• 09:00

  • Every Security Team is a Software Team Now

    Dino Dai Zovi
    Wed, 09:00 - 10:00
    Mandalay Bay Events Center
  • 10:30

  • Legal GNSS Spoofing and its Effects on Autonomous Vehicles

    Victor Murray
    Wed, 10:30 - 10:55
    Breakers GHI

  • Biometric Authentication Under Threat: Liveness Detection Hacking

    Yu Chen, Bin Ma, Zhuo Ma
    Wed, 10:30 - 10:55
    Islander EI

  • Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone

    Xiling Gong, Peter Pi
    Wed, 10:30 - 10:55
    Islander FG

  • A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works

    Sze Yiu Chau
    Wed, 10:30 - 10:55
    Jasmine

  • Detecting Deep Fakes with Mice

    Alex Comerford, Jonathan Saunders, George Williams
    Wed, 10:30 - 10:55
    Lagoon GHI

  • ClickOnce and You're in - When Appref-ms Abuse is Operating as Intended

    William Burke
    Wed, 10:30 - 10:55
    Lagoon JKL

  • SSO Wars: The Token Menace

    Oleksandr Mirosh, Alvaro Munoz
    Wed, 10:30 - 10:55
    South Pacific

  • Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically

    Wenxu Wu
    Wed, 10:30 - 10:55
    South Seas ABE

  • Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception

    Gabriele Fisher, Luke Valenta
    Wed, 10:30 - 10:55
    South Seas CDF
  • 11:15

  • PicoDMA: DMA Attacks at Your Fingertips

    Ben Blaxill, Joel Sandin
    Wed, 11:15 - 12:05
    Breakers GHI

  • The Most Secure Browser? Pwning Chrome from 2016 to 2019

    Zhen Feng, Gengming Liu
    Wed, 11:15 - 12:05
    Islander EI

  • Attacking Electric Motors for Fun and Profit

    Matthew Jablonski, Duminda Wijesekera
    Wed, 11:15 - 12:05
    Islander FG

  • APIC's Adventures in Wonderland

    Frank Block, Oliver Matula
    Wed, 11:15 - 12:05
    Jasmine

  • Dragonblood: Attacking the Dragonfly Handshake of WPA3

    Mathy Vanhoef
    Wed, 11:15 - 12:05
    Lagoon GHI

  • Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

    Joe Bialek
    Wed, 11:15 - 12:05
    Lagoon JKL

  • Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)

    Sean Metcalf, Mark Morowczynski
    Wed, 11:15 - 12:05
    South Pacific

  • Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

    Oliver Bilodeau, Masarah Paquet-Clouston
    Wed, 11:15 - 12:05
    South Seas ABE

  • Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society

    Camille Francois, Eva Galperin, Bruce Schneier
    Wed, 11:15 - 12:05
    South Seas CDF
  • 13:30

  • Sensor and Process Fingerprinting in Industrial Control Systems

    Mujeeb Ahmed Chuadhry, Martin Ochoa
    Wed, 13:30 - 14:20
    Breakers GHI

  • Behind the Scenes of Intel Security and Manageability Engine

    Shai Hasarfaty, Yanai Moyal
    Wed, 13:30 - 14:20
    Islander EI

  • HTTP Desync Attacks: Smashing into the Cell Next Door

    James Kettle
    Wed, 13:30 - 14:20
    Islander FG

  • It's Not What You Know, It's What You Do: How Data Can Shape Security Engagement

    Masha Sedova, Aika Sengirbay
    Wed, 13:30 - 14:20
    Jasmine

  • I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy

    Matt Wixey
    Wed, 13:30 - 14:20
    Lagoon GHI

  • The Path Less Traveled: Abusing Kubernetes Defaults

    Ian Coldwater, Duffie Cooley
    Wed, 13:30 - 14:20
    Lagoon JKL

  • Cyber Insurance 101 for CISO’s

    Jeffrey Smith
    Wed, 13:30 - 14:20
    Mandalay Bay CD

  • New Vulnerabilities in 5G Networks

    Ravishankar Borgaonkar, Altaf Shaik
    Wed, 13:30 - 14:20
    South Pacific

  • Selling 0-Days to Governments and Offensive Security Companies

    Maor Shwartz
    Wed, 13:30 - 14:20
    South Seas ABE

  • All the 4G Modules Could be Hacked

    Shupeng Gao, Zheng Huang, Haikuo Xie, Zhang Ye
    Wed, 13:30 - 14:20
    South Seas CDF
  • 14:40

  • Worm Charming: Harvesting Malware Lures for Fun and Profit

    Pedram Amini
    Wed, 14:40 - 15:30
    Breakers GHI

  • Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs

    Meh Chang, Orange Tsai
    Wed, 14:40 - 15:30
    Islander EI

  • Chip.Fail - Glitching the Silicon of the Connected World

    Josh Datko, Thomas Roth
    Wed, 14:40 - 15:30
    Islander FG

  • Lessons From Two Years of Crypto Audits

    Jean-Philippe Aumasson
    Wed, 14:40 - 15:30
    Jasmine

  • Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone

    Natalie Silvanovich
    Wed, 14:40 - 15:30
    Lagoon GHI

  • Come Join the CAFSA - Continuous Automated Firmware Security Analysis

    Collin Mulliner
    Wed, 14:40 - 15:30
    Lagoon JKL

  • Integration of Cyber Insurance Into A Risk Management Program

    Jake Kouns
    Wed, 14:40 - 15:30
    Mandalay Bay CD

  • MITRE ATT&CK: The Play at Home Edition

    Ryan Kovar, Katie Nickels
    Wed, 14:40 - 15:30
    South Pacific

  • Responding to a Cyber Attack with Missiles

    Mikko Hypponen
    Wed, 14:40 - 15:30
    South Seas ABE

  • Finding a Needle in an Encrypted Haystack: Leveraging Cryptographic Abilities to Detect the Most Prevalent Attacks on Active Directory

    Marina Simakov, Yaron Zinar
    Wed, 14:40 - 15:30
    South Seas CDF
  • 16:00

  • Messaging Layer Security: Towards a New Era of Secure Group Messaging

    Benjamin Beurdouche, Katriel Cohn-Gordon, Raphael Robert
    Wed, 16:00 - 16:50
    Breakers GHI

  • The Cyber Shell Game – War, Information Warfare, and the Darkening Web

    Alexander Klimburg
    Wed, 16:00 - 16:50
    Islander EI

  • Hacking Your Non-Compete

    Brian Dykstra, Gregory Stone
    Wed, 16:00 - 16:50
    Islander FG

  • Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover

    Nick Landers
    Wed, 16:00 - 16:50
    Jasmine

  • Arm IDA and Cross Check: Reversing the Boeing 787's Core Network

    Ruben Santamarta
    Wed, 16:00 - 16:50
    Lagoon GHI

  • Internet-Scale Analysis of AWS Cognito Security

    Andres Riancho
    Wed, 16:00 - 16:50
    Lagoon JKL

  • How Do Cyber Insurers View The World?

    Matt Prevost
    Wed, 16:00 - 16:50
    Mandalay Bay CD

  • Controlled Chaos: The Inevitable Marriage of DevOps & Security

    Nicole Forsgren, Kelly Shortridge
    Wed, 16:00 - 16:50
    South Pacific

  • He Said, She Said – Poisoned RDP Offense and Defense

    Dana Baril, Eyal Itkin
    Wed, 16:00 - 16:50
    South Seas ABE

  • Hunting for Bugs, Catching Dragons

    Nicolas Joly
    Wed, 16:00 - 16:50
    South Seas CDF
  • 17:05

  • Transparency in the Software Supply Chain: Making SBOM a Reality

    Allan Friedman
    Wed, 17:05 - 17:30
    Breakers GHI

  • Reverse Engineering WhatsApp Encryption for Chat Manipulation and More

    Oded Vanunu, Roman Zaikin
    Wed, 17:05 - 17:30
    Islander EI

  • Detecting Malicious Files with YARA Rules as They Traverse the Network

    David Bernal
    Wed, 17:05 - 17:30
    Islander FG

  • PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary

    Dokyung Song
    Wed, 17:05 - 17:30
    Jasmine

  • Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing

    Jonathan Metzman
    Wed, 17:05 - 17:30
    Lagoon GHI

  • MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection

    Colin O'Flynn
    Wed, 17:05 - 17:30
    Lagoon JKL

  • Cybersecurity Risk Assessment for Safety-Critical Systems

    Ken Heffner, Daniel Johnson, Ly Vessels
    Wed, 17:05 - 17:30
    South Pacific

  • Deconstructing the Phishing Campaigns that Target Gmail Users

    Elie Bursztein, Daniela Oliveira
    Wed, 17:05 - 17:30
    South Seas ABE

  • Defense Against Rapidly Morphing DDOS

    Mikhail Fedorov, Mudit Tyagi
    Wed, 17:05 - 17:30
    South Seas CDF