0wn the Con

24/7 CTI: Operationalizing Cyber Threat Intelligence

A Code Pirate’s Cutlass: Recovering Software Architecture from Embedded Binaries

Ad-Laundering: Bribes & Backdoors

Advancing a Scientific Approach to Security Tool Evaluations with MITRE ATT&CK™

A Little Birdy Told Me About Your Warrants

Analyzing Shodan Images With Optical Character Recognition

A Tisket, a Tasket, a Dark Web Shopping Basket

Be an IoT Safety Hero: Policing Unsafe IoT through the Consumer Product Safety Commission

BECs and Beyond: Investigating and Defending Office 365

Behind Enemy Lines: Inside the operations of a nation state’s cyber program

Building and Selling Solo, an Open Source Secure Hardware Token

Closing Plenary: Between Two Moose

Closing Remarks

CryptoLocker Deep-Dive: Tracking security threats on the Bitcoin public ledger

Deconstructing DeFeNeStRaTe.C

Electronic Voting in 2018: Bad or Worse?

Encrypting the Web Isn’t Enough: How EFF Plans to Encrypt the Entire Internet

Équipe Rouge: The Ethics of Prosecuting An Offensive Security Campaign

Firemen vs. Safety Matches: How the current skills pipeline is wrong

Firetalks Closing

Firetalks Opening

Five-sigma Network Events (and how to find them)

Ground Truth: 18 vendors, 6000 firmware images, 2.7 million binaries, and a flaw in the Linux/MIPS stack

High Confidence Malware Attribution using the Rich Header

How the Press Gets Pwned

IMSI Catchers Demystified

Incident Response and the Attorney Client Privilege

Infosec and 9-1-1: When the Location of Your Emergency is in the Building

iPhone Surgery for the Practically Paranoid

IPv666: Address of the Beast

It’s 2019 and Special Agent Johnny Still Can’t Encrypt

Kinder Garten Security: Teaching the Pre-college Crowd

Looking for Malicious Hardware Implants with Minimal Equipment

Machine Learning Models that Predict Mental Health Status on Twitter and Their Privacy Implications

Mentoring the Intelligent Deviant: What the special operations and infosec communities can learn from each other

Opening Remarks, Rumblings, Ruminations, and Rants

Patchwerk: Kernel Patching for Fun and Profit

Post-quantum Crypto: Today’s defense against tomorrow’s quantum hacker

Process Control Through Counterfeit Comms: Using and Abusing Built-In Functionality to Own a PLC

Reversing SR-IOV For Fun and Profit

Security Response Survival Skills

Shut up and Listen

Social Network Analysis: A scary primer

Specialists versus Jack-Of-All-Trades

The APT at Home: The attacker that knows your mother’s maiden name

The Beginner’s Guide to the Musical Scales of Cyberwar

Three Ways DuckDuckGo Protects User Privacy While Getting Things Done (and how you can too)

Trip Wire(less)

Un-f*$#ing Cloud Storage Encryption

Weapons of Text Destruction

Whats the latest 411 on 419s?

Writing a Fuzzer for Any Language with American Fuzzy Lop