All Articles

The era of technology as a limiting factor of business innovation is at an end. For years security teams have struggled with basic security hygiene and practices such as asset inventory, secure configurations and secure development. Learn how your se

Methods for securely outsourcing storage are discussed.

Topic 1: Composable and Robust Outsourced Storage Authors: Christian Badertscher; Ueli Maurer

Topic 2: Secure Deduplication of Encrypted Data: Refined Model and New Constructions Authors: Jian Liu

A usability study of OpenSSL and a factorization method for moduli with two prime factors are discussed. Topic 1: Why Johnny the Developer Can’t Work with Public Key Certificates: An Experimental Study of OpenSSL Usability Authors: Martin Ukrop; Vash

Protocols related to key rotation and hidden service discovery are discussed.

Topic 1: Practical Revocation and Key Rotation Authors: Steven Myers; Dr. Adam Shull

Topic 2: Asynchronous Provably Secure Hidden Services Authors: Philippe Camacho; Fernando

Post-Quantum cryptography is discussed in relation to symmetric key and hash-based schemes.

Topic 1: Cryptanalysis against Symmetric-Key Schemes with Online Classical Queries and Offline Quantum Computations Authors: Akinori Hosoyamada; Yu Sasaki

Topic

Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography.

Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Don

Image steganography is becoming the attack vector of choice for cyber criminals. This session explains what Stegware is, how it is being used (anti-virus evasion, covert command & control channels, data exfiltration), how it works (redundant data, LS

IoT offers a plethora of new protocols and frequencies over which communication travels. Protocols and services such as SSDP, P25, Zigbee, Z-Wave, WiFi and more provide countless ways to exfiltrate data or infiltrate the network. Through real-world e

The Domain Name System is deceptively simple and often underutilized as a security tool. Once you start looking under the cover there is a wealth of detail that can be used as an early warning system to predict new targeted attacks. In this session F

IaaS clouds transformed datacenter security architecture by enabling programmatic detection of flaws, making the cloud more transparently secure than any legacy architecture. But security practitioners who assume congruence to legacy designs miss whe

Avast CTO Ondrej Vlček breaks down the sophisticated CCleaner supply-chain malware attack, providing new unpublished findings about the unique stealth, steganography and exfiltration techniques used by the attackers. Avast will dissect the malicious

Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or

White hat defense systems continue to improve on supervised learning sets using machine and deep learning neural networks to defend against an exploding attack surface. Zombies that require commands from botnet herders are becoming intelligent, capab

Valued at over $24 billion in total, Ether is the second largest crypto currency, only behind Bitcoin. In the last two years, cybercriminals have exploited code flaws, web app vulnerabilities and social engineering to steal over $100 million in Ether

Software security is often boiled down to the “OWASP Top 10,” resulting in an ineffective sense of what maturity-focused, comprehensive application security could be like. How then should an organization consider building a holistic program that seek

Discussion will start on web app threat model, sharing the effectiveness analysis of common app sec tools including SAST, DAST, IAST, RASP, WAF, bot detection, DB monitoring, open source scan and bin composition analysis. The discussion will cover th

Dave Hogue provided one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue equi

With many organizations using a sandbox to detonate suspicious files, many threats are implementing logic to detect sandbox environments, to alter their behavior and evade detection. This talk will highlight many real-world evasion tactics employed b

Vodafone is one of the world’s largest telecommunications companies, enabling connectivity by providing mobile, fixed and IoT networks to customers around the world. Vodafone is redefining the boundary of the SOC and sees the balance between preventi

Is your SOC overwhelmed with alerts and threats? Cyber-adversaries are wielding tools and machine power, while organizations are still trying to scale their cybersecurity with OpEx and poorly planned CapEx spending. In this session, you will learn fr