The Hidden Architecture of our Time: Why This Internet Worked How We Could Lose It and the Role Hackers Play

Abusing Bleeding Edge Web Standards for AppSec Glory

Breaking Payment Points of Interaction (POI)

The Linux Kernel Hidden Inside Windows 10

Beyond the MCSE: Active Directory for the Security Professional

Capturing 0day Exploits with PERFectly Placed Hardware Traps

HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things

Can You Trust Me Now? An Exploration into the Mobile Threat Landscape

A Retrospective on the Use of Export Cryptography

Augmenting Static Analysis Using Pintool: Ablation

Hackproofing Oracle eBusiness Suite

Memory Forensics Using Virtual Machine Introspection for Cloud Computing

$hell on Earth: From Browser to System Compromise

Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root

A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land

Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness

Applied Machine Learning for Data Exfil and Other Fun Topics

Measuring Adversary Costs to Exploit Commercial Software: The Government- Bootstrapped Non-Profit C.I.T.L.

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Drone Attacks on Industrial Wireless: A New Front in Cyber Security

Towards a Holistic Approach in Building Intelligence to Fight Crimeware

Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools

Xenpwn: Breaking Paravirtualized Devices

Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits

HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows

CANSPY: A Platform for Auditing CAN Devices

GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool

Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable

An Insider's Guide to Cyber-Insurance and Security Guarantees

Pwning Your Java Messaging with Deserialization Vulnerabilities

Does Dropping USB Drives in Parking Lots and Other Places Really Work?

AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It

Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI

1000 Ways to Die in Mobile OAuth

Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy

I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache

Into The Core - In-Depth Exploration of Windows 10 IoT Core

Design Approaches for Security Automation

Crippling HTTPS with Unholy PAC

Access Keys Will Kill You Before You Kill the Password

Account Jumping Post Infection Persistency & Lateral Movement in AWS

Captain Hook: Pirating AVs to Bypass Exploit Mitigations

Using EMET to Disable EMET

Viral Video - Exploiting SSRF in Video Converters

GreatFET: Making GoodFET Great Again

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX

Watching Commodity Malware Get Sold to a Targeted Actor

Building a Product Security Incident Response Team: Learnings from the Hivemind

Unleash the Infection Monkey: A Modern Alternative to Pen-Tests

Security Through Design - Making Security Better by Designing for People

Brute-Forcing Lockdown Harddrive PIN Codes

Cyber War in Perspective: Analysis from the Crisis in Ukraine

Side-Channel Attacks on Everyday Applications

AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion

The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack