Sec/Admin 2016 ¿Te lo vas a perder?

Hola a tod@s

Como pasa el tiempo, ya nuestra 3º edición, este año volvemos con más y mejor, si te gusto el año pasado, este lo vas a flipar. Desde la organización hemos hecho un esfuerzo bestial para intentar crear una CON  amena y divertida. Con nosotros no te aburrías.

Como sabéis se realizará en la Escuela Técnica Superior de Ingeniería Informática de la Universidad de Sevilla. Gracias a Alejandro Carrasco y todos los integrantes de la universidad que hacéis posible este evento.

Comandando la organización seguimos al pie del cañón Adrián y yo. No podemos olvidarnos por su puesto de nuestros Patrocinadores y darle las GRACIAS, porque sin ellos esta locura sería inviable.  

Co-organizan

Patrocinadores Gold

Patrocinadores Silver

Como venimos diciendo con anterioridad, este sin duda es un año lleno de novedades, porque somos más que charlas:

CAPTURE THE FLAG

#secadmin2016

Con el apoyo institucional de Incibe. Como es sabido, el ganador se llevará la katana de esta tercera edición

además de ser invitado por Incibe a participar en la final de Cybercamp2016

Artillería

CALL FOR TOOLS!!

Plazo máximo hasta las 23:59  del día 10 de Noviembre de 2016

#secadmin2016

Patrocinado por

ToolsWatch

Sec/Admin Artillería>> nos sumamos a la idea  ya propuesta por compañeros de RootedCON, BlackHat o EkoParty. Reside en brindarle a  nuestros asistentes la oportunidad de que puedan presentar a la comunidad sus últimas tools. Con la posibilidad de que la tool ganadora será promocionada a nivel mundial por :

Zona Fsociety

#secadmin2016

Adéntrate con nosotros en nuestro salón recreativo. Fsociety será un apartado del congreso en donde podrás entre charla y charla disfrutar de unas partidas a juegos arcade gracias a las máquinas recreativas que traeremos. Aquellos tiempos en los que para poder jugar a un video juego tenias que salir de casa y pedir a papa 25 pesetas, sin embargo Elliot le dio otra utilidad.

El arte digital

#secadmin2016

Tenemos una sección llamada “El arte digital”  todo lo relacionado con drones, robótica, arduino, raspberry, gadgets, etc.

Al igual que se exponen en galerías obras de arte como pinturas y esculturas ¿por que no exponer el arte digital? Una buena ocasión de exponer estos productos.

Keynotes

#secadmin2016

Exprésate libremente, habla de lo que quieras, expón tu última investigación, cuéntanos tus inquietudes, dudas, que te gusta, que no te gusta, tú eres el protagonista. 

Podéis enviar vuestras propuestas de Keynotes, Arte Digital o Artillería a fjavier@secadmin.es  &  info@secadmin.es

Hacking Solidario

#secadmin2016

Hacking Solidario & Banco de Alimentos

De la mano de nuestros amigos de Hack&Beers Mª José Montes Miguel Arrollo y Edu Sanchez traemos Hacking Solidario se tratan de unas charlas de concienciación en seguridad TIC a familias, donde se recogerán alimentos/juguetes para los más necesitados. Por favor tienen que ser alimentos no perecederos para el Banco de Alimentos de Sevilla. Los alimentos preferentes son: Leche, Aceite (no es necesario que sea de oliva), Lentejas, garbanzos y alubias, Azúcar, Alimentación Infantil o Conservas.

Desde aquí hacemos un llamamiento decid a vuestras familias que acudan a esta parte del evento Mª José Montes os deleitará con la charla Mi teléfono móvil, un peligro constante en la que protegerás a los tuyos sobre los peligros que existen y encima seréis solidarios, alimentos a cambio de formación.

 Zona Recruiter

#secadmin2016

Por ahora nos han confirmado mi empresa Mnemo. Esta zona está habilitada para la recogida de CVs en mano, esta es tu oportunidad de desarrollar tu carrera profesional en unas de las consultoras de seguridad más punteras del momento.

 

Black Sec/Admin 

#secadmin2016

Si os quedáis con ganas de Hacking, networking y buena gente, habrá mucho más, después del cierre del viernes os citamos en un establecimiento, será una Sec/Admin más underground, os iremos informando sobre la ubicación, en el no faltará la cerveza y la posibilidad de charlas improvisadas & Wargames al más puro estilo underground.

After hour 

#secadmin2016

Fiesta final, tras clausurar el evento los mejores hackers de España invadirán Sevilla. La diversión esta garantiza  en los locales de moda de la capital andaluza. Os iremos informando sobre la ubicación.

7 Talleres & 18 Charlas ¿Quieres más? Daros prisa si queréis presentar algo en El Arte Digital, KeyNotes o Artillería. Sobre todo daros prisa para adquirir vuestra entrada ¡que se agotan! Quedáis avisados no os lo podéis perder, promete y mucho :p

Os dejo la agenda del evento.

Sec/Admin 2016 Agenda

Sec/Admin Friday 25, Day 125 Noviembre 2016

09:00 — 09:45

Registro y venta [anónima] de últimas entradas.

Puerta

09:30 — 10:00

Acceso y control de acreditaciones .

Salón de Actos

10:00 — 10:10

Acto de bienvenida

Salón de Actos

10:15 — 11:00

“El desmadre del Internet de las Tortas” – Josep Albors.

Salón de Actos

11:00 — 11:30

Desayuno y networking!

11:30 — 12:00

¿Cómo crear tu propio Shodan con Python? – Jorge Websec

Salón de Actos

12:00 — 12:30

Glauco: Sistema Avanzado de Identificación de Fraude Digital – Roberto Peña

Salón de Actos

12:30 — 13:30

“El JIRA tiene un color especial” – Pedro Laguna.

Salón de Actos

13:30 — 14:00

“Esquema de Seguridad Nacional” – Julia.

Salón de Actos

14:00 — 16:00

Almuerzo y networking!

16:00 — 17:00

“Analizando la seguridad de un dispositivo de seguridad” – Pepelux.

Salón de Actos

17:00 — 18:00

PSBot: No tools, but no problem! With Powershell -Pablo González.

Salón de Actos

18:00 — 18:30

Merienda y networking!

18:30 — 19:30

Bogdan airprobe adaptado a BlackRF y HackRF: hopping channels sniffing-Pedro Cabrera

Salón de Actos

19:30 — 20:30

“Hackeando mesas de mezclas Pioneer y convirtiéndote en
la pesadilla del DJ” -Deepak Daswani

Salón de Actos

20:30 — 21:30

HSTS, HPKP en clientes y servidores. You are doing it wrong! -Sergio de los Santos

Salón de Actos

22:00 — 23:00

Cena con organizadores, ponentes y más networking!

Sec/Admin 26 Saturday, Day 226 Noviembre 2016

09:00 — 10:00

Venta de entradas.

Puerta

09:30 — 10:00

Acreditaciones para el taller.

Puerta

10:00 — 11:00

Talleres (Aula 1 al Aula6).

Aulas

11:00 — 11:30

Cargar las pilas con un desayuno y networking!

11:30 — 12:30

Talleres (Aula 1 al Aula6).

Aulas

12:30 — 13:30

Talleres (Aula 1 al Aula6).

Aulas

13:30 — 14:00

Talleres (Aula 1 al Aula6).

Aulas

14:00 — 15:30

Almuerzo y networking!

15:30 — 15:45

Acceso y control de acreditaciones .

Salón de Actos

15:45 — 16:45

“Cuando la criptografía falla. Del cifrado homomórfico a las ondas cerebrales” – Alfonso Muñoz.

Salón de Actos

16:45 — 17:45

Hackers, Analistas…Espías : Quién es quién en el mundo de las amenazas digitales avanzadas – Dani Creus.

Salón de Actos

17:45 — 18:00

“Premio al mejor hacktools Artillería, patrocinado por ToolsWatch

Salón de Actos

18:00 — 18:30

Merienda y networking!

18:30 — 19:30

“El Internet de los huevos – Pedro Candel (S4urhon)

Salón de Actos

19:30 — 20:30

“Por confirmar”- Juanito

Salón de Actos

20:30 — 21:00

Entrega de KATANA Sec/Admin. Y tabla de posiciones en el desafío CTF con el apoyo institucional de INCIBE

Salón de Actos

21:00 — 21:15

Cierre, despedida y resumen

Sec/Admin 2016 Actividad GRATIS Y ABIERTA PARA TODOS LOS PUBLICOS

Sec/Admin 26 Saturday, Day 226 Noviembre 2016

10:00 — 12:00

“Hacking Solidario” -Eduardo Sánchez y María José Montes

Salón de Actos

12:00 — 14:00

“Software Libre” -Richard Stallman

Salón de Actos

Sec/Admin 2016 Actividades Paralelas al evento

17:00 — 19:00

“Keynotes, habla de tus proyectos e ideas libremente

Aulas

10:00 — 19:00

“Zona Fsociety: vuelve al pasado con nuetras recreativas”

Zonas Comunes

Más info: https://www.secadmin.es/

No seáis malos. 

Investigaciones DefCON 2016

Hola a tod@s

Concluyo la Defcon 2016 y con ella un sin fin de investigaciones de seguridad para amenizar las calurosas tardes de agosto al salir del curro. Disfrutadlas:

• Willa-Riggins-Esoteric-Exfiltration.pdf
• Zhang-Shan-Forcing-Targeted-Lte-Cellphone-Into-Unsafe-Network.pdf
• Zhong-Lee-411-A-Framework-For-Managing-Security-Alerts.pdf
• the-bob-ross-fan-club-Propaganda-and-you.pdf
• Arnaud-Soullie-Workshop-Pentesting-ICS-101.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection-Writeup.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection.pdf
• Bertin-Bervis-James-Jara-Exploiting-And-Attacking-Seismological-Networks-Remotely.pdf
• Bigezy-Saci-Pinworm-MITM-for-Metadata.pdf
• Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle.pdf
• Brad-Woodberg-Malware-Command-And-Control-Channels-A-Journey-Into-Darkness.pdf
• Bryant-Zadegan-Ryan-Lester-Abusing-Bleeding-Edge-Web-Standards-For-Appsec-Glory.pdf
• Chris-Rock-How-to-overthrow-a-Government-Kuwait-Coup-WP.pdf
• Clarence-Chio-Machine-Duping-101.pdf
• Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools-WP.pdf
• Demay-Lebrun-Canspy-A-Platorm-For-Auditing-Can-Devices.pdf
• Dr-Phil-Polstra-Mouse-Jigglers.pdf
• Drake-Christey-Vulnerabilities-101.pdf
• 3alarmlampscoot-DIY-Nukeproofing.pdf
• Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf
• Allan-Cecil-dwangoAC-Tasbot-The-Perfectionist.pdf
• Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf
• Anch-So-you-want-to-be-a-pentester-DC101.pdf
• Anto-Joseph-Fuzzing-Android-Devices.pdf
• Eagle-Sk3Wldbg-Emulating-with-Ida.pdf
• Eric-Escobar-Rogue-Cell-Towers.pdf
• Evan-Booth-Jjittery-Macgyver.pdf
• Fasel-Jacobs-I-fight-for-the-users.pdf
• Fitzpatrick-and-Grand-101-Ways-To-Brick-Your-Hardware.pdf
• Forgety-Kreilein-Ng9-1-1-The-Next-Gene-Of-Emergency-Ph0Nage.pdf
• Fred-Bret-Mounet-All-Your-Solar-Panels-Are-Belong-To-Me.pdf
• Gorenc-Sands-Hacker-Machine-Interface.pdf
• Granolocks-Zero-Chaos-Bluehydra-Realtime-Blutetooth-Detection.pdf
• Grant-Bugher-Captive-Portals.pdf
• Guevara-Noubir-Amirali-Sanatinia-Honey-Onions-Exposing-Snooping-Tor-Hsdir-Relays-WP.pdf
• Hendrik-Schmidt-Brian-Butter-Attacking-BaseStations.pdf
• Huber-Rasthofer-Smartphone-Antivirus-And-Security-Applications-Under-Fire.pdf
• Hunter-Scott-Rt2Win-The-Luckiest-Guy-On-Twitter.pdf
• Int0X80-Anti-Forensics-AF.pdf
• Jay-Beale-Larry-Pesce-Phishing-without-Frustration.pdf
• Jennifer-Granick-Slouching-Towards-Utopia.pdf
• Jmaxxz-Backdooring-the-Frontdoor.pdf
• Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles.pdf
• Lucas-Lundgren-Light-Weight Protocol-Critical-Implications.pdf
• Luke-Young-The-4TbS-Ddos-For-5-bucks.pdf
• Maldonado-Mcguffin-Sticky-Keys-To-The-Kingdom.pdf
• Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice.pdf
• Max-Bazaliy-A-Journey-Through-Exploit-Mitigation-Techniques-On-Ios.pdf
• Mcsweeny-Cranor-Research-On-The-Machines.pdf
• Mike-Rich-Use-Their-Machines-Against-Them.pdf
• Nick-Rosario-Weaponize-Your-Feature-Codes.pdf
• Panel-How-To-Make-A-DEFCON-Black-Badge.pdf
• Patrick-Wardle-99-Problems-Little-Snitch.pdf
• Plore-Side-Channel-Attacks-On-High-Security-Electronic-Safe-Locks.pdf
• Przemek-Jaroszewski-How-To-Get-Good-Seats-In-The-Security-Theater.pdf
• Radia-Perlman-Resilience-Despite-Malicious-Pariticpants.pdf
• Regilero-Hiding-Wookiees-In-Http.pdf
• Ricky-Lawshae-Lets-Get-Physical.pdf
• Robbins-Vazarkar-Schroeder-Six-Degrees-of-Domain-Admin.pdf
• Robert-Olson-Writing-Your-First-Exploit.pdf
• Rogan-Dawes-Dominic-White-Universal-Serial-aBUSe-Remote-Attacks.pdf
• Rose-Ramsey-Picking-Bluetooth-Low-Energy-Locks.pdf
• Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers.pdf
• Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory.pdf
• Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering.pdf
• Shane-Steiger-Maelstrom-Are-You-Playing-With-A-Full-Deck-V14-Back.pdf
• Shane-Steiger-Maelstrom-Rules-V10.pdf
• SixVolts-and-Haystack-Cheap-Tools-For-Hacking-Heavy-Trucks.pdf
• Tamas-Szakaly-Help-I-got-ANTS.pdf
• Thomas-Wilhelm-Hacking-Network-Protocols-Using-Kali.pdf
• Joe-Grand-Zoz-BSODomizerHD.pdf
• Jonathan-Brossard-Intro-to-Witchcraft-Compiler.pdf
• Karyn-Benson-Examining-The-Internets-Pollution.pdf
• Klijnsma-Tentler-Stargate-Pivoting-Through-VNC.pdf
• Ladar-Levison-Compelled-Decryption.pdf
• Thomas-Wilhelm-Intrusion-Prevention-System-Evasion-Techniques.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines-Literature-Survey.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines.pdf
• Tom-Kopchak-Sentient-Storage.pdf
• Ulf-Frisk-Direct-Memory-Attack-the-Kernel.pdf
• Wesley-McGrew-Secure-Penetration-Testing-Operations.pdf

No seáis malos. 

Investigaciones Black Hat USA 2016

Hola a tod@s

Concluyo la Back Hat USA 2016 y con ella un sin fin de investigaciones de seguridad para amenizar las calurosas tardes de agosto al salir del curro. Disfrutadlas: 

A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land

us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

Breaking Hardware-Enforced Security with Hypervisors

us-16-Sharkey-Breaking-Hardware-Enforced-Security-With-Hypervisors.pdf

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX

us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf

badWPAD

us-16-Goncharov-BadWpad.pdf

Beyond the MCSE: Active Directory for the Security Professional

us-16-Metcalf-Beyond-The-MCSE-Active-Directory-For-The-Security-Professional.pdf

A Lightbulb Worm?

us-16-OFlynn-A-Lightbulb-Worm.pdf

Abusing Bleeding Edge Web Standards for AppSec Glory

us-16-Zadegan-Abusing-Bleeding-Edge-Web-Standards-For-AppSec-Glory.pdf

Access Keys Will Kill You Before You Kill the Password

us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.pdf

Account Jumping Post Infection Persistency & Lateral Movement in AWS

us-16-Amiga-Account-Jumping-Post-Infection-Persistency-And-Lateral-Movement-In-AWS.pdf

AirBnBeware: Short Term Rentals Long Term Pwnage

us-16-Galloway-AirBnBeware-Short-Term-Rentals-Long-Term-Pwnage.pdf

AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It

us-16-Mittal-AMSI-How-Windows-10-Plans-To-Stop-Script-Based-Attacks-And-How-Well-It-Does-It.pdf

An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network

us-16-Berlin-An-AI-Approach-To-Malware-Similarity-Analysis-Mapping-The-Malware-Genome-With-A-Deep-Neural-Network.pdf

Analysis of the Attack Surface of Windows 10 Virtualization-Based Security

us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security.pdf

Applied Machine Learning for Data Exfil and Other Fun Topics

us-16-Wolff-Applied-Machine-Learning-For-Data-Exfil-And-Other-Fun-Topics.pdf

Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking?

us-16-Yoon-Attacking-SDN-Infrastructure-Are-We-Ready-For-The-Next-Gen-Networking.pdf

$hell on Earth: From Browser to System Compromise

us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf

1000 Ways to Die in Mobile OAuth

us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth.pdf

Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits

us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits.pdf

AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion

us-16-Bulazel-AVLeak-Fingerprinting-Antivirus-Emulators-For-Advanced-Malware-Evasion.pdf

Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions

us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions.pdf

Blunting the Phisher’s Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges

us-16-Vishwanath-Blunting-The-Phishers-Spear-A-Risk-Based-Approach-For-Defining-User-Training-And-Awarding-Administrative-Privileges.pdf

Breaking FIDO: Are Exploits in There?

us-16-Chong-Breaking-FIDO-Are-Exploits-In-There.pdf

Breaking Payment Points of Interaction (POI)

us-16-Valtman-Breaking-Payment-Points-of-Interaction.pdf

Brute-Forcing Lockdown Harddrive PIN Codes

us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf

Building Trust & Enabling Innovation for Voice Enabled IoT

us-16-Terwoerds-Building-Trust-&-Enabling-Innovation-For-Voice-Enabled-IoT.pdf

Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud

us-16-Marzuoli-Call-Me-Gathering-Threat-Intelligence-On-Telephony-Scams-To-Detect-Fraud.pdf

Can You Trust Me Now? An Exploration into the Mobile Threat Landscape

us-16-Thomas-Can-You-Trust-Me-Now.pdf

CANSPY: A Platform for Auditing CAN Devices

us-16-Demay-CANSPY-A-Platorm-For-Auditing-CAN-Devices.pdf

Captain Hook: Pirating AVs to Bypass Exploit Mitigations

us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations.pdf

Capturing 0day Exploits with PERFectly Placed Hardware Traps

us-16-Pierce-Capturing-0days-With-PERFectly-Placed-Hardware-Traps.pdf

Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable

us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf

Crippling HTTPS with Unholy PAC

us-16-Kotler-Crippling-HTTPS-With-Unholy-PAC.pdf

Cunning with CNG: Soliciting Secrets from Schannel

us-16-Kambic-Cunning-With-CNG-Soliciting-Secrets-From-SChannel.pdf

Cyber War in Perspective: Analysis from the Crisis in Ukraine

us-16-Geers-Cyber-War-In-Perspective-Analysis-From-The-Crisis-In-Ukraine.pdf

Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization

us-16-Zhang-Dangerous-Hare-Hanging-Attribute-References-Hazards-Due-To-Vendor-Customization.pdf

Dark Side of the DNS Force

us-16-Wu-Dark-Side-Of-The-DNS-Force.pdf

Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace

us-16-Healey-Defense-At-Hyperscale-Technologies-And-Policies-For-A-Defensible-Cyberspace.pdf

Demystifying the Secure Enclave Processor

us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf

Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf

us-16-Bai-Discovering-And-Exploiting-Novel-Security-Vulnerabilities-In-Apple-Zeroconf.pdf

Does Dropping USB Drives in Parking Lots and Other Places Really Work?

us-16-Bursztein-Does-Dropping-USB-Drives-In-Parking-Lots-And-Other-Places-Really-Work.pdf

Drone Attacks on Industrial Wireless: A New Front in Cyber Security

us-16-Melrose-Drone-Attacks-On-Industrial-Wireless-A-New-Front-In-Cyber-Security.pdf

Dungeons Dragons and Security

us-16-Romand-Latapie-Dungeons-Dragons-And-Security.pdf

Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness

us-16-Benenson-Exploiting-Curiosity-And-Context-How-To-Make-People-Click-On-A-Dangerous-Link-Despite-Their-Security-Awareness.pdf

GATTacking Bluetooth Smart Devices – Introducing a New BLE Proxy Tool

us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf

Hackproofing Oracle eBusiness Suite

us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf

Hardening AWS Environments and Automating Incident Response for AWS Compromises

us-16-Krug-Hardening-AWS-Environments-And-Automating-Incident-Response-For-AWS-Compromises.pdf

HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows

us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows.pdf

Horse Pill: A New Type of Linux Rootkit

us-16-Leibowitz-Horse-Pill-A-New-Type-Of-Linux-Rootkit.pdf

HTTP Cookie Hijacking in the Wild: Security and Privacy Implications

us-16-Sivakorn-HTTP-Cookie-Hijacking-In-The-Wild-Security-And-Privacy-Implications.pdf

HTTP/2 & QUIC – Teaching Good Protocols To Do Bad Things

us-16-Pearce-HTTP2-&-QUIC-Teaching-Good-Protocols-To-Do-Bad-Things.pdf

I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache

us-16-Marie-I-Came-to-Drop-Bombs-Auditing-The-Compression-Algorithm-Weapons-Cache.pdf

Into The Core – In-Depth Exploration of Windows 10 IoT Core

us-16-Sabanal-Into-The-Core-In-Depth-Exploration-Of-Windows-10-IoT-Core.pdf

Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI

us-16-Bratus-Intra-Process-Memory-Protection-For-Applications-On-ARM-And-x86.pdf

Iran’s Soft-War for Internet Dominance

us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance.pdf

Language Properties of Phone Scammers: Cyberdefense at the Level of the Human

us-16-Tabron-Language-Properties-Of-Phone-Scammers-Cyberdefense-At-The-Level-Of-The-Human.pdf

Memory Forensics Using Virtual Machine Introspection for Cloud Computing

us-16-Zillner-Memory-Forensics-Using-VMI-For-Cloud-Computing.pdf

Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators

us-16-Luo-Next-Generation-Of-Exploit-Kit-Detection-By-Building-Simulated-Obfuscator.pdf

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

us-16-Devlin-Nonce-Disrespecting-Adversaries-Practical-Forgery-Attacks-On-GCM-In-TLS.pdf

O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications

us-16-Otsubo-O-checker-Detection-of-Malicious-Documents-through-Deviation-from-File-Format-Specifications.pdf

OSS Security Maturity: Time to Put On Your Big Boy Pants!

us-16-Kouns-OSS-Security-Maturity-Time-To-Put-On-Your-Big-Boy-Pants.pdf

Pangu 9 Internals

us-16-Wang-Pangu-9-Internals.pdf

PINdemonium: A DBI-Based Generic Unpacker for Windows Executable

us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables.pdf

PLC-Blaster: A Worm Living Solely in the PLC

us-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC.pdf

Pwning Your Java Messaging with Deserialization Vulnerabilities

us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf

Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy

us-16-Ortisi-Recover-A-RSA-Private-Key-From-A-TLS-Session-With-Perfect-Forward-Secrecy.pdf

GreatFET: Making GoodFET Great Again

us-16-Ossmann-GreatFET-Making-GoodFET-Great-Again.pdf

Hacking Next-Gen ATMs: From Capture to Cashout

us-16-Hecker-Hacking-Next-Gen-ATMs-From-Capture-To-Cashout.pdf

Samsung Pay: Tokenized Numbers Flaws and Issues

us-16-Mendoza-Samsung-Pay-Tokenized-Numbers-Flaws-And-Issues.pdf

Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools

us-16-McGrew-Secure-Penetration-Testing-Operations-Demonstrated-Weaknesses-In-Learning-Material-And-Tools.pdf

Security Through Design – Making Security Better by Designing for People

us-16-Niemantsverdriet-Security-Through-Design-Making-Security-Better-By-Designing-For-People.pdf

SGX Secure Enclaves in Practice: Security and Crypto Review

us-16-Aumasson-SGX-Secure-Enclaves-In-Practice-Security-And-Crypto-Review.pdf

Side-Channel Attacks on Everyday Applications

us-16-Hornby-Side-Channel-Attacks-On-Everyday-Applications.pdf

Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root

us-16-Chen-Subverting-Apple-Graphics-Practical-Approaches-To-Remotely-Gaining-Root.pdf

TCP Injection Attacks in the Wild – A Large Scale Study

us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study.pdf

The Art of Defense – How Vulnerabilities Help Shape Security Features and Mitigations in Android

us-16-Kralevich-The-Art-Of-Defense-How-Vulnerabilities-Help-Shape-Security-Features-And-Mitigations-In-Android.pdf

The Art of Reverse Engineering Flash Exploits

us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits.pdf

The Beast Within – Evading Dynamic Malware Analysis Using Microsoft COM

us-16-Hund-The-Beast-Within-Evading-Dynamic-Malware-Analysis-Using-Micro.pdf

The Remote Malicious Butler Did It!

us-16-Beery-The-Remote-Malicious-Butler-Did-It.pdf

The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack

us-16-Lei-The-Risk-From-Power-Lines-How-To-Sniff-The-G3-And-Prime-Data-And-Detect-The-Interfere-Attack.pdf

When Governments Attack: State Sponsored Malware Attacks Against Activists Lawyers and Journalists

us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists.pdf

The Tao of Hardware the Te of Implants

us-16-FitzPatrick-The-Tao-Of-Hardware-The-Te-Of-Implants.pdf

The Year in Flash

us-16-Silvanovich-The-Year-In-Flash.pdf

Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks

us-16-Gelernter-Timing-Attacks-Have-Never-Been-So-Practical-Advanced-Cross-Site-Search-Attacks.pdf

Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency

us-16-Malone-Using-An-Expanded-Cyber-Kill-Chain-Model-To-Increase-Attack-Resiliency.pdf

Using EMET to Disable EMET

us-16-Alsaheel-Using-EMET-To-Disable-EMET.pdf

Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process

us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf

Viral Video – Exploiting SSRF in Video Converters

us-16-Ermishkin-Viral-Video-Exploiting-Ssrf-In-Video-Converters.pdf

VOIP WARS: The Phreakers Awaken

us-16-Ozavci-VoIP-Wars-The-Phreakers-Awaken.pdf

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter

us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf

Windows 10 Segment Heap Internals

us-16-Yason-Windows-10-Segment-Heap-Internals.pdf

Xenpwn: Breaking Paravirtualized Devices

us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices.pdf

Web Application Firewalls: Analysis of Detection Logic

us-16-Ivanov-Web-Application-Firewalls-Analysis-Of-Detection-Logic.pdf

What’s the DFIRence for ICS?

us-16-Sistrunk-Triplett-Whats-The-DFIRence-For-ICS.pdf

When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement

us-16-Granick-When-The-Cops-Come-A-Knocking-Handling-Technical-Assistance-Demands-From-Law-Enforcement.pdf

Windows 10 Mitigation Improvements

us-16-Weston-Windows-10-Mitigation-Improvements.pdf

No seáis malos.