3rd Annual Metasploit Townhall

Active Defense for web apps

Advanced Threat Hunting

Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences

An ACE in the Hole: Stealthy Host Persistence via Security Descriptors

Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match

A New Take at Payload Generation: Empty-Nest

A presentation or presentations because...

Architecture at Scale – Save time. Reduce spend. Increase security.

Become the Puppet Master - the battle of cognition between man and machine

Beyond xp_cmdshell

Blue Team Keeping Tempo with Offense

Bots, Trolls, and Warriors

Building a full size CNC for under $500

Building Better Backdoors with WMI

Building Google for Criminal Enterprises

Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)

Burping for Joy and Financial Gain

C2 Channels - Creative Evasion

changeme: A better tool for hunting default creds

CHIRON - Home based ML IDS

Closing Ceremony

Common Assessment Mistakes Pen Testers and Clients Should Avoid

CredDefense Toolkit

DanderSpritz: How the Equation Group's 2013 tools pwn in 2017

Data Mining Wireless Survey Data with ELK

Defending against PowerShell Attacks

Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online

Detect Me If You Can

DFIR Redefined

Diary of a Security Noob

Digital Vengeance: Exploiting the Most Notorious C&C Toolkits

Drone Delivered Attack Platform (DDAP)

EDR, ETDR, Next Gen AV is all the rage, so why am I enraged?

Evading Autoruns

Everything I Need To Know About Security I Learned From Watching Kung Fu Movies

Extending Burp

Eye on the Prize

Fileless Malware - The New “Cyber”

FM, and Bluetooth, and Wifi... Oh My!

Full-Contact Recon

Further Adventures in Smart Home Automation: Honey, Please Don’t Burn Down Your Office

Game On! Using Red Team to Rapidly Evolve Your Defenses

Going Deep and Empowering Users - PCAP Utilities and Combating Phishing in a new way

Gone In 59 Seconds - High Speed Backdoor Injection via Bootable USB

Hacking Blockchains

Hacking VDI, Recon and Attack Methods

Here Be Dragons: The Unexplored Land of Active Directory ACLs

Hidden Treasure: Detecting Intrusions with ETW

How to Hunt for Lateral Movement on Your Network

How to KickStart a Drone JailBreaking Scene

How to Measure Your Security: Holding Security Vendors Accountable

How to safely conduct shenanigans

How we accidentally created our own RAT/C2/Distributed Computing Network

Hunting for Memory-Resident Malware

Hunting Lateral Movement for Fun and Profit

IDAPython: The Wonder Woman of Embedded Device Reversing

I had my mom break into a prison, then we had pie.

Improv Comedy as a Social Engineering Tool

Introducing DeepBlueCLI v2, now available in PowerShell and Python

Introducing SpyDir - a BurpSuite Extension

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niques') -Join'')

IoT Security – Executing an Effective Security Testing Process

I Survived Ransomware . . . TWICE

I want my EIP

JReFrameworker: One Year Later

Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools

Kali Linux?

Kinetic to Digital: Terrorism in the Digital Age

Love is in the Air - DFIR and IDS for WiFi Networks

MacOS host monitoring - the open source way

Memory-Based Library Loading: Someone Did That Already.

MitM Digital Subscriber Lines

Mobile APTs: A look at nation-state attacks and techniques

Modern Evasion Techniques

(Mostly) Free Defenses Against the Phishing Kill Chain

Not a Security Boundary: Bypassing User Account Control

Opening Ceremonies

Out With the Old, In With the GNU

Peekaboo! I Own You. Owning Hundreds of Thousands Vulnerable Devices with only two HTTP packets

Personalities disorders in the infosec community

Phishing for You and Your Grandma!

POP POP RETN ; An Introduction to Writing Win32 Shellcode

PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10

Purple team FAIL!

Purpose Driven Hunt: What do I do with all this data?

Python Static Analysis

Rapid Incident Response with PowerShell

Reaching Across the Isle: Improving Security Through Partnership

Regular Expressions (Regex) Overview

Retail Store/POS Penetration Testing

Return From The Underworld - The Future Of Red Team Kerberos

Reverse Engineering Hardware via the HRES

Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science

Run your security program like a boss / practical governance advice

Securing Windows with Group Policy

Securing Your Network

Shellcode Via VBScript/JScript Implications

SniffAir – An Open-Source Framework for Wireless Security Assessments

So you want to be a Social Engineer

Spy vs. Spy - Tip from the trenches for red and blue teams

Statistics on 100 million secrets: A look at recent password dumps

Steel Sharpens Steel: Using Red Teams to improve Blue Teams

Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research

TBD

The Current State of Security, an Improv-spection

The .NET Inter-Operability Operation

The skills gap: how can we fix it?

The Trap House

To Catch a Spy

Tracing Adversaries: Detecting Attacks with ETW

V!4GR4: Cyber-Crime, Enlarged

Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.

VMware Escapology: How to Houdini The Hypervisor

War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better

Web Application testing - approach and cheating to win

We're going on a Threat Hunt, Gonna find a bad-guy.

What A Long Strange Trip It’s Been

When IoT Research Matters

When to Test, and How to Test It

Windows Event Logs -- Zero 2 Hero

Windows Rootkit Development: Python prototyping to kernel level C2

Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags