• Facebook
• Twitter
• Reddit
• LinkedIn

Ya están disponibles los vídeos de Black Hat 2018:

• Black Hat USA 2018 Keynote: Parisa Tabriz
• [How can Communities Move Forward After Incidents of Sexual Harassment or Assault?](https://www.youtube.com/watch?v=vH28IUgJCH8&index=3&t=0s& list=PLH15HpR5qRsVAXGmSVfjWrGtGLJjIJuGe)
• [Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library](https://www.youtube.com/watch?v=s0Tqi7fuOSU&inde x=4&t=0s&list=PLH15HpR5qRsVAXGmSVfjWrGtGLJjIJuGe)
• [Fire & Ice: Making and Breaking macOS Firewalls](https://www.youtube.com/watch?v=_xsnedUp4ko&index=5&t=0s&list=PLH15HpR5qRsVAXGmSVfjWrGtGLJj IJuGe)
• [Practical Web Cache Poisoning: Redefining ‘Unexploitable’](https://www.youtube.com/watch?v=j2RrmNxJZ5c&index=6&t=0s&list=PLH15HpR5qRsVAXGmSV fjWrGtGLJjIJuGe)
• [An Attacker Looks at Docker: Approaching Multi-Container Applications](https://www.youtube.com/watch?v=HTM3ZrSvp6c&index=7&t=0s&list=PLH15Hp R5qRsVAXGmSVfjWrGtGLJjIJuGe)
• [SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System](https://www.youtube.com/watch?v=49KoUmiJuts&index=8&t=0s&list=PLH15HpR5qRsVAX GmSVfjWrGtGLJjIJuGe)
• Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
• GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
• Finding Xori: Malware Analysis Triage with Automated Disassembly
• Miasm: Reverse Engineering Framework
• Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
• DeepLocker - Concealing Targeted Attacks with AI Locksmithing
• It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It
• Day Zero: A Road Map to #BHUSA 2018
• Lessons and Lulz: The 4th Annual Black Hat USA NOC Report
• Return of Bleichenbacher’s Oracle Threat (ROBOT)
• An Attacker Looks at Docker: Approaching Multi-Container Applications
• Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
• The Finest Penetration Testing Framework for Software-Defined Networks
• Understanding and Exploiting Implanted Medical Devices
• Mainframe [z/OS] Reverse Engineering and Exploit Development
• Lowering the Bar: Deep Learning for Side Channel Analysis
• Hardening Hyper-V through Offensive Security Research
• SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
• Practical Web Cache Poisoning: Redefining ‘Unexploitable’
• IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
• SDL the Wont Break the Bank
• For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
• Last Call for SATCOM Security
• Exploitation of a Modern Smartphone Baseband
• Automated Discovery of Deserialization Gadget Chains
• Legal Liability for IOT Cybersecurity Vulnerabilities
• Another Flip in the Row
• How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
• Catch me, Yes we can! - Pwning Social Engineers
• Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
• Windows Offender: Reverse Engineering Windows Defender’s Antivirus Emulator
• Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
• Playback: A TLS 1.3 Story
• An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
• TLBleed: When Protecting Your CPU Caches is Not Enough
• None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
• So I became a Domain Controller
• WebAssembly: A New World of Native Exploits on the Browser
• Outsmarting the Smart City
• Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
• AI & ML in Cyber Security - Why Algorithms are Dangerous
• Stealth Mango and the Prevalence of Mobile Surveillanceware
• Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
• A Deep Dive into macOS MDM (and How it can be Compromised)
• Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
• GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
• Decompiler Internals: Microcode
• Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
• Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
• Kernel Mode Threats and Practical Defenses
• New Norms and Policies in Cyber-Diplomacy
• Snooping on Cellular Gateways and Their Critical Role in ICS
• Your Voice is My Passport
• Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
• Identity Theft: Attacks on SSO Systems
• The Science of Hiring and Retaining Female Cybersecurity Engineers
• Black Box is Dead. Long Live Black Box!
• Fire & Ice: Making and Breaking macOS Firewalls
• Demystifying PTSD in the Cybersecurity Environment
• The Problems and Promise of WebAssembly
• Real Eyes, Realize, Real Lies: Beating Deception Technologies
• ARTist - An Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
• Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
• Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
• Stop that Release, There’s a Vulnerability!
• Pwnie Awards
• Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
• Applied Self-Driving Car Security
• Is the Mafia Taking Over Cybercrime?
• AFL’s Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
• Back to the Future: A Radical Insecure Design of KVM on ARM
• I, for One, Welcome Our New Power Analysis Overlords
• How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
• The Air-Gap Jumpers
• Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
• InfoSec Philosophies for the Corrupt Economy
• ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
• Breaking the IIoT: Hacking industrial Control Gateways
• Holding on for Tonight: Addiction in InfoSec
• Dissecting Non-Malicious Artifacts: One IP at a Time
• How I Learned to Stop Worrying and Love the SBOM
• Why so Spurious? Achieving Local Privilege Escalation on Operating Systems
• Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
• A Brief History of Mitigation: The Path to EL1 in iOS 11
• Squeezing a Key through a Carry Bit
• Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
• LTE Network Automation Under Threat
• Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
• From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
• Don’t @ Me: Hunting Twitter Bots at Scale
• Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
• WireGuard: Next Generation Secure Network Tunnel
• The Unbearable Lightness of BMC’s
• Meltdown: Basics, Details, Consequences
• Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community
• Threat Modeling in 2018: Attacks, Impacts and Other Updates
• Deep Dive into an ICS Firewall, Looking for the Fire Hole
• Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
• No Royal Road … Notes on Dangerous Game
• Reversing a Japanese Wireless SD Card - From Zero to Code Execution
• Compression Oracle Attacks on VPN Networks
• Remotely Attacking System Firmware
• There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
• Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
• Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
• Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools
• How TRITON Disrupted Safety Systems & Changed the Threat Landscape of Industrial Control Systems
• A Dive in to Hyper-V Architecture & Vulnerabilities
• KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
• From Bot to Robot: How Abilities and Law Change with Physicality
• Attacking Client-Side JIT Compilers
• Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
• Finding Xori: Malware Analysis Triage with Automated Disassembly
• Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
• Qualitative Look at Autonomous Peer Communication’s Impact on Organizational Phishing Detection
• Measuring the Speed of the Red Queen’s Race; Adaption and Evasion in Malware
• Detecting Credential Compromise in AWS
• Keynote: Optimistic Dissatisfaction with the Status Quo

• Facebook
• Twitter
• Reddit
• LinkedIn

Aquí os dejo los vídeos que se han publicado de DEF CON 26). Ya tenéis entretenimiento para el fin de semana que se avecina.

Recuerda que también tienes el material disponible.

• Rob Joyce - NSA Talks Cybersecurity
• Eyal Itkin, Yaniv Balmas - What the Fax?!
• Josh Mitchell - Ridealong Adventures: Critical Issues with Police Body Cameras
• Svea, Suggy, Till - Inside the Fake Science Factory
• Ladar Levison, hon1nbo - Booby Trapping Boxes
• 0x200b - Detecting Blue Team Research Through Targeted Ads
• [Si, Agent X - Wagging the Tail:Covert Passive Surveillance](https://www.youtube.com/watch?v=tYFOXeItRFM&list=PL9fPq3eQfaaD0cf5c7wkzMoj2kifz GO4U&index=8&t=0s)
• Alexei Bulazel - Reverse Engineering Windows Defenders Emulator
• Alfonso Alguacil and Murillo Moya - Playback a TLS 1 point 3 story
• Bui and Rao - Last mile authentication problem Exploiting the missing link
• Champion and Law - Building the Hacker Tracker
• Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86
• Christopher Domas - The Ring 0 Facade Awakening the Processors Inner Demons
• Damien virtualabs Cauquil - You had better secure your BLE devices
• Douglas McKee - 80 to 0 in Under 5 Seconds
• Daniel Crowley and Panel - Outsmarting the Smart City
• delta zero and Azeem Aqil - Your Voice is My Passport
• Daniel Zolnikov - A Politicians Successful Efforts to Fight Surveillance
• Dr Holtmanns and Singh - 4G Who is Paying Your Cellular Phone Bill Video
• Dr Rasthofer and Panel - Worrisome Security Issues in Tracker Apps
• Dr Matthews and Panel - A DEF CON Guide to Adversarial Testing of Software
• Elinor Mills and Panel - The L0pht Testimony 20 Years Later and Other Things
• Foster and Ayrey - Dealing with Residual Certificates for Pre-owned Domains
• Franklin and Franklin - Defending the 2018 Midterm Elections from Foreign Adversaries
• Gabriel Ryan - Bypassing Port Security In 2018 Defeating MacSEC and 802 1x 2010
• George Tarnovsky - You Can Run but You Cant Hide Reverse Engineering Using X-Ray
• Greenstadt and Dr Caliskan - De-anonymizing Programmers from Source Code
• Guang Gong - Pwning theToughest Target, the Largest Bug Bounty in the History of ASR
• HuiYu and Qian - Breaking Smart Speakers We are Listening to You
• Ian Haken - Automated Discovery of Deserialization Gadget Chains
• Izycki and Colli - Digital Leviathan A Comprehensive List of Nation State Big Brothers
• Jeanette Manfra - Securing our Nations Election Infrastructure
• Joe Rozner - Synfuzz Building a Grammar Based Retargetable Test Generation Framework
• Johnson and Stavrou - Vulnerable Out of the Box - Evaluation of Android Carrier Devices
• Josep Pi Rodriguez - WingOS: How to Own Millions of Devices .
• Kim and Choi - Your Watch Can Watch You! Pitfalls in the Samsung Gear Smartwatch
• Knight and Speers - Designing and Applying Extensible RF Fuzzing Tools
• Krotofil , Wetzels - Thru the Eyes of the Attacker Designing Embedded Systems for ICS
• Lane Broadbent - Trouble in the Tubes How Internet Routing Security Breaks Down
• ldionmarcil - Edge Side Include Injection Abusing Caching Servers into SSRF
• Levinson and Borges - Ill See Your Missile and Raise You A MIRV
• Maggie Mayhem - Sex Work After SESTA FOSTA
• Maksim Shudrak - Fuzzing Malware For Fun and Profit
• Martin Vigo - Compromising Online Accounts by Cracking Voicemail Systems
• Matt King - Micro Renovator Bringing Processor Firmware up to Code
• Galloway, Yunusov - For the Love of Money Finding and Exploiting Vulns in mPOS Systems
• Zhenxuan Bai and Panel - Replay Attacks on Ethereum Smart Contracts
• Zheng and Panel - Your Peripheral Has Planted Malware An Exploit of NXP SOCs
• Zheng and Bai - Fasten your seatbelts We are escaping iOS 11 Sandbox
• zerosum0x0 - Demystifying MS17 010 Reverse Engineering the ETERNAL Exploits
• zenofex - Dissecting the Teddy Ruxpin Reverse Engineering the Smart Bear
• Zeng and Panel - Lora Smart Water Meter Security Analysis
• Zach and Alex - Infecting The Embedded Supply Chain
• Yu Wang - Attacking the macOS Kernel Graphics Driver
• yawnbox - Privacy Infrastructure Challenges and Opportunities
• Xiao and Panel - Hacking the Brain Customize Evil Protocol to Pwn an SDN Con
• William Martin - SMBetray Backdooring and Breaking Signatures
• William Martin - One Click to OWA
• West and Campbell - barcOwned Popping Shells with Your Cereal Box
• Wesley McGrew - An Attacker Looks at Docker Approaching Multi Container Applications
• Vincent Tan - Hacking BLE Bicycle Locks for Fun and a Small Profit
• Truman Kain - Dragnet Your Social Engineering Sidekick
• Thiago Alves - Hacking PLCs and Causing Havoc on Critical Infrastructures
• The Tarquin - Weaponizing Unicode Homographs Beyond IDNs
• The Dark Tangent and Panel - DEF CON GROUPS
• The Dark Tangent - Welcome To DEF CON & Badge Maker Talk
• The Dark Tangent - DEF CON 26 Closing Ceremonies
• Steven Danneman - Your Banks Digital Side Door
• smea - Jailbreaking the 3DS Through 7 Years of Hardening
• Slava Makkaveev - Man In The Disk
• singe - Practical and Improved Wifi MitM with Mana
• Shkatov and Michael - UEFI Exploitation for the Masses
• Sheng Hao Ma - Playing Malware Injection with Exploit Thoughts
• sghctoma - All Your Math are Belong to Us
• Sean Metcalf - Exploiting Active Directory Administrator Insecurities
• Seamus Burke - A Journey Into Hexagon Dissecting a Qualcomm Baseband
• Sanat Sharma - House of Roman a Leakless Heap Fengshui to Achieve RCE on PIE Binaries
• Ruo Ando - Asura PCAP File Analyzer for Anomaly Packets Detection
• Rowan Phipps - ThinSIM based Attacks on Mobile Money Systems
• Rousseau and Seymour - Finding Xori Malware Analysis Triage with Automated Disassembly
• Romailler and Amiet - Reaping and Breaking Keys at Scale When Crypto Meets Big Data
• Rob Joyce - Building Absurd Christmas Light Shows
• Riedesel and Hakimian - Tineola Taking a Bite Out of Enterprise Blockchain
• Ricky HeadlessZeke Lawshae - Who Controls the Controllers Hacking Crestron
• Richard Thieme - The Road to Resilience How Real Hacking Redeems a Damnable Profession
• Patrick Wardle - The Mouse is Mightier than the Sword
• Patrick Wardle - Fire and Ice Making and Breaking macOS Firewalls
• Paternotte and van Ommeren - It WISNt Me Attacking Industrial Wireless Mesh Networks
• Panel - DC 101 Panel
• Ossmann and Spill - Revolting Radios
• Orange Tsai - Breaking Parser Logic Take Your Path Normalization Off and Pop 0Days Out
• Nirenberg and Buchwald - Reverse Engineering Hacking Documentary Series
• Nick Cano - Relocation Bonus Attacking the Windows Loader
• Nevermoe - One Step Ahead of Cheaters Instrumenting Android Emulators
• Morgan Indrora Gangwere - (Ab)using Binaries from Embedded Devices for Fun and Profit
• Alexandre Borges - Ring 0 Ring 2 Rootkits Bypassing Defenses
• Berta and De Los Santos - Rock appround the Clock Tracking Malware Developers
• David Melendez Cano - Avoiding CounterDrone Systems with NanoDrones
• Eric Sesterhenn - In Soviet Russia Smartcard Hacks You
• Bai and Zheng - Analyzing and Attacking Apple Kernel Drivers

• Facebook
• Twitter
• Reddit
• LinkedIn

Desde la página de IronGeek podéis ver los vídeos de todas (casi) las presentaciones de DerbyCon 8.0. Aquí tenéis la lista de los mismos:

• Opening
• How to influence security technology in kiwi underpants Benjamin Delpy
• Panel Discussion - At a Glance: Information Security Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy
• Red Teaming gaps and musings Samuel Sayen
• A Process is No One: Hunting for Token Manipulation Jared Atkinson, Robby Winchester
• Fuzz your smartphone from 4G base station side Tso-Jen Liu
• Clippy for the Dark Web: Looks Like You’re Trying to Buy Some Dank Kush, Can I Help You With That? Emma Zaballos
• Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework Joe Rozner
• Escoteric Hashcat Attacks Evilmog
• RFID Luggage Tags, IATA vs Real Life Daniel Lagos
• #LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection Carl Alexander
• Maintaining post-exploitation opsec in a world with EDR Michael Roberts, Martin Roberts
• Hey! I found a vulnerability - now what? Lisa Bradley, CRob
• Foxtrot C2: A Journey of Payload Delivery Dimitry Snezhkov
• Ridesharks Kaleb Brown
• IRS, HR, Microsoft and your Grandma: What they all have in common Christopher Hadnagy, Cat Murdock
• #LOLBins - Nothing to LOL about! Oddvar Moe
• Everything Else I Learned About Security I Learned From Hip-Hop Paul Asadoorian
• Hackers, Hugs, & Drugs: Mental Health in Infosec Amanda Berlin
• Android App Penetration Testing 101 Joff Thyer, Derek Banks
• Draw a Bigger Circle: InfoSec Evolves Cheryl Biswas
• I Can Be Apple, and So Can You Josh Pitts
• From Workstation to Domain Admin: Why Secure Administration Isn’t Secure and How to Fix It Sean Metcalf
• MS17-010? zerosum0x0
• The Unintended Risks of Trusting Active Directory Lee Christensen, Will Schroeder, Matt Nelson
• Lessons Learned by the WordPress Security Team Aaron D. Campbell
• IronPython… omfg Marcello Salvati
• Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow Walter Legowski
• When Macs Come Under ATT&CK Richie Cyrus
• Abusing IoT Medical Devices For Your Precious Health Records Saurabh Harit, Nick Delewski
• Detecting WMI exploitation Michael Gough
• Gryffindor | Pure JavaScript, Covert Exploitation Matthew Toussain
• Instant Response: Making IR faster than you thought possible! Mick Douglas, Josh Johnson
• The History of the Future of Cyber-Education Winn Schwartau
• State of Win32k Security: Revisiting Insecure design Vishal Chauhan
• Offensive Browser Extension Development Michael Weber
• Protect Your Payloads: Modern Keying Techniques Leo Loobeek
• Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device Nancy Snoke, Phoenix Snoke
• Tales From the Bug Mine - Highlights from the Android VRP Brian Claire Young
• Decision Analysis Applications in Threat Analysis Frameworks Emily Shawgo
• Threat Intel On The Fly Tazz
• Make Me Your Dark Web Personal Shopper! Emma Zaballos
• Driving Away Social Anxiety Joey Maresca
• Off-grid coms and power Justin Herman
• CTFs: Leveling Up Through Competition Alex Flores
• Extending Burp to Find Struts and XXE Vulnerabilities Chris Elgee
• Introduction to x86 Assembly DazzleCatDuo
• Pacu: Attack and Post-Exploitation in AWS Spencer Gietzen
• An Inconvenient Truth: Evading the Ransomware Protection in Windows 10 Soya Aoyama
• Brutal Blogging - Go for the Jugular Kate Brew
• RID Hijacking: Maintaining Access on Windows Machines Sebastian Castro
• Your Training Data is Bad and You Should Feel Bad Ryan J. O’Grady
• So many pentesting tools from a $4 Arduino Kevin Bong, Michael Vieau
• Building an Empire with (Iron)Python Jim Shaver
• SAEDY: Subversion and Espionage Directed Against You Judy Towers
• OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it Amit Serper, Niv Yona, Yuval Chuddy
• How to test Network Investigative Techniques(NITs) used by the FBI Dr. Matthew Miller
• Cloud Computing Therapy Session Cara Marie, Andy Cooper
• Silent Compromise: Social Engineering Fortune 500 Businesses Joe Gray
• Going on a Printer Safari - Hunting Zebra Printers James Edge
• Hardware Slashing, Smashing, and Reconstructing for Root access Deral Heiland
• App-o-Lockalypse now! Oddvar Moe
• Web App 101: Getting the lay of the land Mike Saunders
• Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) Daniel Bohannon
• WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids Chris Sistrunk, Krypt3ia, SynAckPwn
• Just Let Yourself In David Boyd
• A “Crash” Course in Exploiting Buffer Overflows (Live Demos!) Parker Garrison
• Living in a Secure Container, Down by the River Jack Mannino
• VBA Stomping - Advanced Malware Techniques Carrie Roberts, Kirk Sayre, Harold Ogden
• Media hacks: an Infosec guide to dealing with journalists Sean Gallagher, Steve Ragan, Paul Wagenseil
• Deploying Deceptive Systems: Luring Attackers from the Shadows Kevin Gennuso
• The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs Arian Evans
• Perfect Storm: Taking the Helm of Kubernetes Ian Coldwater
• How to put on a Con for Fun and (Non) Profit Benny Karnes, John Moore, Rick Hayes, Matt Perry, Bill Gardner, Justin Rogosky, Mike Fry, Steve Truax
• Web app testing classroom in a box - the good, the bad and the ugly Lee Neely, Chelle Clements, James McMurry
• Metasploit Town Hall 0x4 Brent Cook, Aaron Soto, Adam Cammack, Cody Pierce
• Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community Kathleen Smith, Magen Wu, Cindy Jones, Kathryn Seymour, Kirsten Renner
• Disaster Strikes: A Hacker’s Cook book Jose Quinones, Carlos Perez
• Ninja Looting Like a Pirate Infojanitor
• Hacking Mobile Applications with Frida David Coursey
• Victor or Victim? Strategies for Avoiding an InfoSec Cold War Jason Lang, Stuart McIntosh
• Ubiquitous Shells Jon Gorenflo
• 99 Reasons Your Perimeter Is Leaking - Evolution of C&C John Askew
• Ship Hacking: a Primer for Today’s Pirate Brian Satira, Brian Olson
• Code Execution with JDK Scripting Tools & Nashorn Javascript Engine Brett Hawkins
• PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget Mark Milhouse
• Patching: Show me where it hurts Cheryl Biswas
• Advanced Deception Technology Through Behavioral Biometrics Curt Barnard, Dawud Gordon
• We are all on the spectrum: What my 10-year-old taught me about leading teams Carla A Raisler
• No Place Like Home: Real Estate OSINT and OPSec Fails John Bullinger
• The Layer2 Nightmare Chris Mallz
• Attacking Azure Environments with PowerShell Karl Fosaaen
• Blue Blood Injection: Transitioning Red to Purple Lsly Ayyy
• Mirai, Satori, OMG, and Owari - IoT Botnets Oh My Peter Arzamendi
• Comparing apples to Apple Adam Mathis
• How online dating made me better at threat modeling Isaiah Sarju
• Threat Hunting with a Raspberry Pi Jamie Murdock
• M&A Defense and Integration - All that Glitters is not Gold Sara Leal, Jason Morrow
• Social Engineering At Work - How to use positive influence to gain management buy-in for anything April Wright
• Ham Radio 4 Hackers Eric Watkins, Devin Noel
• Getting Control of Your Vendors Before They Take You Down Dan Browder
• Cyber Intelligence: There Are No Rules, and No Certainties Coleman Kane
• Getting Started in CCDC Russell Nielsen
• Changing Our Mindset From Technical To Psychological Defenses Andrew Kalat
• Red Mirror: Bringing Telemetry to Red Teaming Zach Grace
• Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes Austin Baker, Doug Bienstock
• IoT: Not Even Your Bed Is Safe Darby Mullen
• Fingerprinting Encrypted Channels for Detection John Althouse
• On the Nose: Bypassing Huawei’s Fingerprint authentication by exploiting the TrustZone Nick Stephens
• Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 Gabriel Ryan
• Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight Omer Yair
• Cloud Forensics: Putting The Bits Back Together Brandon Sherman
• Killsuit: The Equation Group’s Swiss Army knife for persistence, evasion, and data exfil Francisco Donoso
• The MS Office Magic Show Stan Hegt, Pieter Ceelen
• Living off the land: enterprise post-exploitation Adam Reiser
• Hillbilly Storytime: Pentest Fails Adam Compton
• Bug Hunting in RouterOS Jacob Baines
• Breaking Into Your Building: A Hackers Guide to Unauthorized Access Tim Roberts, Brent White
• The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights. Bryce “soen” Bearchell
• Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests Tomasz Tuzel
• Pwning in the Sandbox: OSX Macro Exploitation & Beyond Adam Gold, Danny Chrastil
• IOCs Today, Intelligence-Led Security Tomorrow Katie Kusjanovic, Matthew Shelton
• Closing Ceremonies