The Hidden Architecture of our Time: Why This Internet Worked How We Could Lose It and the Role Hackers Play
Abusing Bleeding Edge Web Standards for AppSec Glory
Breaking Payment Points of Interaction (POI)
The Linux Kernel Hidden Inside Windows 10
Beyond the MCSE: Active Directory for the Security Professional
Capturing 0day Exploits with PERFectly Placed Hardware Traps
HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things
Can You Trust Me Now? An Exploration into the Mobile Threat Landscape
A Retrospective on the Use of Export Cryptography
Augmenting Static Analysis Using Pintool: Ablation
Hackproofing Oracle eBusiness Suite
Memory Forensics Using Virtual Machine Introspection for Cloud Computing
$hell on Earth: From Browser to System Compromise
Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root
A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land
Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness
Applied Machine Learning for Data Exfil and Other Fun Topics
Measuring Adversary Costs to Exploit Commercial Software: The Government- Bootstrapped Non-Profit C.I.T.L.
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
Drone Attacks on Industrial Wireless: A New Front in Cyber Security
Towards a Holistic Approach in Building Intelligence to Fight Crimeware
Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
Xenpwn: Breaking Paravirtualized Devices
Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits
HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows
CANSPY: A Platform for Auditing CAN Devices
GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool
Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable
An Insider's Guide to Cyber-Insurance and Security Guarantees
Pwning Your Java Messaging with Deserialization Vulnerabilities
Does Dropping USB Drives in Parking Lots and Other Places Really Work?
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI
1000 Ways to Die in Mobile OAuth
Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy
I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache
Into The Core - In-Depth Exploration of Windows 10 IoT Core
Design Approaches for Security Automation
Crippling HTTPS with Unholy PAC
Access Keys Will Kill You Before You Kill the Password
Account Jumping Post Infection Persistency & Lateral Movement in AWS
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
Using EMET to Disable EMET
Viral Video - Exploiting SSRF in Video Converters
GreatFET: Making GoodFET Great Again
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX
Watching Commodity Malware Get Sold to a Targeted Actor
Building a Product Security Incident Response Team: Learnings from the Hivemind
Unleash the Infection Monkey: A Modern Alternative to Pen-Tests
Security Through Design - Making Security Better by Designing for People
Brute-Forcing Lockdown Harddrive PIN Codes
Cyber War in Perspective: Analysis from the Crisis in Ukraine
Side-Channel Attacks on Everyday Applications
AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion
The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack