Talks

speaker

AVLeak: Reversing Antivirus Emulators From The Inside Out
(20) reviewers

Author: Alex Bulazel
Category: Reverse Engineering
Summary: Interest in offensive research looking at antivirus software is at an all time high, and only growing - Joxean Koret ...

speaker

Genetic Malware: Designing Payloads for Specific Targets
(17) reviewers

Author: Travis Morrow
Josh Pitts
Category: APT
Summary: Dropping a payload or malware onto a target is usually not an issue given the variety of vulnerable software in ...

speaker

Learn about the enemy ? How to profile national APT hacking group
(17) reviewers

Author: Moonbeom Park
Category: APT
Summary: Every year, so many hacking incidents and cyber terrors happen in the South Korea. So, KrCERT/CC has analysis and profile ...

speaker

The Secret Life of ActionScript
(14) reviewers

Author: Natalie Silvanovich
Category: Vulnerability Research
Summary: Adobe Flash continues to be a popular target for attackers in the wild. As an increasing number of bug fixes ...

speaker

Cartero - Another Offensive Social Engineering Framework
(13) reviewers

Author: Matias P. Brutti
Category: Social Engineering
Summary: As we grow in security Social Engineering remains one of the most important threats for information security. We could build ...

speaker

Xenpwn: Breaking Paravirtualized Devices
(10) reviewers

Author: Felix Wilhelm
Category: Virtualization Research
Summary: Instead of simply emulating old and slow hardware, modern hypervisors use paravirtualized devices to provide guests access to virtual hardware. ...

speaker

Fun in Memory with PowerShell and a debugger
(10) reviewers

Author: Pierre-Alexandre Braeken
Category: Penetration Test
Summary: The talk is about PowerMemory, a tool that provides a different approach to get credentials in Windows memory. An approach ...

speaker

Swift Reversing
(9) reviewers

Author: Ryan Stortz
Category: Reverse Engineering
Summary: At WWDC 2014, Apple introduced Swift, their revolutionary new programming language for the future. Swift promises unapologetic optimization, outstanding speed, ...

speaker

Java deserialization vulnerabilities - The forgotten bug class
(8) reviewers

Author: Matthias Kaiser
Category: Vulnerability Development
Summary: Java deserialization vulnerabilities are a bug class on its own. Although several security researchers have published details in the past, ...

speaker

Blackbuck – Reversing the Way Nature Intended
(7) reviewers

Author: Alfredo Pesoli
Mark Wuergler
Category: Mobile Security
Summary: Remember that time when you were reversing an iOS or Android app and you thought to yourself “this doesn't feel ...

speaker

Pwning Adobe Reader – Abusing the Reader’s embedded XFA engine for reliable Exploitation
(7) reviewers

Author: Sebastian Apelt
Category: Exploit Development
Summary: This presentation will be a deep-dive into Adobe Reader internals. The focus will be on how to develop reliable exploits ...

speaker

Operating under the Microscope - Red Teaming @ CCDC
(6) reviewers

Author: Rob Fuller
Category: Pentest, Red Team, Malware
Summary: How do you write malware that will go unnoticed when the defenders KNOW you are there. How about when there ...

speaker

Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts
(6) reviewers

Author: Omer Coskun
Category: Malware Offense
Summary: The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored ...

speaker

Wow64 Attack Surfaces Analysis
(5) reviewers

Author: Xiaoning Li
Category: Exploit Development
Summary: WoW64 is the facility to allow Windows 64bit OS run 32bit application seamless. Under Wow64 context, 64bit DLLs are invisible ...

speaker

All Your Browsers Belong To Us | Tales of Android Browser Exploitation
(5) reviewers

Author: Benjamin Watson
Category: Mobile Security
Summary: The age of Android is upon us, and is taking no prisoners. More and more Android users flock to the ...

speaker

Pew Pew Pew: bypassing secure boot using fault injection
(5) reviewers

Author: Niek Timmers
Albert Spruyt
Category: Exploit Development
Summary: More and more embedded systems implement functionality to assure the integrity (and confidentiality) of all software executed after power-on reset. ...

speaker

The Tao of Hardware, the Te of Implants
(5) reviewers

Author: Joseph FitzPatrick
Category: APT
Summary: Embedded, IOT, and ICS devices tend to be things we can pick up, see, and touch. They're designed for nontechnical ...

speaker

Making a scalable automated hacking system: from DevOps to Pwning
(4) reviewers

Author: Anonymous
Category: Exploit Development
Summary: DARPA's Cyber Grand Challenge is a contest to automate vulnerability discovery and patching. We participated in the qualifying event held ...

speaker

Automatic Root-Cause Identification for Crashing Executions
(4) reviewers

Author: Sean Heelan
Category: Binary Analysis
Summary: Generating crashing inputs for most targets isn’t particularly hard. In fact, often it’s annoyingly easy and, even with the assistance ...

speaker

GhettoCFI - Preventing Code Reuse Attacks Without Source
(4) reviewers

Author: Jeff Crowell
Category: Exploit Development
Summary: Control Flow Integrity (CFI) is a relatively new technique for preventing ROP and other code-reuse attacks. Unfortunately most implementations require ...

speaker

Drone > attack by malware and network hacking
(4) reviewers

Author: Charles Hong
Category: Penetration Testing
Summary: Drone systems are rapidly taking over markets around the world, and drone systems are also made and developed rapidly as ...

speaker

How we met SCADA Vulnerability – Scanning & exploiting
(4) reviewers

Author: Yoo-Chan Lee
Ki-Young Lim
Ryan Lee
Category: Exploit Development
Summary: SCADA system is a system which enable computers to control infrastructures, such as power plants and factories, instead of humans. ...

speaker

直出北京中國軍事黑客方法論 // Straight Outta Beijing: Chinese Military Hacking Methodologies
(3) reviewers

Author: William Hagestad II
Category: APT
Summary: Based upon several recent information security exchanges with China's People's Liberation Army and China's Cyberspace Administration audience members will enjoy ...

speaker

Getting started with vulnerability discovery using Machine Learning
(3) reviewers

Author: Gustavo Grieco
Category: Machine Learning, Vulnerabilities
Summary: With sustained growth of software complexity, finding security vulnerabilities in operating systems has become an important necessity. Very well known ...

speaker

Data Driven Offense Part 2 – Guided Red Team
(3) reviewers

Author: Sacha Faust
Category: Penetration Test
Summary: While the industry’s “blue team” of defenders and analysts are racing to make security detections smart by harnessing the power ...

speaker

Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers
(3) reviewers

Author: Jasper van Woudenberg
Category: Crypto attacks
Summary: Assessing the security of White-Box Cryptography (WBC) implementations often requires a powerful mix of reverse engineering and applied cryptanalysis skills. ...

speaker

Using Heisenberg's Uncertainty Principle & Cyber Feng Shui
(2) reviewers

Author: Jacob Torrey
Category: APT
Summary: Heisenberg's Uncertainty principle tells us that in particle physics, the act of observing an event changes its behavior. This is ...

speaker

EvilEngine: Metamorphic Engine for Kernel Mode Rootkits
(2) reviewers

Author: Adhokshaj Mishra
Category: Rootkit
Summary: Mutation and rootkits are two very powerful techniques commonly used by malware authors to maximize the lifespan of their malware ...

speaker

Binary Code Coverage based Network Fuzzer and Packet Structure Analyser
(2) reviewers

Author: Mrityunjay Gautam
Alex Moneger
Category: Vulnerability Research
Summary: In the security market, there are different kind of network fuzzing frameworks available. Some fuzzers are blackbox while others are ...

speaker

Naked Fried Chicken
(2) reviewers

Author: Matteo Beccaro
Matteo Collura
Category: Exploit Development
Summary: In this talk we will move through the past, the present and the future of hacking transportation systems, and how ...

speaker

Dynamic Rooted Trust
(2) reviewers

Author: Joseph Sharkey
Category: Rootkit
Summary: Trusted computing architectures, such as Intel’s Trusted Execution Technology (TXT), form the cornerstone of trust for highly sensitive, highly secure ...

speaker

DET (Data Exfiltration Toolkit)
(1) reviewers

Author: Paul Amar
Category: APT
Summary: The Data Exfiltration Toolkit (DET) makes the process of exfiltrating data from networks simpler. It supports numerous protocols and techniques, ...

speaker

Physical Offense
(0) reviewers

Author: Eric Michaud
Category: Physical Security
Summary: While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric ...

speaker

Practical Managed Code Rootkits in Java
(0) reviewers

Author: Ben Holland
Category: Rootkits
Summary: Managed Code Rootkits (MCRs) are terrifying post-exploitation attacks that open the doors for cementing and expanding a foothold in a ...

speaker

Mo Money Mo Problems: Identity Fraud Cashout Methods
(0) reviewers

Author: Benjamin Brown
Category: CyberCrime
Summary: Abstract: The hardest part of cybercrime is the cashout. The strategy for cashing out needs to be easy enough to ...

speaker

Exploiting Your NoSQL Graph Databases for Shells
(0) reviewers

Author: Francis Alexander
Category: Vulnerability Development
Summary: NoSQL Graph Databases have been an eternal part of the internal database network for companies. Visualising data on the go, ...

speaker

CodeFreeze: Breaking Payloads with Runtime Code Stripping and Image Freezing
(0) reviewers

Author: Collin Mulliner
Matthias Neugschwandtner
Category: Vulnerability Research
Summary: Fighting off attacks based on memory corruption vulnerabilities is hard and a lot of research was and is conducted in ...