Autonomous Hacking: The New Frontiers of Attack and Defense

Vulnerability analysis has largely been a process that requires substantial human expertise. However, very recently there has been a push for completely autonomous hacking systems, which ca

Bruh! Do you even diff?—Diffing Microsoft Patches to Find Vulnerabilities

Ever wondered how to find bug fixes residing in Microsoft patches? In this presentation we will take a look at the tools and techniques used to reverse engineer Microsoft secu

Braking the Connected Car: The Future of Vehicle Vulnerabilities

In this presentation, analysts from Kelley Blue Book’s Automotive Industry Insights will illustrate how the connected car is quickly becoming an unrestricted playground for cyberthreat

Securing Today’s Online Kids

Technology is an amazing enabler for kids today, but it also brings unique risks. This interactive talk will cover the top three risks facing kids online today, and what parents can do to help protect them. This talk is

AppSec Awareness: A Blueprint for Security Culture Change

How does an individual change the application security culture of an organization? By deploying an application security awareness program with engaging content, humor and recognition. See the

People-Centric Security: Transform Culture, Reduce Risk, Drive Success

This session links security culture and program performance, providing tools and guidance that will enable attendees to measure, manage and transform their own organizations’ sec

Securing the “Weakest Link”

Security professionals often call people “the weakest link.” We claim that they'll always make mistakes, however hard we try, and throw up our hands. But the simple truth is that we can help people do well at a wide varie

Using Behavioral Psychology and Science of Habit to Change User Behavior

Why is it so hard to make users adopt security best practices? The answer lies in human psychology. In this talk the speaker shall explain the “Habit Cycle” and why habits are

Train Like You’re Going to Fight—What Kind of Exercise Meets Your Needs?

Cyber-exercises can be used to hone skills, build teams and practice procedures. With several different types of exercises available, which is the right type to achieve your ob

The Art of Hacking a Human

This session will review security techniques on how to navigate different personalities using traditional hacking techniques. Determine what “operating system” they are running. What patches are in place? What vulnerabilit

Proactive Measures to Mitigate Insider Threat

The threat posed by rogue insiders affects every organization worldwide. The difficulties in balancing employees’ legitimate need to access corporate data along with the need to compartmentalize access a

NSTAC Report to the President on the Internet of Things

Detailed Presentation:

Building an Android Scale Incident Response Process

The Android ecosystem has over one billion active devices from hundreds of OEMs and carrier networks. The Android Security Team will explain how the ecosystem is able to respond quickly and effecti

Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware

This session will cover two key trends in mobile malware observed over the past 12 months and explore the evolution in fraud-linked mobile malware where criminals are developi

Finding Triggered Malice in Android Apps

Traditional techniques to detect malice in Android apps struggle to identify trigger-based changes to application logic. Unfortunately, such triggers are a key component of targeted malware, where the trigger

How to Analyze an Android Bot

This presentation will demonstrate a complete end-to-end analysis of an Android bot. This will include the decompilation and static analysis of bot code and the dynamic analysis of the bot’s behavior in a controlled san

The State of End-User Security—Global Data from 30,000+ Websites

We live in a rapidly changing environment. Mobile commerce is skyrocketing, browsers/OS are changing, web applications enable increasing functionality—yet the only thing that seems con

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in

Hacking Exposed: The Mac Attack

Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically se

Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Imagine being dependent on a wireless infusion pump to receive the correct dosage of life-supporting medication. Now imagine the implications, were that pump to be malicious