1000 Ways to Die in Mobile OAuth

Abusing Bleeding Edge Web Standards for AppSec Glory

Access Keys Will Kill You Before You Kill the Password

Account Jumping Post Infection Persistency & Lateral Movement in AWS

Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits

Advanced CAN Injection Techniques for Vehicle Networks

AirBnBeware: Short Term Rentals Long Term Pwnage

A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land

A Lightbulb Worm?

AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It

An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network

Analysis of the Attack Surface of Windows 10 Virtualization-Based Security

An Inconvenient Trust: User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems

An Insider's Guide to Cyber-Insurance and Security Guarantees

Applied Machine Learning for Data Exfil and Other Fun Topics

A Retrospective on the Use of Export Cryptography

Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking?

Augmenting Static Analysis Using Pintool: Ablation

AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion

Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions

BadTunnel: How Do I Get Big Brother Power?

badWPAD

Behind The Scenes of iOS Security

Beyond the MCSE: Active Directory for the Security Professional

Blunting the Phisher's Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges

Breaking FIDO: Are Exploits in There?

Breaking Hardware-Enforced Security with Hypervisors

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX

Breaking Payment Points of Interaction (POI)

Brute-Forcing Lockdown Harddrive PIN Codes

Building a Product Security Incident Response Team: Learnings from the Hivemind

Building Trust & Enabling Innovation for Voice Enabled IoT

Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud

CANCELLED - How to Build the Immune System for the Internet

CANSPY: A Platform for Auditing CAN Devices

Can You Trust Me Now? An Exploration into the Mobile Threat Landscape

Captain Hook: Pirating AVs to Bypass Exploit Mitigations

Capturing 0day Exploits with PERFectly Placed Hardware Traps

Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable

Crippling HTTPS with Unholy PAC

Crumbling the Supercookie and Other Ways the FCC Protects Your Internet Traffic

Cunning with CNG: Soliciting Secrets from Schannel

Cyber War in Perspective: Analysis from the Crisis in Ukraine

Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization

Dark Side of the DNS Force

Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace

Demystifying the Secure Enclave Processor

Design Approaches for Security Automation

Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf

Does Dropping USB Drives in Parking Lots and Other Places Really Work?

DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes

Drone Attacks on Industrial Wireless: A New Front in Cyber Security

Dungeons Dragons and Security

Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness

GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool

GreatFET: Making GoodFET Great Again

Hacking Next-Gen ATMs: From Capture to Cashout

Hackproofing Oracle eBusiness Suite

Hardening AWS Environments and Automating Incident Response for AWS Compromises

HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows

$hell on Earth: From Browser to System Compromise

Horse Pill: A New Type of Linux Rootkit

HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things

HTTP Cookie Hijacking in the Wild: Security and Privacy Implications

I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache

Into The Core - In-Depth Exploration of Windows 10 IoT Core

Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI

Investigating DDOS - Architecture Actors and Attribution

Iran's Soft-War for Internet Dominance

Keystone Engine: Next Generation Assembler Framework

Language Properties of Phone Scammers: Cyberdefense at the Level of the Human

Measuring Adversary Costs to Exploit Commercial Software: The Government- Bootstrapped Non-Profit C.I.T.L.

Memory Forensics Using Virtual Machine Introspection for Cloud Computing

Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications

OSS Security Maturity: Time to Put On Your Big Boy Pants!

Ouroboros: Tearing Xen Hypervisor with the Snake

Over the Edge: Silently Owning Windows 10's Secure Browser

Pangu 9 Internals

Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network

PINdemonium: A DBI-Based Generic Unpacker for Windows Executable

PLC-Blaster: A Worm Living Solely in the PLC

Pwning Your Java Messaging with Deserialization Vulnerabilities

Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy

Samsung Pay: Tokenized Numbers Flaws and Issues

Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools

Security Through Design - Making Security Better by Designing for People

SGX Secure Enclaves in Practice: Security and Crypto Review

Side-Channel Attacks on Everyday Applications

Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root

TCP Injection Attacks in the Wild - A Large Scale Study

The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android

The Art of Reverse Engineering Flash Exploits

The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM

The Hidden Architecture of our Time: Why This Internet Worked How We Could Lose It and the Role Hackers Play

The Linux Kernel Hidden Inside Windows 10

The Remote Malicious Butler Did It!

The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack

The Tao of Hardware the Te of Implants

The Year in Flash

Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks

Towards a Holistic Approach in Building Intelligence to Fight Crimeware

Understanding HL7 2.x Standards Pen Testing and Defending HL7 2.x Messages

Unleash the Infection Monkey: A Modern Alternative to Pen-Tests

Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency

Using EMET to Disable EMET

Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process

Viral Video - Exploiting SSRF in Video Converters

VOIP WARS: The Phreakers Awaken

Watching Commodity Malware Get Sold to a Targeted Actor

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter

Web Application Firewalls: Analysis of Detection Logic

What's the DFIRence for ICS?

When Governments Attack: State Sponsored Malware Attacks Against Activists Lawyers and Journalists

When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement

Windows 10 Mitigation Improvements

Windows 10 Segment Heap Internals

Xenpwn: Breaking Paravirtualized Devices