| 09:00 |
Granick
|
The Lifecycle of a Revolution |
| 10:20 |
Kettle
|
Server-Side Template Injection: RCE for the Modern Web App |
McSweeny,
Soltani
|
How to Hack Government: Technologists as Policy Makers |
|
Remes
|
Internet Plumbing for Security Professionals: The State of BGP Security |
|
Wardle
|
Writing Bad @$$ Malware for OS X |
|
Ludwig
|
Android Security State of the Union |
|
Meer,
Slaviero
|
Bring Back the Honeypots |
|
Saxe
|
Why Security Data Science Matters and How Its Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence |
|
Moore
|
Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service |
|
Dang,
Quynh
|
Unicorn: Next Generation CPU Emulator Framework |
|
| 11:30 |
Cui
|
Emanate Like a Boss: Generalized Covert Data Exfiltration with Funtenna |
Gavrichenkov
|
Breaking HTTPS with BGP Hijacking |
|
Li,
Sun
|
Attacking Interoperability - An OLE Edition |
|
Moore,
Saydag
|
Defeating Pass-the-Hash: Separation of Powers |
|
Park
|
Winning the Online Banking War |
|
Bailey
|
Take a Hacker to Work Day - How Federal Prosecutors Use the CFAA |
|
Prince
|
The Battle for Free Speech on the Internet |
|
Potter,
Wood
|
Understanding and Managing Entropy Usage |
|
| 13:50 |
Flake,
Seaborn
|
Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges |
Pinto,
Sieira
|
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing |
|
Osipov,
Zaitsev
|
Adventures in Femtoland: 350 Yuan for Invaluable Fun |
|
Metcalf
|
Red vs Blue: Modern Active Directory Attacks Detection and Protection |
|
Peterson,
Sandee,
Werner
|
GameOver Zeus: Badguys and Backends |
|
Billimoria,
Brossard
|
SMBv2: Sharing More than Just Your Files |
|
Gorenc,
Hariri,
Zuckerbraun
|
Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection |
|
Cintz,
Scott
|
The Tactical Application Security Program: Getting Stuff Done |
|
Fogh,
Herath
|
These are Not Your Grand Daddys CPU Performance Counters - CPU Hardware Performance Counters for Security |
|
| 15:00 |
Vixie
|
Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS |
Chapman,
Stone
|
WSUSpect - Compromising the Windows Enterprise via Windows Update |
|
Drake
|
Stagefright: Scary Code in the Heart of Android |
|
Miller,
Valasek
|
Remote Exploitation of an Unaltered Passenger Vehicle |
|
Guarnieri,
Marquis-Boire,
Marschalek
|
Big Game Hunting: The Peculiarities of Nation-State Malware Research |
|
Denaro,
Green
|
Back Doors and Front Doors Breaking the Unbreakable System |
|
Cassidy,
Lee,
Leverett
|
Switches Get Stitches |
|
Barbosa,
Branco,
Matrosov,
Rodionov
|
Distributing the Reconstruction of High-Level Intermediate Representation for Large Scale Malware Analysis |
|
Kouns
|
Stranger Danger! What is the Risk from 3rd Party Libraries? |
|
| 16:20 |
Hilt,
Wilhoit
|
The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems |
Mayer,
Suarez
|
Faux Disk Encryption: Realities of Secure Storage on Mobile Devices |
|
Long,
Pan,
Xiao
|
Optimized Fuzzing IOKit in iOS |
|
Graeber
|
Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor |
|
Bazhaniuk,
Bulygin,
Gorobets,
Matrosov
|
Attacking Hypervisors Using Firmware and Hardware |
|
Fillmore
|
Crash & Pay: How to Own and Clone Contactless Payment Devices |
|
Gaddam
|
Securing Your Big Data Environment |
|
Bankston,
Brown,
Engle,
Ford,
Hammell
|
Panel: Getting It Right: Straight Talk on Threat & Information Sharing |
|
Daugherty
|
Behind the Mask: The Agenda Tricks and Tactics of the Federal Trade Commission as they Regulate Cybersecurity |
|
| 17:30 |
Ashbel,
Siman
|
The Nodejs Highway: Attacks are at Full Throttle |
Talmat
|
Subverting Satellite Receivers for Botnet and Profit |
|
Long
|
Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware |
|
Yu
|
Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical Security |
|
Dalman,
Hantke
|
Commercial Mobile Spyware - Detecting the Undetectable |
|
Jakobsson,
Yen
|
How Vulnerable are We to Scams? |
|
Silvanovich
|
Attacking ECMAScript Engines with Redefinition |
|
Losev,
Mellen,
Moore
|
Mobile Point of Scam: Attacking the Square Reader |
|
Choi,
Park
|
THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware |
| 09:00 |
Huang,
Liu,
Wang,
Zhang
|
The Applications of Deep Learning on Traffic Identification |
McAtee,
Morris
|
CrackLord: Maximizing Password Cracking Boxes |
|
Larsen
|
Remote Physical Damage 101 - Bread and Butter Attacks |
|
Shen
|
Attacking Your Trusted Core: Exploiting Trustzone on Android |
|
Castro,
Chow,
Diquet
|
TrustKit: Code Injection on iOS 8 for the Greater Good |
|
Ntantogian,
Poulios,
Xenakis
|
ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion |
|
Smith
|
My Bro the ELK: Obtaining Context from Security Events |
|
Vandevanter
|
Exploiting XXE Vulnerabilities in File Parsing Functionality |
|
Hizver
|
Taxonomic Modeling of Security Threats in Software Defined Networking |
|
| 09:45 |
Ionescu
|
Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture |
Morgan,
Morgan
|
Web Timing Attacks Made Practical |
|
Pitts
|
Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware |
|
Ossmann
|
The NSA Playset: A Year of Toys and Tools |
|
Domas
|
The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation |
|
Gilger,
Kozy
|
Bringing a Cannon to a Knife Fight |
|
Bashan,
Bobrov
|
Certifi-gate: Front-Door Access to Pwning Millions of Androids |
|
Brooks,
Bryant
|
Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS |
|
Aharoni
|
The Kali Linux Dojo Workshop #1: Rolling Your Own - Generating Custom Kali Linux 20 ISOs |
|
| 11:00 |
King
|
Taking Event Correlation with You |
Baseggio,
Evenchick
|
Breaking Access Controls with BLEKey |
|
Anderson,
Cardozo,
Desautels,
Moussouris,
Zetter,
Zovi
|
Panel: How the Wassenaar Arrangements Export Control of Intrusion Software Affects the Security Industry |
|
Klein,
Peters
|
Defeating Machine Learning: What Your Security Vendor is Not Telling You |
|
Xu
|
Ah! Universal Android Rooting is Back |
|
Kubecka
|
How to Implement IT Security After a Cyber Meltdown |
|
Crane,
Homescu,
Liebchen,
Sadeghi
|
Return to Where? You Cant Exploit What You Cant Find |
|
Pickett
|
Staying Persistent in Software Defined Networks |
|
The Kali Linux Dojo Workshop #2: Kali USB Setups with Persistent Stores and LUKS Nuke Support |
||
| 12:10 |
Klick,
Lau,
Malchow,
Marzin,
Roth
|
Internet-Facing PLCs - A New Back Orifice |
Barisani,
Bianco
|
Forging the USB Armory an Open Source Secure Flash-Drive-Sized Computer |
|
Mayorkas
|
Information Access and Information Sharing: Where We are and Where We are Going |
|
Zadeh
|
From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning and the SOC |
|
Wei,
Zhang
|
Fingerprints on Mobile Devices: Abusing and Leaking |
|
Strobl,
Zillner
|
ZigBee Exploited the Good the Bad and the Ugly |
|
Zhang
|
Bypass Control Flow Guard Comprehensively |
|
Evron,
Sher,
Sysman
|
Breaking Honeypots for Fun and Profit |
|
Hubbard,
Toonk
|
BGP Stream |
|
| 14:30 |
Hanif,
Lengyel,
Webster
|
Internet-Scale File Analysis |
Auger,
Sandvik
|
When IoT Attacks: Hacking a Linux-Powered Rifle |
|
Jaffer,
Jaycox
|
Is the NSA Still Listening to Your Phone Calls? A Surveillance Debate: Congressional Success or Epic Fail |
|
Bell
|
Automated Human Vulnerability Scanning with AVA |
|
Conti,
Cross,
Raymond
|
Pen Testing a City |
|
Davis
|
Broadcasting Your Attack: Security Testing DAB Radio in Cars |
|
Weinmann
|
Assessing and Exploiting BigNum Vulnerabilities |
|
Yason
|
Understanding the Attack Surface and Attack Resilience of Project Spartans New EdgeHTML Rendering Engine |
|
Chen,
Wang,
XU
|
Review and Exploit Neglected Attack Surfaces in iOS 8 |
|
| 15:50 |
Hudson,
Kallenberg,
Kovah
|
ThunderStrike 2: Sith Strike |
Arnaboldi
|
Abusing XSLT for Practical Attacks |
|
Krotofil
|
Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion |
|
Thomas
|
Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card |
|
Forshaw
|
Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities |
|
Davis,
Wolff
|
Deep Learning on Disassembly |
|
Price
|
HI THIS IS URGENT PLZ FIX ASAP: Critical Vulnerabilities and Bug Bounty Programs |
|
Kruegel,
Shoshitaishvili
|
Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware |
|
Mulliner,
Neugschwandtner
|
Breaking Payloads with Runtime Code Stripping and Image Freezing |
|
| 17:00 |
Nafeez
|
Dom Flow - Untangling the DOM for More Easy-Juicy Bugs |
Gong
|
Fuzzing Android System Services by Binder Call to Escalate Privilege |
|
Lakhotia,
Notani
|
Harnessing Intelligence from Malware Repositories |
|
Kirda
|
Most Ransomware Isnt as Complex as You Might Think |
|
Gorbaty,
Wang
|
FileCry - The New Age of XXE |
|
D'Antoine
|
Exploiting Out-of-Order Execution for Covert Cross-VM Communication |
|
Keenan
|
Hidden Risks of Biometric Identifiers and How to Avoid Them |
|
Choi
|
API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers |
|
Stump,
Wyler
|
Dance Like Nobodys Watching Encrypt Like Everyone Is: A Peek Inside the Black Hat Network |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.