Talks

5

• 50 Shades of RED: Stories from the “Playroom”

A

• Abusing LFI-RFI for Fun,Profit and Shells

• A developer’s guide to pentesting

• After SS7 its LTE

• Alice Goes Deeper (Down the Rabbit Hole) – Redirection 2.0

• A n00bie’s perspective on Pentesting…

• An Anti-Forensics Primer

• Android 4.0: Ice Cream “Sudo Make Me a” Sandwich

• An Encyclpwnia of Persistence

• ANOTHER Log to Analyze – Utilizing DNS to Discover Malware in Your Network

• Anti-Forensics: Memory or something, I forget.

• Antivirus Evasion: Lessons Learned

• Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken)

• Applying the 32 Zombieland Rules to IT Security

• Appsec Tl;dr

• A SysCall to ARMs

• Attacking the Next Generation Air Traffic Control System; Hackers, liquor and commercial airliners.

B

• Battle Scars And Friendly Fire: Threat Research Team War Stories

• Beyond Information Warfare “You Ain’t Seen Nothing Yet”

• Big Hugs for Big Data

• Browser Pivoting (FU2FA)

• Building An Information Security Awareness Program from Scratch

• Burning the Enterprise with BYOD

C

• Cash is King: Who’s Wearing Your Crown?

• Cheat Codez: Level UP Your SE Game

• Closing Ceremonies

• Cognitive Injection: Reprogramming the Situation-Oriented Human OS

• Collaborative Penetration Testing With Lair

• Cracking Corporate Passwords – Exploiting Password Policy Weaknesses

• Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography

D

• Dancing with Dalvik

• Decoding Bug Bounty Programs

• DEF CON Documentary

• Digital Energy – BPT

• DIY Command & Control For Fun And *No* Profit

• DIY Forensics: When Incident Response Morphs into Digital Forensics

E

• Electronic Safe Fail: Common Vulnerabilities in Electronic Safes

• Emergent Vulnerabilities: What ant colonies, schools of fish, and security have in common.

• Everything you ever wanted to know on how to start a Credit Union, but were afraid to ask.

• Evolutionary Security – Embracing Failure to Attain “Good Enough”

• Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network

F

• Finding The Signal in the Noise: Quantifying Advanced Malware

• First line of defense

• Follow the Foolish Zebras: Finding Threats in Your Logs

G

• Gen Y—Getting Them to Talk Rather than Text at Work

• Getting Schooled: Security with no budget in a hostile environment.

• Getting the goods with smbexec

• gitDigger: Creating useful wordlists from public GitHub repositories

• Grim Trigger

H

• Hacking Back, Active Defense and Internet Tough Guys

• Hack the Hustle!

• Hardening Windows 8 apps for the Windows Store

• Hello ASM World: A Painless and Contextual Introduction to x86 Assembly

• help for the helpdesk

• Hiding @ Depth – Exploring & Subverting NAND Flash memory

• How can I do that? Intro to hardware hacking with an RFID badge reader

• How Good is Your Phish

• How Im going to own your organization in just a few days.

• How the Grid Will Be Hacked

• How to Fight a War Without Actually Starting One

I

• Identifying Evil: An introduction to Reverse Engineering Malware and other software

• Intro to Dynamic Access Control in Windows Server 2012

• IOCAware – Actively Collect Compromise Indicators and Test Your Entire Enterprise

• iOS.reverse #=> iPwn Apps

• IPv6 is here (kind of), what can I do with it?

• Is Auditing C/C++ Different Nowadays?

• It’s Okay to Touch Yourself

• It’s Only a Game: Learning Security through Gaming

J

• JTAGulator: Assisted discovery of on-chip debug interfaces

K

• Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World

L

• Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation

• Look Ma, No Exploits! – The Recon-ng Framework

• Love letters to Frank Abagnale (How do I pwn thee let me count the ways)

M

• Malware Automation

• Malware : testing malware scenarios on your network

• My Experiments with truth: a different route to bug-hunting

• My Security is a Graph – Your Arguement is Invalid

N

• New Shiny in the Metasploit Framework

O

• Ooops, Now What? :: The Stolen Data Impact Model (SDIM)

• Opening Ceremonies

• Operationalizing Security Intelligence in the Enterprise

• Ownage From Userland: Process Puppeteering

• Owning Computers Without Shell Access

P

• Panel: Building and Growing a Hacker Space

• Passive Aggressive Defense

• Pass-The-Hash 2: The Admin’s Revenge

• Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies

• Patching Windows Executables with the Backdoor Factory

• Phishing Frenzy: 7 seconds from hook to sinker

• Phishing Like The Pros

• Pigs Don’t Fly – Why owning a typical network is so easy, and how to build a secure one.

• PowerShell and Windows Throw the Best Shell Parties

• Practical Exploitation Using A Malicious Service Set Identifier (SSID)

• Practical File Format Fuzzing

• Practical OSINT

• Promoting Your Security Program Like A Lobbyist.

• Put Me In Coach: How We Got Started In Infosec

R

• Raising Hacker Kids: For Good or for Awesome

• Raspberry Pi, Media Centers, and AppleTV

• RAWR – Rapid Assessment of Web Resources

S

• Sandboxes from a pen tester’s view

• Scanning Darkly

• Security Sucks, and You’re Wearing A Nursing Bra

• Security Training and Research Cloud (STRC)

• Seeing red in your future?

• Shattering the Glass: Crafting Post Exploitation Tools with PowerShell

• Sixnet Tools: for poking at Sixnet Things

• SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products.

• Some defensive ideas from offensive guys.

• So you want to be a pentester?

• SQL injection with sqlmap

• Steal All of the Databases.

• Stealth servers need Stealth Packets

• Stop Fighting Anti-Virus

• Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities)

• Surviving the Dead

T

• Taking the BDSM out of PCI-DSS Through Open-Source Solutions

• Terminal Cornucopia

• The Art and Science of Hacking Any Organization

• The Cavalry Is Us: Protecting the public good and our profession

• The Good Samaritan Identity Protection Project – www.thegsipp.org

• The High Risk of Low Risk Applications

• The Internet of Things: Vulns, Botnets and Detection

• The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!

• The Message and The Messenger

• The Mysterious Mister Hokum

• The Netsniff-NG Toolkit

• Tizen Security: Hacking the new mobile OS

• TMI: How to attack SharePoint servers and tools to make it easier

U

• Uncloaking IP Addresses on IRC

‘

• ‘) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniques’)%00

U

• Unmasking Miscreants

• Using Facial Recognition Software In Digital Forensics And Information Security

W

• Wait; How is All This Stuff Free?!?

• Weaponizing your Coffee Pot

• What if Petraeus was a hacker? Email privacy for the rest of us

• What’s common in Oracle and Samsung? They tried to think differently about crypto.

• Why Dumpster Dive when I can pwn right in?

• Why Your IT Bytes

• Windows 0wn3d By Default

• Windows Attacks: AT is the new black

Y

• Your Turn!