Talks

1

• 101 ways to fail at getting value out of your investments in security analytics, and how not to do that

A

• Abusing Password Reuse at Scale: Bcrypt and Beyond

• Active Directory Password Blacklisting

• Advanced APT Hunting with Splunk

• Advanced Wireless Attacks Against Enterprise Networks

• A Good Day to Die? IoT End of Life

• All Your Cloud Are Belong To Us - Hunting Compromise in Azure

• Anatomy of NTLMv1/NTLMv1-SSP

• An Encyclopedia of Wiretaps

• An Introduction to Machine Learning and Deep Learning

• Another one bites the dust: Failed experiments in infrastructure security analytics and lessons learned from fixing them

• A peek into the cyber security of the aviation Industry.

• Applied Quantitative Risk Analysis

• Arbitrary Albatross: Neutral Names for Vulnerabilities at Volume

• Ask The EFF

• Attack & Defense in AWS Environments

• Attacking Ethereum dApps

• ATT&CKing; the Status Quo: Improving Threat Intel and Cyber Defense with MITRE ATT&CK;

B

• Building ambassadors to reduce friction, drive change, and get sh*t done

• Building A Teaching / Improvement Focused SOC

• Bypassing Antivirus Engines using Open Sourced Malleable C2 Software, MSFVenom, Powershell and a bit of Guile

C

• Can data science deal with PAM?

• Catch me, Yes we can! -Pwning Social Engineers using Natural Language Processing Techniques in real-time

• Cavalry is ALL OF US

• Cold Case Cyber Investigations: Catfishing Cooper and Other Ops

• Community Career Panel or How to Get More than a TShirt Working at a Con

• Cruising the MJ Freeway: Examining a large breach in legal Cannabis

• CVE CVSS NVD OMGWTFBBQ

• Cyber Safety Disclosure

D

• Decision Analysis Applications in Threat Analysis Frameworks

• Deep Dive into NMAP & Network Scanning

• Deploying WebAuthn at Dropbox Scale: Second Factor and Beyond

(

• (De)Serial Killers

D

• Disabling Encryption to Access Confidential Data

• Don't Bring Me Down: Are You Ready for Weaponized Botnets?

E

• Endpoint Monitoring with Osquery and Kolide Fleet

• Engaging Policymakers at the State Level

• Engaging the Media: Know Your Target

• Engaging the Media: Telling Your Story

• Evil Mainframe Hacking Mini

F

• Fast-track your Hacking Career – Why Take The Slow Lane?

• Fighting Fraud in the Trenches

• Firmware Security 101

• From Hacker to Serial Entreprenuer

G

• Get on the Eye Level: Tailoring the Security Talk

• Guardians of GitHub

H

• Hackademia: The 2018 Literature Review

• Hacking the Public Policy API

• Ham Crams and Exams

• Hillbilly Storytime - Pentest Fails

• How A Fortune 500 Company Suppressed Our Research Through Legal Threats

• How I Met Your Password

• How to Start a Cyber War: Lessons from Brussels -EU Cyber Warfare Exercises

I

• Implementing the Three Cs of Courtesy, Clarity, and Comprehension to Optimize End User Engagement

• Incorporating Human Intelligence (HUMINT) into An Information Security Team

• Increasing Retention Capacity

• Introduction to Cryptographic Attacks

• Intro Session

• Intro to Industrial Control System Network Analysis

• Invoke-NoShell

• iOS Runtime Hacking Crash Course

J

• JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else

K

• Keynote Q&A; and Meet & Greet with Jim Christy

L

• Legendary Defender - The Voltron Analogy

• Lesley Carhart Kicks Off Hire Ground

• Lessons Learned by the WordPress Security Team

• LibreSSL - Moving the Ecosystem Forward

• Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era

M

• Mobile Application Hacking - Master Class

• Modern Political Warfare: A Look at Strategy and TTPs

N

• Network Security Monitoring

• Not your Grandpa's Password Policy

• Not your Mother's Honeypot - Another name for Threat Intel

O

• Overlooked tactics for attacking hardened Active Directory environment

P

• Pacu: Attack and Post-Exploitation in AWS

• PowerShell Classification: Life, Learning, and Self-Discovery

R

• Ransombile, yet another reason to ditch SMS

• Redefining the Hacker

• Red Teaming a Manufacturing Network (Without Crashing It)

• Resume Review & Career Coaching

S

• Securing Robots at Scale

• Security and DevOps are really Best Friends

• Security Awareness Training Refresh

• Serverless Infections: Malware Just Found a New Home

• Sight beyond sight: Detecting phishing with computer vision.

• SiliVaccine: North Korea's Weapon of Mass Detection

• Smart Contracts: Hello World

• Snake Oil & The Security Industry

• Social engineering at scale, for fun

• Solving for Somebody Else's Problem: Hacking Devs for Better Security

• Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification

• Stupid Hacker Tricks: Bridging Airgaps and Breaking Data Diodes

T

• TBD

• That Buzzword Bingo Rapid Debates Panel Thing

• The Best of Security BSides Now and Then: Ten Years of Mixes

• The Chrome Crusader

• The current state of adversarial machine learning

• The Effect of Constraints on the Number of Viable Permutations of Passwords

• The Key to Managing High Performance Security Teams

• The Long Way Around – from Software Engineering to Cyber Security (How Choosing Wrong Turned out to be Right)

• Tracking Malicious Logon: Visualize and Analyze Active Directory Event Logs

• Transforming Industries for Fun and Safety

• Treble or Trouble: Where Android's latest security enhancements help, and where they fail

• Tuning The Warp Drive with Laforge: New Tool for Building Security Competitions

• Turning (Page) Tables - Bypassing advanced kernel mitigations using page tables manipulations

U

• Unifying the Kill Chain

• Using Lockpicking to Teach Authentication Concepts

V

• Vulnerability Management 101: Practical Experience and Recommendations

W

• Watch Out For That Bus! (Personal Disaster Recovery Planning)

• What Did We Learn from Today? (Recruiter Panel)

• What is Agile and how can I use it well?

• Where are the reinforcements?

• Who Maed Dis; A beginners guide to malware provenance based on compiler type.

• Who Wants to Be A Regulator: The IoT Security Game Show

• Who Watches the Watchers?: Understanding the Internet's Background Noise

• Why Can't We Be Friends? (Get Spotted With A Fed)

• Windows Internals and Local Attack Surface Analysis using Powershell

Y

• You're Good and You Should Feel Good

• You're just complaining because you're guilty: A Guide for Citizens and Hackers to Adversarial Testing of Software Used In the Criminal Justice System

• Your taxes are being leaked