Timing attacks have never been so practical: Advance cross site search attacks
Cross-site search (XS-search) is a practical timing side-channel attack that allows the extraction of sensitive information from web-services. The attack exploits inflatio
Intra process memory protection for applications on ARM and x86
Today's software needs to isolate not only processes but the many components *within* a process from each other. Process-level isolation via jails, sandboxes, VMs, or hypervisors is final
Demystifying Secure enclave processor
The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security c
Breaking hardware enforced security with hypervisors
Hardware-Enforced Security is touted as the panacea solution to many modern computer security challenges. While certainly adding robust options to the defenders toolset, they are not without their
Samsung pay: tokenized numbers flaws and issues
Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user's credit card information, Samsung Pay is trying to become one of the most secure approaches offering
Applied Machine learning for data exfiltration and other fun topics
The goal of this presentation is to help researchers, analyst, and security enthusiast get their hands dirty applying machine learning to security problems. We will walk the entire pi
Memory forensics using VMI for cloud computing
The relocation of systems and services into cloud environments is on the rise. Because of this trend users lose direct control over their machines and depend on the offered services from cloud providers.
Building trust and Enabling innovation for voice enabled IOT
Voice enabled technology provides developers with great innovation opportunities as well as risks. The Voice Privacy Alliance created a set of 39 Agile security stories specifically for voic
Breaking Kernal address space layout rendomization: KASLAR with Intel TSX
Kernel hardening has been an important topic, as many applications and security mechanisms often consider the kernel their Trusted Computing Base (TCB). Among various hardenin
Attacking bluetooth smart devices: introducing a new BLE proxy tool
Bluetooth Low Energy is probably the most thriving technology implemented recently in all kinds of IoT devices: gadgets, wearables, smart homes, medical equipment and even banking tok
Account jumping post infection persistency and lateral movement in AWS
The widespread adoption of AWS as an enterprise platform for storage, computing and services makes it a lucrative opportunity for the development of AWS focused APTs. We will cover
A lightbulb worm
Could a worm spread through a smart light network? This talk explores the idea, and in particular dives into the internals of the Philips Hue smart light system, and details what security has been deployed to prevent this.
Examples of
Recover A RSA Private key from a TLS session with perfect forward secrecy
They always taught us that the only thing that can be pulled out from a SSL/TLS session using strong authentication and latest Perferct Forward Secrecy ciphersuites is the pub
Weaponizing data science for social engineering: automate E2E spear phishing on twitter
Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic ident
TCP injection attacks in the wild: A large scale case study
In this work we present a massively large-scale survey of Internet traffic that studies the practice of false content injections on the web. We examined more than 1.5 Peta-bits of data from
AI approach to malware similarity analysis: Mapping the malware genome with a deep neural network
In recent years, cyber defenders protecting enterprise networks have started incorporating malware code sharing identification tools into their workflows
Certificate bypass: Hiding and executing malware from a digitally signed executables
Malware developers are constantly looking for new ways to evade the detection and prevention capabilities of security solutions. In recent years, we have seen many di
The art of reverse engineering flash exploits
Adobe Flash is one of the battlegrounds of exploit and mitigation methods. As most of the Flash exploits demonstrate native memory layer exploit technique, it is valuable to understand the memory layout an
Attacking SDN infrastructure: Are we ready for the Next Gen networking
Software-Defined Networking (SDN), by decoupling the control logic from the closed and proprietary implementations of traditional network devices, allows researchers and practiti
Abusing bleeding edge web standards for appsec glory
Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec
