0wn the Con

afl-unicorn: Fuzzing the ‘Unfuzzable’

A Social Science Approach to Cybersecurity Education for all Disciplines

AWS Honey Tokens with SPACECRAB

Better Git Hacking: Extracting “Deleted” Secrets from Git Databases with Grawler

Bludgeoning Bootloader Bugs: No Write Left Behind

Building Absurd Christmas Light Shows

Building a GoodWatch

Catch Me If You Can: A Decade of Evasive Malware Attack and Defense

CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency

CITL — Quantitative, Comparable Software Risk Reporting

Closing Remarks

Cyberlaw: Year in Review

Deep Learning for Realtime Malware Detection

Defending Against Robot Attacks

Do as I Say, Not as I Do: Hacker Self Improvement and You

Don’t Ignore GDPR; It Matters Now!

Electronic Voting in 2018: Threat or Menace

Embedded Device Vulnerability Analysis Case Study Using TROMMEL

Everything You Wanted to Know About Creating an Insider Threat Program (But Were Afraid To Ask)

Getting Cozy with OpenBSM Auditing on MacOS … The Good, the Bad, & the Ugly

Hacking the News: an Infosec Guide to the Media, and How to Talk to Them

IoT RCE, a Study With Disney

Keynote

Libation Escalation — Scotch and Bubbles

Listing the 1337: Adventures in Curating HackerTwitter’s Institutional Knowledge

Nation-State Espionage: Hunting Multi-Platform APTs on a Global Scale

ODA: A Collaborative, Open Source Reversing Platform in the Cloud

OK Google, Tell Me About Myself

Opening Closed Systems with GlitchKit

Opening Remarks, Rumblings, Ruminations, and Rants

Pages from a Sword-Maker’s Notebook pt. II

Patching — It’s Complicated

Profiling and Detecting all Things SSL with JA3

Pseudo-Doppler Redux

radare2 in Conversation

Running a Marathon Without Breaking a Sweat? Forensic Manipulation of Fitness App Data

Saturday Night Party

Securing Bare Metal Hardware at Scale

ShmooCon Debates

SIGINT on a budget: Listening in, gathering data and watching–for less than $100

Skill Building By Revisiting Past CVEs

Someone is Lying to You on the Internet: Using Analytics to Find Bot Submissions in the FCC Net Neutrality Submissions

Stack Cleaning — A Quest in Hunting for FLIRT

Tap, Tap, Is This Thing On? Testing EDR Capabilities

That’s No Moon(shot)!

The Background Noise of the Internet

The First Thing We Do, Let’s Kill all the [CISOs]

The Friedman Tombstone — A Cipher in Arlington National Cemetery

This Is Not Your Grandfather’s SIEM

Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs

When CAN CANT

Your Cerebellum as an Attack Surface: How Does the Brain Stay Secure?

Your Defense is Flawed (it’s only kinda your fault)