Writing a Fuzzer for Any Language with American Fuzzy Lop
The Beginner’s Guide to the Musical Scales of Cyberwar
High Confidence Malware Attribution using the Rich Header
CryptoLocker Deep-Dive: Tracking security threats on the Bitcoin public ledger
The APT at Home: The attacker that knows your mother’s maiden name
BECs and Beyond: Investigating and Defending Office 365
Process Control Through Counterfeit Comms: Using and Abusing Built-In Functionality to Own a PLC
Firemen vs. Safety Matches: How the current skills pipeline is wrong
Five-sigma Network Events (and how to find them)
Be an IoT Safety Hero: Policing Unsafe IoT through the Consumer Product Safety Commission
Ground Truth: 18 vendors, 6000 firmware images, 2.7 million binaries, and a flaw in the Linux/MIPS stack
Electronic Voting in 2018: Bad or Worse?
Trip Wire(less)
Advancing a Scientific Approach to Security Tool Evaluations with MITRE ATT&CK™
Analyzing Shodan Images With Optical Character Recognition
Social Network Analysis: A scary primer
Mentoring the Intelligent Deviant: What the special operations and infosec communities can learn from each other
Security Response Survival Skills
Three Ways DuckDuckGo Protects User Privacy While Getting Things Done (and how you can too)
A Little Birdy Told Me About Your Warrants
iPhone Surgery for the Practically Paranoid
Post-quantum Crypto: Today’s defense against tomorrow’s quantum hacker
A Tisket, a Tasket, a Dark Web Shopping Basket
A Code Pirate’s Cutlass: Recovering Software Architecture from Embedded Binaries
24/7 CTI: Operationalizing Cyber Threat Intelligence
Behind Enemy Lines: Inside the operations of a nation state’s cyber program
0wn the Con