Quantifying Risk in Consumer Software at Scale — Consumer Reports’ Digital Standard
Last year Mudge and Sarah pulled back the curtains on the non-profit Cyber Independent Testing Laboratory: An organization designed to…Подробнее
Last year Mudge and Sarah pulled back the curtains on the non-profit Cyber Independent Testing Laboratory: An organization designed to…Подробнее
Web standards are ever-evolving and determine what browsers can do. But new features can also lead to new vulnerabilities as…Подробнее
You’ve joined a startup building the next big enterprise unicorn. The product is delivered as javascript on all of your…Подробнее
We have created our own small tool for testing endpoints, and we have discovered that many times, protocol data is…Подробнее
Botnets and C&C servers are taking over the internet and are a major threat to all of us … but…Подробнее
In this talk, we will examine the legal landscape for cybersecurity professionals seeking to safeguard a clients’ sensitive client data.…Подробнее
In this work we analyzed two recent trends. The first trend is the growing threat of firmware attacks which include…Подробнее
In this talk, we will discuss the Federal Trade Commission’s (FTC) longstanding authority to protect consumers from unfair and deceptive…Подробнее
It was a highly secure infrastructure of servers that allegedly offered cyber criminals an unfettered platform from which to conduct…Подробнее
Our research has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their…Подробнее
The 3G and 4G devices deployed worldwide are vulnerable to IMSI catcher aka Stingray devices. The next generation 5G network…Подробнее
The Internet of Things (IoT) is all around us, making our lives more convenient. We’ve seen IoT devices being taken…Подробнее
User studies are critical to understanding how users perceive and interact with security and privacy software and features. While it…Подробнее
Wesley presents a comprehensive set of recommendations that can be used to build secure penetration testing operations. This includes technical…Подробнее
Several popular attack tools and techniques remain effective in the real world, even though they are well understood and documented.…Подробнее
This talk will take a look at how security curricula have traditionally been developed and continued to be shaped by…Подробнее
We will present a new approach, allowing you to circumvent limitations and control the targeted network from the very WSUS…Подробнее
We present a new and efficient approach to systematic testing of cryptographic software: differential fuzzing. Unlike general purpose software fuzzing…Подробнее
his presentation introduces solid approaches to cope with these challenges by scaling out the application security team’s capabilities, putting the…Подробнее
In our talk, we will present a novel, physical, DMA attack that is undetectable, doesn’t require a particular port and…Подробнее
In this work, we present FlowFuzz a fuzzing framework for SDN-enabled software and hardware switches. In particular we focus on…Подробнее
In this talk, we will discuss the current status, possible solutions, and outline advanced SS7 attacks and defenses using open-source…Подробнее
Creating a custom command and control (C&C) server for someone else’s malware has a myriad of benefits. If you can…Подробнее
The cyber attack on Ukraine’s power grid on December 17th, 2016 was the second time in history a power grid…Подробнее
While we have seen point attacks on cloud vendors there hasn’t been enough attention paid to the interdependence of these…Подробнее
SQLite is widely used as embedded database software for local/client storage in application software, such as web browsers and mobile…Подробнее
The purpose of this talk is to provide a comprehensive description of the technical details and approach used to discover…Подробнее
A rise in data analytics and machine learning has left the typical pentesters behind in the dust. This talk covers…Подробнее
Our talk will discuss various counter-forensic measures against both existent and emergent threats targeting image-centric intelligence gathering which adversaries may…Подробнее
We will present a new method to allow provisioning port identification and manipulation by using connection matrix. With this, it…Подробнее