2017-07-29

10:00

• Persisting with Microsoft Office: Abusing Extensibility Options

• $BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning?

• Get-$pwnd: Attacking Battle-Hardened Windows Server

• The spear to break the security wall of S7CommPlus

• Welcome - Saturday

10:20

• Breaking Wind: Adventures in Hacking Wind Farm Control Networks

• WSUSpendu: How to hang WSUS clients

• (Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging.

10:30

• The Surveillance Capitalism Will Continue Until Morale Improves

11:00

• Microservices and FaaS for Offensive Security

• Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices

• If You Give a Mouse a Microchip... It will execute a payload and cheat at your high-stakes video game tournament

• Evading next-gen AV using artificial intelligence

• WS: Implementing An Elliptic Curve in Go

11:20

• Abusing Webhooks for Command and Control

• All Your Things Are Belong To Us

11:30

• Privacy is Not An Add-On: Designing for Privacy from the Ground Up

12:00

• Driving down the rabbit hole

• When Privacy Goes Poof! Why It's Gone and Never Coming Back

• DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent

• Operational Security Lessons from the Dark Web

12:30

• WS: Secrets Management in the Cloud

13:00

• Demystifying Windows Kernel Exploitation by Abusing GDI Objects.

• Koadic C3 - Windows COM Command & Control Framework

• Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits

• A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego

• The Symantec/Chrome SSL debacle - how to do this better...

14:00

• Attacking Autonomic Networks

• Trojan-tolerant Hardware & Supply Chain Security in Practice

• Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles

• XenoScan: Scanning Memory Like a Boss

• Have you seen my naked selfies? Neither has my snoopy boyfriend. Pr

• WS: SECURE COMMUNICATIONS IN ANDROID WITH TLS/SSL

15:00

• MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt)

• Tracking Spies in the Skies

• DOOMed Point of Sale Systems

• Digital Vengeance: Exploiting the Most Notorious C&C Toolkits

• DC to DEF CON: Q&A with Congressmen James Langevin and Will Hurd

• Yet another password hashing talk

15:30

• Core Illumination: Traffic Analysis in Cyberspace

16:00

• Dealing the perfect hand - Shuffling memory blocks on z/OS

• From "One Country - One Floppy" to "Startup Nation" - the story of the early days of the Israeli hacking community, and the journey towards today's vibrant startup scene

• CableTap: Wirelessly Tapping Your Home Network

• Game of Drones: Putting the Emerging "Drone Defense" Market to the Test

• rustls: modern\, fast\, safer TLS

17:00

• Here to stay: Gaining persistency by abusing advanced authentication mechanisms

• Taking Windows 10 Kernel Exploitation to the next level - Leveraging write-what-where vulnerabilities in Creators Update

• Introducing HUNT: Data Driven Web Hacking & Manual Testing

• Popping a Smart Gun

• Blue Team TLS Hugs

17:30

• Automated Testing using Crypto Differential Fuzzing (DO NOT RECORD)

20:00

• Panel - Meet the Feds (who care about security research)

• D0 No H4RM: A Healthcare Security Conversation