Talks

speaker

Hacking Games in a Hacked Game
(4) reviewers

Author: Rusty Wagner / Jordan Wiens
Category: Penetration Test
Summary: For the last two years, the Ghost in the ShellCode Capture the Flag (CTF) has done something unique -- built ...

speaker

A Link to the Past: Abusing Symbolic Links on Windows
(3) reviewers

Author: James Forshaw
Category: Exploit Development
Summary: The dangers of symbolic links are well known on Unix-like operating systems. Through their misuse a privilege process can be ...

speaker

Hacking Hacker Conferences
(3) reviewers

Author: Max Feldman
Category: Penetration Test
Summary: Hacker conferences show off the cutting edge of digital attacks, yet rarely secure themselves against these same attacks. Such conferences ...

speaker

Writing Bad@ss OS X Malware
(2) reviewers

Author: Patrick Wardle
Category: Malware
Summary: Abstract: When comparing Microsoft and Apple, Cupertino emerges a winner in pretty much all categories - save for the sophistication ...

speaker

BadXNU, a rotten apple!
(2) reviewers

Author: Pedro Vilaça
Category: Exploit development
Summary: Your latest OS X 0day exploit got you root and now what? Apple (finally) introduced mandatory code signing for kernel ...

speaker

APT NSA WTF OMFG - An Advanced Persistent Analysis
(2) reviewers

Author: Jesus Oquendo
Category: Advance Persistence Threat
Summary: Corporations, governments, and everyday people are continuoulsy getting attribution wrong. The recent attack on Sony illustrated this best when researchers ...

speaker

Software Defined Exploits - Because we aren't controlled!
(2) reviewers

Author: Roberto Soares
Category: Penetration Test
Summary: Abstract: SDN (Software Defined Network) has attracted the attention of many technology giants from various segments such as VMware, Juniper, ...

speaker

O R'lyeh? The Shadow over Firefox
(2) reviewers

Author: Patroklos Argyroudis
Category: Vulnerability Development
Summary: The Mozilla Firefox browser has a new garbage collection (GC) implementation for its Javascript engine (Spidermonkey) since version 32. This ...

speaker

Rootpipe in OS X - the full details
(2) reviewers

Author: Emil Kvarnhammar
Category: Reverse Engineering
Summary: I'm working with Apple on a vulnerability I found in OS X 10.10 a while back, known to the public ...

speaker

Fuzzing OSX At Scale
(2) reviewers

Author: Ben Nagy
Category: Bug Hunting
Summary: In this talk Ben Nagy delves into scaling out OSX fuzzfarms on commodity (i.e. non-Apple) hardware. Ben Nagy will demonstrate ...

speaker

MIMOSAWRITERROUTER - Abusing EPC on Cisco Router to collect data
(2) reviewers

Author: Joaquim Espinhara
Rafael Silva
Category: Penetration Test
Summary: The goal of this talk is present a way to abuse a default feature of Cisco routers. The feature mentioned ...

speaker

IDA Sploiter - IDA plugin for exploit developers and vulnerability researchers
(1) reviewers

Author: Peter Kacherginsky
Category: Reverse Engineering
Summary: Exploit development is a complex and laborious process especially when dealing with various mitigation technologies in modern software and operating ...

speaker

Insection: AWEsomly Exploiting Shared Memory Objects
(1) reviewers

Author: Alex Ionescu
Category: Privilege Escalation
Summary: As the barriers to hijacking the kernel and system processes continue to increase with technologies such as Protected Processes, Patchguard, ...

speaker

Breaking Vaults: Stealing LastPass protected secrets
(1) reviewers

Author: Martin Vigo
Category: Vulnerability Research
Summary: Abstract LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is ...

speaker

Modern Objective-C Exploitation
(1) reviewers

Author: Neil Archibald
Category: Exploit development
Summary: This talk serves to advance the research I published in Phrack 66 (2009) regarding the exploitation of memory corruption bugs ...

speaker

Scada Systems: The Ideal Beachhead
(1) reviewers

Author: Wesley Wineberg
Category: SCADA
Summary: From buzzword to beachhead: Anything related to SCADA security is a hot topic, but SCADA systems actually represent a great ...

speaker

UaF: Mitigation and Bypass
(1) reviewers

Author: Jared DeMott
Category: Vulnerability Development
Summary: Memory corruption has plagued computers for decades. These software bugs can often be transformed into working cyber-attacks. High-level protections, such ...

speaker

HARES: Hardened Anti-Reverse Engineering System
(1) reviewers

Author: Jacob Torrey
Category: Reverse Engineering
Summary: I propose presenting my work: Hardened Anti-Reverse Engineering System (HARES), a prototype anti-reverse engineering technique providing a method to seamlessly ...

speaker

Problems in symbolic fuzzing
(1) reviewers

Author: Nathan Rittenhouse
Category: Vulnerability Development
Summary: Fuzzing is undoubtedly one of the most popular methods for both attackers and defenders to find bugs in software. Recent ...

speaker

Gone in 60 minutes – Practical Approach to Hacking an Enterprise with Yasuo
(0) reviewers

Author: Saurabh Harit
Category: Tools
Summary: == Abstract == This talk is going to be centered around Yasuo, an open-source vulnerable application scanner purely written in ...

speaker

Your license manager is my shell
(0) reviewers

Author: Pietro Oliva
Category: Penetration Test
Summary: License managers let software developers focus in software development of the main characteristics of the software they are producing, leaving ...

speaker

Pentest in your pocket
(0) reviewers

Author: Philip Polstra
Category: Penetration Test
Summary: This talk will show attendees multiple ways to use a device based on th BeagleBone Black to perform attacks. Topics ...

speaker

DDoS mitigation’s EPIC FAILS
(0) reviewers

Author: Moshe Zioni
Category: Denial of Services
Summary: Through the last couple of years we were providing on-demand DDoS attacks on our customers' web sites. The ddos mitigation ...

speaker

Efficient data exfiltration
(0) reviewers

Author: Jonas Lejon
Category: Data exfiltration
Summary: So, you owned a high target network or at least you did your OSINT homework and have a plan. But ...

speaker

Beyond the lock: Attack vector evolution
(0) reviewers

Author: Eric Michaud
Category: Physical Security
Summary: While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric ...

speaker

The Bazaar, the Maharaja's Ultimatum, and the Shadow of the Future: Extortion and Cooperation in the 0-day Market
(0) reviewers

Author: Alfonso De Gregorio
Category: Zero-day Market
Summary: Trading vulnerability information or 0-day exploits is considered a risky ordeal. Players in the secretive 0-day market face some inherent ...

speaker

Data Driven Offense
(0) reviewers

Author: Ram Shankar
Sacha Faust
Category: Big Data
Summary: Abstract: While the industry’s “blue team” of defenders and analysts are racing to make security detections smart by harnessing the ...