The Future of ApplePwn - How to Save Your Money

Skype & Type: Keystroke Leakage over VoIP

The Industrial Revolution of Lateral Movement

Influencing the Market to Improve Security

OpenCrypto: Unchaining the JavaCard Ecosystem

The Shadow Brokers – Cyber Fear Game-Changers

Bot vs. Bot for Evading Machine Learning Malware Detection

Escalating Insider Threats Using VMware's API

The Epocholypse 2038: What's in Store for the Next 20 Years

Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound

Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity

Fad or Future? Getting Past the Bug Bounty Hype

Redesigning PKI to Solve Revocation Expiration and Rotation Problems

rVMI: A New Paradigm for Full System Analysis

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets

'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback

Evading Microsoft ATA for Active Directory Domination

Datacenter Orchestration Security and Insecurity: Assessing Kubernetes Mesos and Docker at Scale

Bug Collisions Meet Government Vulnerability Disclosure

Hunting GPS Jammers

Practical Tips for Defending Web Applications in the Age of DevOps

Breaking the Laws of Robotics: Attacking Industrial Robots

Intel SGX Remote Attestation is Not Sufficient

Infecting the Enterprise: Abusing Office365+Powershell for Covert C2

Why Most Cyber Security Training Fails and What We Can Do About it

Go to Hunt Then Sleep

Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets

Exploitation of Kernel Pool Overflow on Microsoft Windows 10 DKOM/DKOHM is Back in DKOOHM! Direct Kernel Optional Object Header Manipulation

Game of Chromes: Owning the Web with Zombie Chrome Extensions

Honey I Shrunk the Attack Surface – Adventures in Android Security Hardening

Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard

kR\^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse

AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically

Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization

Free-Fall: Hacking Tesla from Wireless to CAN Bus

Attacking Encrypted USB Keys the Hard(ware) Way

Taking Over the World Through MQTT - Aftermath

Evolutionary Kernel Fuzzing

Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities

The Origin of Array \[@@species\]: How Standards Drive Bugs in Script Engines

Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process

Friday the 13th: JSON Attacks

Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices)

Exploit Kit Cornucopia

Defeating Samsung KNOX with Zero Privilege

Electronegativity - A Study of Electron Security

WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake

Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers

Intel AMT Stealth Breakthrough

Blue Pill for Your Phone

Exploiting Network Printers

Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions

And Then the Script-Kiddie Said Let There be No Light. Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?

Digital Vengeance: Exploiting the Most Notorious C&C Toolkits

Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science

IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices

Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop

Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS

RBN Reloaded - Amplifying Signals from the Underground

Breaking the x86 Instruction Set

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!

Betraying the BIOS: Where the Guardians of the BIOS are Failing

The Adventures of AV and the Leaky Sandbox