-
Welcome Address
- Michel van Eeten
-
The Future, The Past, And...
Wait, Where The Hell Are We Now?
- Marion Marschalek
-
The Life & Death Of Kernel Object Abuse
- Saif Elsherei and Ian Kronquist
-
Sneaky Element:
Real World Attacks Against Secure Elements
- Don Bailey
-
Smashing Ethereum Smart Contracts
For Fun And Actual Profit
- Bernhard Mueller
-
Steganography Ante Portas
- Steffen Wendzel
-
Brida: When Burp Suite Meets Frida
- Federico Dotta and Piergiovanni Cipolloni
-
Attacking Microsoft's .NET Framework Through CLR
- Yu Hong and Shikang Xing
-
Privacy And Protection For Criminals:
Behaviors And Patterns Of Rogue Hosting Providers
- Sarah Brown and Dhia Mahjoub
-
Creating An Isolated Data Center
Security Policy Model Using SmartNICs
- Ofir Arkin
-
Ghost Tunnel: Covert Data Exfiltration
Channel To Circumvent Air Gapping
- Jun Li,Kunzhe Chai and Hongjian Cao
-
Invoke-Dosfuscation: Techniques
For %f In (-style) Do (S-Level CMD Obfuscation)
- Daniel Bohannon
-
Keynterceptor: Press Any Key To Continue
- Niels van Dijkhuizen
-
Ticket To Ride: Abusing The Travel
And Hospitality Industry For Profit
- V. Kropotov,F. Yarochkin,M. Fuentes and L. Gu
-
Hacking Intelligent Buildings:
Pwning KNX & Zigbee Networks
- HuiYu Wu,YuXiang Li and Yong Yang
-
Digging Deep:
How To Find And Exploit Bugs In IoT Devices
- Kelvin Wong
-
Faster, Wider, Greater: Modern Pentest Tricks
- Thomas Debize
-
Eating The Core Of An Apple: How To Analyze
And Find Bugs In MacOS And iOS Kernel Drivers
- Xiaolong Bai and Min (Spark) Zheng
-
Mirror Mirror: Rooting Android 8
With A Kernel Space Mirroring Attack
- Yong Wang and Yang Song
-
Practical Quantum Computing For Hackers Without a PhD
- Yann Allain
-
Still Breaching Your Perimeter:
A Deep Dive Into Malicious Documents
- Josh Stroschein
-
Fuzzing Javascript Engines For Fun And Pwnage
- Areum Lee and Jeonghoon Shin
-
The Odd One: Applying Machine Learning
To User Behavior Anomaly Analysis
- Eugene Neyolov
-
The Sound Of A Targeted Attack:
Attacking IoT Speakers
- Stephen Hilt
-
A Risk Assessment Of Logo Disclosures
- Jennifer Leggio
-
Reference This:
Sandbox Evasion Using VBA Referencing
- Aviv Grafi and Amit Dori
-
Mallet: Towards A Generic Intercepting Proxy
- Rogan Dawes
-
Under Cover Of Darkness:
Hiding Tasks Via Hardware Task Switching
- Kyeong Joo Jung
-
Mind The Gap: Uncovering The Android Patch Gap
Through Binary-Only Patch Level Analysis
- Karsten Nohl and Jakob Lell
-
Over The Edge: Pwning The Windows Kernel
- Rancho Han
-
EasyROP: Automatic Generation Of ROP Chains
Using A Turing-Complete Instruction Set
- Ricardo J. RodrÃguez and Daniel Uroz
-
ProdSec: A Technical Approach
- Jeremy Brown
-
PyREBox:
Making Dynamic Instrumentation Great Again
- Xabier Ugarte-Pedrero
-
In Through The Out Door: Backdooring And
Remotely Controlling Cars With The Bicho
- Sheila Ayelen Berta and Claudio Caracciolo
-
From Quantitative Change To Qualitative Change:
A New Fuzzing Method For Android
- Zhang Qing and Bai Guangdong
-
Someone Call A Doctor:
Hacking A Hospital For Fun And Profit
- Asaf Cohen and Ofir Kamil
-
Call Me Maybe: Establishing Covert Channels
By Abusing GSM AT Commands
- Alfonso Munoz and Jorge Cuadrado Saez
-
Seems Exploitable: Exposing Hidden Exploitable
Behaviors Using Extended Differential Fuzzing
- Fernando Arnaboldi
-
Smart Contract (In)Security
- Ben Schmidt
-
Closing Comments
-
-
Look Ma, No Win32_Process Needed:
Expanding Your WMI Lateral Movement Arsenal
- Philip Tsukerman
-
Defense-In-Depth Techniques For Modern Web
Applications And Google's Journey With CSP
- Michele Spagnuolo and Lukas Weichselbaum
-
Blockchain:
Yes, You Can Just Use a Database - Until You Can't
- Amber Baldet
-
Closing Ceremony
- HitB Crew
