- 48 Dirty Little Secrets Cryptographers Don’t Want You To Know
- 802.1x and Beyond!
- Abuse of CPE Devices and Recommended Fixes
- Abusing Microsoft Kerberos: Sorry You Guys Don't Get It
- Abusing Performance Optimization Weaknesses to Bypass ASLR
- A Journey to Protect Points-of-Sale
- Android FakeID Vulnerability Walkthrough
- A Practical Attack Against VDI Solutions
- APT Attribution and DNS Profiling
- A Scalable, Ensemble Approach for Building and Visualizing Deep Code-Sharing Networks
- A Survey of Remote Automotive Attack Surfaces
- Attacking Mobile Broadband Modems Like a Criminal Would
- Babar-ians at the Gate: Data Protection at Massive Scale
- Badger - The Networked Security State Estimation Toolkit
- Bitcoin Transaction Malleability Theory in Practice
- Building Safe Systems at Scale - Lessons from Six Months at Yahoo
- Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering
- Capstone: Next Generation Disassembly Framework
- Catching Malware En Masse: DNS and IP Style
- CloudBots: Harvesting Crypto Coins Like a Botnet Farmer
- Computrace Backdoor Revisited
- Contemporary Automatic Program Analysis
- Creating a Spider Goat: Security with Intel CPU Transactional Memory Support
- Data-Only Pwning Microsoft Windows Kernel
- Defeating the Transparency Feature of DBI
- Digging for IE11 Sandbox Escapes Part 1
- Digging for IE11 Sandbox Escapes Part 2
- Dynamic Flash Instrumentation for Fun and Profit
- Epidemiology of Software Vulnerabilities: A Study of Attack Surface Spread
- Evasion of High-End IPS Devices in the Age of IPv6
- Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
- Exposing Bootkits with BIOS Emulation
- Extreme Privilege Escalation on Windows 8/UEFI Systems
- Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces
- Fingerprinting Web Application Platforms by Variations in PNG Implementations
- From Attacks to Action - Building a Usable Threat Model to Drive Defensive Choices
- Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware
- Governments As Malware Authors: The Next Generation
- GRR: Find All the Badness, Collect All the Things
- Hacking the Wireless World with Software Defined Radio - 2.0
- How Smartcard Payment Systems Fail
- How to Leak a 100-Million-Node Social Graph in Just One Week?
- How to Wear Your Password
- ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop
- I Know Your Filtering Policy Better than You Do
- Internet Scanning - Current State and Lessons Learned
- Investigating PowerShell Attacks
- It Just (Net)works: The Truth About iOS 7's Multipeer Connectivity Framework
- Learn How to Control Every Room at a Luxury Hotel Remotely
- Leviathan: Command and Control Communications on Planet Earth
- Lifecycle of a Phone Fraudster: Exposing Fraud Activity
- Miniaturization
- Mobile Device Mismanagement
- MoRE Shadow Walker: The Progression of TLB-Splitting on x86
- Multipath TCP: Breaking Today's Networks with Tomorrow's Protocols
- My Google Glass Sees Your Passwords!
- Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells
- One Packer to Rule Them All
- OpenStack Cloud at Yahoo Scale: How to Avoid Disaster
- Pivoting in Amazon Clouds
- Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors
- Point of Sale System Architecture and Security
- Prevalent Characteristics in Modern Malware
- Probabilistic Spying on Encrypted Tunnels
- Protecting Data In-Use from Firmware and Physical Attacks
- Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA?
- PWNIE Awards at Black Hat USA 2014
- "Nobody is Listening to Your Phone Calls." Really? A Debate and Discussion on the NSA's Activities
- Reflections on Trusting TrustZone
- Researching Android Device Security with the Help of a Droid Army
- Reverse Engineering Flash Memory for Fun and Benefit
- Reverse-Engineering the Supra iBox: Exploitation of a Hardened MSP430-Based Device
- SAP, Credit Cards, and the Bird that Talks Too Much
- SecSi Product Development
- Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring
- Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs
- Smart Nest Thermostat: A Smart Spy in Your Home
- Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android
- Stay Out of the Kitchen: A DLP Security Bake-Off
- The Beast is in Your Memory
- The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP
- The Big Chill: Legal Landmines that Stifle Security Research and How to Disarm Them
- The Devil Does Not Exist - The Role of Deception in Cyber
- The Library of Sparta
- The New Page of Injections Book: Memcached Injections
- The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends
- Thinking Outside the Sandbox - Violating Trust Boundaries in Uncommon Ways
- Threat Intelligence Library - A New Revolutionary Technology to Enhance the SOC Battle Rhythm!
- Time Trial: Racing Towards Practical Timing Attacks
- Understanding IMSI Privacy
- Understanding TOCTTOU in the Windows Kernel Font Scaler Engine
- Unveiling the Open Source Visualization Engine for Busy Hackers
- Unwrapping the Truth: Analysis of Mobile Application Wrapping Solutions
- VoIP Wars: Attack of the Cisco Phones
- What Goes Around Comes Back Around - Exploiting Fundamental Weaknesses in Botnet C&C Panels!
- When the Lights Go Out: Hacking Cisco EnergyWise
- Why Control System Cyber-Security Sucks…
- Why You Need to Detect More Than PtH
- Windows Kernel Graphics Driver Attack Surface
- Write Once, Pwn Anywhere
Announcements
Connect with information security professionals around the world through InterSeC, (ISC)2's professional networking site.
Chapter Events
Special Events
(ISC)² Security Congress
http://congress.isc2.org
