3rd Annual Metasploit Townhall
Active Defense for web apps
Advanced Threat Hunting
Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences
An ACE in the Hole: Stealthy Host Persistence via Security Descriptors
Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match
A New Take at Payload Generation: Empty-Nest
A presentation or presentations because...
Architecture at Scale – Save time. Reduce spend. Increase security.
Become the Puppet Master - the battle of cognition between man and machine
Beyond xp_cmdshell
Blue Team Keeping Tempo with Offense
Bots, Trolls, and Warriors
Building a full size CNC for under $500
Building Better Backdoors with WMI
Building Google for Criminal Enterprises
Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)
Burping for Joy and Financial Gain
C2 Channels - Creative Evasion
changeme: A better tool for hunting default creds
CHIRON - Home based ML IDS
Closing Ceremony
Common Assessment Mistakes Pen Testers and Clients Should Avoid
CredDefense Toolkit
DanderSpritz: How the Equation Group's 2013 tools pwn in 2017
Data Mining Wireless Survey Data with ELK
Defending against PowerShell Attacks
Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
Detect Me If You Can
DFIR Redefined
Diary of a Security Noob
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
Drone Delivered Attack Platform (DDAP)
EDR, ETDR, Next Gen AV is all the rage, so why am I enraged?
Evading Autoruns
Everything I Need To Know About Security I Learned From Watching Kung Fu Movies
Extending Burp
Eye on the Prize
Fileless Malware - The New “Cyber”
FM, and Bluetooth, and Wifi... Oh My!
Full-Contact Recon
Further Adventures in Smart Home Automation: Honey, Please Don’t Burn Down Your Office
Game On! Using Red Team to Rapidly Evolve Your Defenses
Going Deep and Empowering Users - PCAP Utilities and Combating Phishing in a new way
Gone In 59 Seconds - High Speed Backdoor Injection via Bootable USB
Hacking Blockchains
Hacking VDI, Recon and Attack Methods
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Hidden Treasure: Detecting Intrusions with ETW
How to Hunt for Lateral Movement on Your Network
How to KickStart a Drone JailBreaking Scene
How to Measure Your Security: Holding Security Vendors Accountable
How to safely conduct shenanigans
How we accidentally created our own RAT/C2/Distributed Computing Network
Hunting for Memory-Resident Malware
Hunting Lateral Movement for Fun and Profit
IDAPython: The Wonder Woman of Embedded Device Reversing
I had my mom break into a prison, then we had pie.
Improv Comedy as a Social Engineering Tool
Introducing DeepBlueCLI v2, now available in PowerShell and Python
Introducing SpyDir - a BurpSuite Extension
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niques') -Join'')
IoT Security – Executing an Effective Security Testing Process
I Survived Ransomware . . . TWICE
I want my EIP
JReFrameworker: One Year Later
Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools
Kali Linux?
Kinetic to Digital: Terrorism in the Digital Age
Love is in the Air - DFIR and IDS for WiFi Networks
MacOS host monitoring - the open source way
Memory-Based Library Loading: Someone Did That Already.
MitM Digital Subscriber Lines
Mobile APTs: A look at nation-state attacks and techniques
Modern Evasion Techniques
(Mostly) Free Defenses Against the Phishing Kill Chain
Not a Security Boundary: Bypassing User Account Control
Opening Ceremonies
Out With the Old, In With the GNU
Peekaboo! I Own You. Owning Hundreds of Thousands Vulnerable Devices with only two HTTP packets
Personalities disorders in the infosec community
Phishing for You and Your Grandma!
POP POP RETN ; An Introduction to Writing Win32 Shellcode
PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
Purple team FAIL!
Purpose Driven Hunt: What do I do with all this data?
Python Static Analysis
Rapid Incident Response with PowerShell
Reaching Across the Isle: Improving Security Through Partnership
Regular Expressions (Regex) Overview
Retail Store/POS Penetration Testing
Return From The Underworld - The Future Of Red Team Kerberos
Reverse Engineering Hardware via the HRES
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Run your security program like a boss / practical governance advice
Securing Windows with Group Policy
Securing Your Network
Shellcode Via VBScript/JScript Implications
SniffAir – An Open-Source Framework for Wireless Security Assessments
So you want to be a Social Engineer
Spy vs. Spy - Tip from the trenches for red and blue teams
Statistics on 100 million secrets: A look at recent password dumps
Steel Sharpens Steel: Using Red Teams to improve Blue Teams
Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research
TBD
The Current State of Security, an Improv-spection
The .NET Inter-Operability Operation
The skills gap: how can we fix it?
The Trap House
To Catch a Spy
Tracing Adversaries: Detecting Attacks with ETW
V!4GR4: Cyber-Crime, Enlarged
Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.
VMware Escapology: How to Houdini The Hypervisor
War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
Web Application testing - approach and cheating to win
We're going on a Threat Hunt, Gonna find a bad-guy.
What A Long Strange Trip It’s Been
When IoT Research Matters
When to Test, and How to Test It
Windows Event Logs -- Zero 2 Hero
Windows Rootkit Development: Python prototyping to kernel level C2
Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags