning through virtual machines

• Pentesting iOS Applications

• Pen Testing Security Vendors

• PHP Website Security, Attack Analysis, & Mitigations

• Physical Drive-By Downloads

• Privilege Escalation with the Metasploit Framework

• Professional Pen Testing and Learning From Your Mistakes

“

• “Puff, Puff, Pass: Getting the Most Out of Your Hash” An Intro to Linux Post-Exploitation Fun With Windows Hashes

P

• Pwned in 60 Seconds, From Network Guest To Windows Domain Admin

R

• Rapid Blind SQL Injection Exploitation with BBQSQL

• Rescuing the Prince of Persia from the Sands of Time

• RfCat: subghz or bust!

• Running a successful Red Team

S

• Securing the Internet: YOU’re doing it wrong. (An INFOSEC Intervention)

• Security Epistemology: Beliefs, Truth, and Knowledge in the Infosec Community

• Security Onion: Network Security Monitoring in Minutes

• Security Vulnerability Assessments – Process and Best Practices

• SE me, SE you

• Separating Security Intelligence from Security FUD

• SexyDefense – The Red Team tore you a new one. NOW WHAT?

• SH5ARK ATTACK- taking a byte out of HTML5!

• Simple Security Defense to Thwart an Army of Cyber Ninja Warriors

• Slow Down, Cowpoke: When Enthusiasm Outpaces Common Sense

• Social Engineering Defense Contractors on LinkedIN & Facebook: Who’s plugged in to your employees?

• Social Zombies: Rise of the Mobile Dead

• So you got yourself an InfoSec Manager job. Great! Now what?

• Sprinkler: IR

• SQL Injection 101

T

• Tactical Surveillance: Look at me now!

• Taming Skynet : Using the Cloud to Automate Baseline Scanning

• TBA

• The Art and Science of Hacking Any Target

• The Badmin project: (Na-na-nanana Na-na-nanana BADMIN)

• The Devil's in the Details: A look at bad SE and how to do better

• The Evolution of HFC

• The Future of RE: Dynamic Binary Visualization

• The Hacker Ethos meets The FOSS Ethos

• The Patsy Proxy: Getting others to do your dirty work

• The Wild West

• Think differently about database hacking

U

• Using McAfee Secure/TrustGuard as Attack Tools

V

• Vulnerability Spidey Sense – Demystifying Pen Testing Intuition

W

• We go in over the phone lines, pop the firewall, drop in the hydra and wait for the money” and other movie lines that fail.

• What locksport can teach us about security

• Why Integgroll sucks at Python, and you can too!

• Why Isn’t Everyone Pulling Security, This is Combat

• Wielding Katana: A Live Security Suite

• Write Your Own Tools With Python!

Y

• You Can't Buy Security. Building an Open Sourced Information Security Program