All Articles

Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities sk

2018 started off with a bang as the world was introduced to a new class of hardware vulnerability which became known as Meltdown and Spectre. New classes of vulnerabilities are exceedingly rare and this one came with ramifications for the security bo

WebAssembly (WASM) is a new technology being developed by the major browser vendors through the W3C. A direct descendent of NaCl and Asm.js, the idea is to allow web developers to run native (e.g. C/C++) code in a web page at near-native performance.

Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Researchers have been able to successfully attack deep learning models used to classify malware to completely

The term "smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much mor

In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has succes

In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has succes

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven:

OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From today's viewpoint this is surprising as both standards rely on outdated cryptographic primitives that were responsible for vulnerabilities in major cryp

Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build

On macOS, DEP (Device Enrollment Program) and MDM (Mobile Device Management) are the recommended methods for automating the initial setup & configuration of new devices. MDM can offer sophisticated system configuration options, including privileged o

Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that'

Financial institutions, home automation products, and hi-tech offices have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning have shown that text-to-speech systems can generate synthetic, high-

To keep up with the growing demand of always-on and available-anywhere connectivity, the use of cellular, in comparison to its wireless mobile connectivity counterpart in the electromagnetic spectrum, is rapidly expanding. My research in the IoT spac

Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot have helped curtail once-widespread commodity kernel mode malware such as TDL4 and ZeroAccess. However, advanced attackers have found w

WebAssembly is a new standard that allows assembly-like code to run in browsers at near-native speed. But how does WebAssembly work, and how does it execute code while maintaining the security guarantees of a browser? This presentation gives an overv

Software companies can have hundreds of software products in-market at any one time, all requiring support and security fixes with tight release timelines or no releases planned at all. At the same time, the velocity of open source vulnerabilities th

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Windows Security at DEF CON 26.

DEFCON 2018, 26th D

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Vulnerabilities & Exploits at DEF CON 26.

DEFCON 20