Writing a Fuzzer for Any Language with American Fuzzy Lop

The Beginner’s Guide to the Musical Scales of Cyberwar

High Confidence Malware Attribution using the Rich Header

CryptoLocker Deep-Dive: Tracking security threats on the Bitcoin public ledger

The APT at Home: The attacker that knows your mother’s maiden name

BECs and Beyond: Investigating and Defending Office 365

Process Control Through Counterfeit Comms: Using and Abusing Built-In Functionality to Own a PLC

Firemen vs. Safety Matches: How the current skills pipeline is wrong

Five-sigma Network Events (and how to find them)

Be an IoT Safety Hero: Policing Unsafe IoT through the Consumer Product Safety Commission

Ground Truth: 18 vendors, 6000 firmware images, 2.7 million binaries, and a flaw in the Linux/MIPS stack

Electronic Voting in 2018: Bad or Worse?

Trip Wire(less)

Advancing a Scientific Approach to Security Tool Evaluations with MITRE ATT&CK™

Analyzing Shodan Images With Optical Character Recognition

Social Network Analysis: A scary primer

Mentoring the Intelligent Deviant: What the special operations and infosec communities can learn from each other

Security Response Survival Skills

Three Ways DuckDuckGo Protects User Privacy While Getting Things Done (and how you can too)

A Little Birdy Told Me About Your Warrants

iPhone Surgery for the Practically Paranoid

Post-quantum Crypto: Today’s defense against tomorrow’s quantum hacker

A Tisket, a Tasket, a Dark Web Shopping Basket

A Code Pirate’s Cutlass: Recovering Software Architecture from Embedded Binaries

24/7 CTI: Operationalizing Cyber Threat Intelligence

Behind Enemy Lines: Inside the operations of a nation state’s cyber program

0wn the Con