Stop that Release There's a Vulnerability!

Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines

The Problems and Promise of WebAssembly

ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware

Real Eyes Realize Real Lies: Beating Deception Technologies

Two-Factor Authentication Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key

Demystifying PTSD in the Cybersecurity Environment

Fire & Ice: Making and Breaking macOS Firewalls

Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims

Black Box is Dead. Long Live Black Box!

The Science of Hiring and Retaining Female Cybersecurity Engineers

New Norms and Policies in Cyber-Diplomacy

Your Voice is My Passport

Snooping on Cellular Gateways and Their Critical Role in ICS

Identity Theft: Attacks on SSO Systems

Kernel Mode Threats and Practical Defenses

The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet

Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities

Decompiler Internals: Microcode

Stealth Mango and the Prevalence of Mobile Surveillanceware

A Deep Dive into macOS MDM (and How it can be Compromised)

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

AI & ML in Cyber Security - Why Algorithms are Dangerous

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives

Outsmarting the Smart City

WebAssembly: A New World of Native Exploits on the Browser

Playback: A TLS 1.3 Story

TLBleed: When Protecting Your CPU Caches is Not Enough

Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities

So I became a Domain Controller

Applied Self-Driving Car Security

Protecting the Protector Hardening Machine Learning Defenses Against Adversarial Attacks

None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service

Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator

From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities

Automated Discovery of Deserialization Gadget Chains

Another Flip in the Row

Legal Liability for IOT Cybersecurity Vulnerabilities

Catch me Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time

Exploitation of a Modern Smartphone Baseband

Last Call for SATCOM Security

How can Someone with Autism Specifically Enhance the Cyber Security Workforce?

For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems

SDL That Won't Break the Bank

Mainframe \[z/OS\] Reverse Engineering and Exploit Development

Hardening Hyper-V through Offensive Security Research

Lowering the Bar: Deep Learning for Side Channel Analysis

IoT Malware: Comprehensive Survey Analysis Framework and Case Studies

Understanding and Exploiting Implanted Medical Devices

Practical Web Cache Poisoning: Redefining 'Unexploitable'

SirenJack: Cracking a 'Secure' Emergency Warning Siren System

The Finest Penetration Testing Framework for Software-Defined Networks

Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina

Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library

Lessons and Lulz: The 4th Annual Black Hat USA NOC Report

It's a PHP Unserialization Vulnerability Jim but Not as We Know It

An Attacker Looks at Docker: Approaching Multi-Container Applications

DeepLocker - Concealing Targeted Attacks with AI Locksmithing

Over-the-Air: How we Remotely Compromised the Gateway BCM and Autopilot ECUs of Tesla Cars

Return of Bleichenbacher's Oracle Threat (ROBOT)