| 09:00 |
Stamos
|
Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone |
| 10:30 |
Gil
|
Web Cache Deception Attack |
Staggs
|
Adventures in Attacking Wind Farm Control Networks |
|
Singh,
Thaware
|
Wire Me Through Machine Learning |
|
Wright
|
Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software |
|
Prandl
|
PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection Traffic Analysis and Beyond |
|
O'Flynn
|
Breaking Electronic Door Locks Like You're on CSI: Cyber |
|
Burnett
|
Ichthyology: Phishing as a Science |
|
Benameur,
Johnson,
Stavrou
|
All Your SMS & Contacts Belong to ADUPS & Others |
|
Ventura
|
They're Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention |
|
| 11:15 |
Gray,
Sommer,
Tran-Gia,
Zinner
|
FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches |
Cherepanov,
Lee,
Lipovsky,
Miller,
Slowik
|
Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid |
|
Cranor
|
Real Humans Simulated Attacks: Usability Testing with Attack Scenarios |
|
Feng,
Yang,
Zhou
|
Many Birds One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software |
|
Lake,
Trikalinou
|
Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller |
|
Bates,
Kunz
|
Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization |
|
Borgaonkar,
Hirschi,
Martin,
Park,
Seifert,
Shaik
|
New Adventures in Spying 3G and 4G Users: Locate Track & Monitor |
|
Butts,
Rios
|
When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices |
|
Grasso
|
The Avalanche Takedown: Landslide for Law Enforcement |
|
| 13:30 |
Jones,
Krug
|
Hacking Serverless Runtimes: Profiling AWS Lambda Azure Functions and More |
Schenk
|
Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging Write-What-Where Vulnerabilities in Creators Update |
|
Kacer,
Langlois
|
SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers' Lives Much Harder on Mobile Networks |
|
Hui,
Kaljurand,
Kleinwachter,
Moss,
Nye,
Woodcock
|
Challenges of Cooperation Across Cyberspace |
|
Randolph
|
Delivering Javascript to World+Dog |
|
Etemadieh,
Heres,
Hoang
|
Hacking Hardware with a \$10 SD Card Reader |
|
Kalinin,
Miller
|
The Active Directory Botnet |
|
Eissa
|
Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network |
|
Bursztein
|
How We Created the First SHA-1 Collision and What it Means for Hash Security |
|
| 14:40 |
Jurczyk
|
Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking |
Aumasson,
Romailler
|
Automated Testing of Crypto Software Using Differential Fuzzing |
|
Bazhaniuk,
Bulygin,
Furtak,
Gorobets
|
Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks |
|
Barenghi,
Continella,
Guagnelli,
Maggi,
Pasquale,
Zanero,
Zingaro
|
ShieldFS: The Last Word in Ransomware Resilient File Systems |
|
Alva,
McSweeny
|
So You Want to Market Your Security Product... |
|
Valtman
|
The Art of Securing 100 Products |
|
Shortridge
|
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game |
|
Robbins,
Schroeder
|
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors |
|
Ossmann,
Spill
|
What's on the Wireless? Automating RF Signal Identification |
|
| 16:00 |
Santamarta
|
Go Nuclear: Breaking Radiation Monitoring Devices |
Meer,
Slaviero
|
Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud) |
|
Beddome,
Gibler
|
Developing Trust and Gitting Betrayed |
|
Barbosa,
Chun
|
Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev |
|
Coltel,
Provost
|
WSUSpendu: How to Hang WSUS Clients |
|
Neuman,
Osborn
|
White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data |
|
Kettle
|
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface |
|
Olson,
Sanders
|
What They're Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs |
|
Leong,
Wan
|
Evilsploit – A Universal Hardware Hacking Toolkit |
|
| 17:05 |
Brown,
Mazurov
|
Protecting Visual Assets: Digital Image Counter-Forensics |
Radocea
|
Intercepting iCloud Keychain |
|
Wardle
|
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server |
|
Blaich,
Ruthven
|
Fighting Targeted Malware in the Mobile Ecosystem |
|
Brandstetter
|
(in)Security in Building Automation: How to Create Dark Buildings with Light Speed |
|
Bursztein,
Invernizzi,
McRoberts
|
Tracking Ransomware End to End |
|
McGrew
|
Protecting Pentests: Recommendations for Performing More Secure Tests |
|
Ablon
|
Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits |
|
Sanders
|
Garbage In Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data |
|
| 18:30 |
Zovi
|
Pwnie Awards |
| 09:00 |
Yunusov
|
The Future of ApplePwn - How to Save Your Money |
Compagno,
Conti,
Lain,
Tsudik
|
Skype & Type: Keystroke Leakage over VoIP |
|
Be'ery,
Maor
|
The Industrial Revolution of Lateral Movement |
|
Bone,
Wysopal
|
Influencing the Market to Improve Security |
|
Cvrcek,
Danezis,
Mavroudis,
Svenda
|
OpenCrypto: Unchaining the JavaCard Ecosystem |
|
Suiche
|
The Shadow Brokers – Cyber Fear Game-Changers |
|
Anderson
|
Bot vs. Bot for Evading Machine Learning Malware Detection |
|
Ziv
|
Escalating Insider Threats Using VMware's API |
|
Hypponen
|
The Epocholypse 2038: What's in Store for the Next 20 Years |
|
| 09:45 |
Kang,
LI,
Pan,
Wang,
Yang
|
Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound |
Harvey
|
Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity |
|
Prado,
Price,
Valentine
|
Fad or Future? Getting Past the Bug Bounty Hype |
|
Knopf
|
Redesigning PKI to Solve Revocation Expiration and Rotation Problems |
|
Pfoh,
Vogl
|
rVMI: A New Paradigm for Full System Analysis |
|
Artenstein
|
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets |
|
Huang,
Li,
Shan,
Yang,
Zheng
|
'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback |
|
Mittal
|
Evading Microsoft ATA for Active Directory Domination |
|
Zovi
|
Datacenter Orchestration Security and Insecurity: Assessing Kubernetes Mesos and Docker at Scale |
|
| 11:00 |
Ablon,
Healey,
Herr,
Moussouris,
Zetter
|
Bug Collisions Meet Government Vulnerability Disclosure |
Gostomelsky
|
Hunting GPS Jammers |
|
Lackey
|
Practical Tips for Defending Web Applications in the Age of DevOps |
|
Maggi,
Pogliani,
Polino,
Quarta,
Zanchettin,
Zanero
|
Breaking the Laws of Robotics: Attacking Industrial Robots |
|
Swami
|
Intel SGX Remote Attestation is Not Sufficient |
|
Dods
|
Infecting the Enterprise: Abusing Office365+Powershell for Covert C2 |
|
Vishwanath
|
Why Most Cyber Security Training Fails and What We Can Do About it |
|
Bianco,
Lee
|
Go to Hunt Then Sleep |
|
Kotowicz,
Lekies,
Vela
|
Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets |
|
| 12:10 |
Tarakanov
|
Exploitation of Kernel Pool Overflow on Microsoft Windows 10 DKOM/DKOHM is Back in DKOOHM! Direct Kernel Optional Object Header Manipulation |
Cohen
|
Game of Chromes: Owning the Web with Zombie Chrome Extensions |
|
Kralevich
|
Honey I Shrunk the Attack Surface – Adventures in Android Security Hardening |
|
Goodale,
Zatko
|
Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard |
|
Pomonis
|
kR\^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse |
|
Jeon,
Jung,
Kim,
Wolotsky,
Yun
|
AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically |
|
Nichols
|
Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization |
|
Du,
Liu,
Nie
|
Free-Fall: Hacking Tesla from Wireless to CAN Bus |
|
Audebert,
Bursztein,
Picod
|
Attacking Encrypted USB Keys the Hard(ware) Way |
|
| 14:30 |
Lundgren
|
Taking Over the World Through MQTT - Aftermath |
Johnson
|
Evolutionary Kernel Fuzzing |
|
Branco,
Monroe,
Zimmer
|
Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities |
|
Silvanovich
|
The Origin of Array \[@@species\]: How Standards Drive Bugs in Script Engines |
|
Krotofil
|
Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process |
|
Mirosh,
Muñoz
|
Friday the 13th: JSON Attacks |
|
Nakibly
|
Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices) |
|
Antoniewicz,
Foley
|
Exploit Kit Cornucopia |
|
Shen
|
Defeating Samsung KNOX with Zero Privilege |
|
| 15:50 |
Carettoni
|
Electronegativity - A Study of Electron Security |
Vanhoef
|
WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake |
|
Cherny,
Dulce
|
Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers |
|
Ermolov,
Evdokimov,
Malyutin
|
Intel AMT Stealth Breakthrough |
|
Bazhaniuk,
Bulygin
|
Blue Pill for Your Phone |
|
Müller
|
Exploiting Network Printers |
|
Giuliano,
Spaulding
|
Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions |
|
Keliris,
Konstantinou,
Maniatakos
|
And Then the Script-Kiddie Said Let There be No Light. Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors? |
|
Grange
|
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits |
|
| 17:00 |
Bohannon,
Holmes
|
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science |
Jin,
Luo,
Ouyang,
Xu
|
IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices |
|
Chung,
Fratantonio,
Lee,
Qian
|
Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop |
|
AASSAL
|
Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS |
|
Mahjoub,
Passwaters,
Rodriguez
|
RBN Reloaded - Amplifying Signals from the Underground |
|
Domas
|
Breaking the x86 Instruction Set |
|
Tsai
|
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! |
|
Matrosov
|
Betraying the BIOS: Where the Guardians of the BIOS are Failing |
|
Klein,
Kotler
|
The Adventures of AV and the Leaky Sandbox |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.