As our Review Board members continue to work their way through a record number of submissions, we are releasing new selections in batches. Below are the most recently announced Briefings, with links to their abstracts.
For a complete list of ALL Briefings selected to date, and to search by specific tracks, click here.
- 1000 Ways to Die in Mobile OAuth
by Eric Chen, Patrick Tague, Robert Kotcher, Shuo Chen, Yuan Tian, Yutong Pei - A Retrospective on the Use of Export Cryptography
by David Adrian - AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
by Nikhil Mittal - An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network
by Konstantin Berlin - Attack Face Identification System with 3D Human Face Model Generated from Photos
by Zhengbo Wang - badWPAD
by Maxim Goncharov - Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud
by Aude Marzuoli - Captain Hook: Pirating AVs to Bypass Exploit Mitigations
by Tomer Bitton, Udi Yavo - Capturing 0day Exploits with PERFectly Placed Hardware Traps
by Cody Pierce, Kenneth Fitch, Matt Spisak - Crippling HTTPS with Unholy PAC
by Amit Klein, Itzhak Kotler - Dark Side of the DNS Force
by Erik Wu - Fingerprinting Antivirus Emulators For Advanced Malware Evasion
by Alexei Bulazel - GATTacking Bluetooth Smart devices - introducing a new BLE proxy tool
by Slawomir Jasek - I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache
by Cara Marie - Into The Core - In-Depth Exploration of Windows 10 IoT Core
by Paul Sabanal - Iran's Soft-War for Internet Dominance
by Claudio Guarnieri, Collin Anderson - Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators
by Tongbo Luo, Xin Jin - Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
by Aaron Zauner, Johannes Böck, Philipp Jovanovic, Sean Devlin - O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications
by Yuhei Otsubo - Over the Edge: Silently Owning Windows 10's Secure Browser
by Cristiano Giuffrida, Erik Bosman, Herbert Bos, Kaveh Razavi - Pangu 9 Internals
by Hao Xu, Tielei Wang, Xiaobo Chen - PINdemonium: A DBI-Based Generic Unpacker for Windows Executable
by Lorenzo Fontana, Sebastiano Mariani - Pwning your Java Messaging with Deserialization Vulnerabilities
by Matthias Kaiser - Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy
by Marco Ortisi - Security Through Design - Making Security Better by Designing for People
by Jelle Niemantsverdriet - SGX Secure Enclaves in Practice: Security and Crypto Review
by Jean-Philippe Aumasson, Luis Merino - TCP Injection Attacks in the Wild - A Large Scale Study
by Gabi Nakibly - The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM
by Ralf Hund - The Year in Flash
by Natalie Silvanovich - Towards a Holistic Approach in Building Intelligence to Fight Crimeware
by Dhia Mahjoub, Mykhailo Sakaly, Thomas Mathew - Unleash the Infection Monkey: A Modern Alternative to Pen-Tests
by Ofri Ziv - Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter
by John Seymour, Philip Tully - Web Application Firewalls: Analysis of Detection Logic
by Vladimir Ivanov - When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists
by Cooper Quintin, Eva Galperin - Windows 10 Segment Heap Internals
by Mark Vincent Yason