BlackHat 2013

[malware]
BINARYPIG - SCALABLE MALWARE ANALYTICS IN HADOOP
BOCHSPWN: IDENTIFYING 0-DAYS VIA SYSTEM-WIDE MEMORY ACCESS PATTERN ANALYSIS
BUGALYZE.COM - DETECTING BUGS USING DECOMPILATION AND DATA FLOW ANALYSIS
END-TO-END ANALYSIS OF A DOMAIN GENERATING ALGORITHM MALWARE FAMILY
HOT KNIVES THROUGH BUTTER: BYPASSING AUTOMATED ANALYSIS SYSTEMS
HOW TO GROW A TREE (TAINT-ENABLED REVERSE ENGINEERING ENVIRONMENT) FROM CBASS (CROSS-PLATFORM BINARY AUTOMATED SYMBOLIC-EXECUTION SYSTEM)
HUNTING THE SHADOWS: IN DEPTH ANALYSIS OF ESCALATED APT ATTACKS
JAVA EVERY-DAYS: EXPLOITING SOFTWARE RUNNING ON 3 BILLION DEVICES
JUST-IN-TIME CODE REUSE: THE MORE THINGS CHANGE, THE MORE THEY STAY THE SAME
MACTANS: INJECTING MALWARE INTO IOS DEVICES VIA MALICIOUS CHARGERS
OPTIROP: HUNTING FOR ROP GADGETS IN STYLE
VIRTUAL DEOBFUSCATOR - A DARPA CYBER FAST TRACK FUNDED EFFORT
SPY-JACKING THE BOOTERS
SMASHING THE FONT SCALER ENGINE IN WINDOWS KERNEL
PRESS ROOT TO CONTINUE: DETECTING OSX AND WINDOWS BOOTKITS WITH RDFU
PREDICTING SUSCEPTIBILITY TO SOCIAL BOTS ON TWITTER
MILLION BROWSER BOTNET

[web]
DISSECTING CSRF ATTACKS & COUNTERMEASURES
THE FACTORING DEAD: PREPARING FOR THE CRYPTOPOCALYPSE
JAVASCRIPT STATIC SECURITY ANALYSIS MADE EASY WITH JSPRIME
') UNION SELECT `THIS_TALK` AS ('NEW OPTIMIZATION AND OBFUSCATION TECHNIQUES’)
TLS 'SECRETS'
SSL, GONE IN 30 SECONDS - A BREACH BEYOND CRIME
PIXEL PERFECT TIMING ATTACKS WITH HTML5


[network]
DEFENDING NETWORKS WITH INCOMPLETE INFORMATION: A MACHINE LEARNING APPROACH
EVADING DEEP INSPECTION FOR FUN AND SHELL
FULLY ARBITRARY 802.3 PACKET INJECTION: MAXIMIZING THE ETHERNET ATTACK SURFACE
HOME INVASION V2.0 - ATTACKING NETWORK-CONTROLLED HARDWARE
OWNING THE ROUTING TABLE - PART II
WHAT'S ON THE WIRE? PHYSICAL LAYER TAPPING WITH PROJECT DAISHO
UNIVERSAL DDOS MITIGATION BYPASS
LESSONS FROM SURVIVING A 300GBPS DENIAL OF SERVICE ATTACK


[social enginnering]
USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER
PREDICTING SUSCEPTIBILITY TO SOCIAL BOTS ON TWITTER
MALTEGO TUNGSTEN AS A COLLABORATIVE ATTACK PLATFORM

[embeded]
BLUETOOTH SMART: THE GOOD, THE BAD, THE UGLY, AND THE FIX!
EXPLOITING NETWORK SURVEILLANCE CAMERAS LIKE A HOLLYWOOD HACKER
FACT AND FICTION: DEFENDING YOUR MEDICAL DEVICES
HACKING, SURVEILLING, AND DECEIVING VICTIMS ON SMART TV
HONEY, I’M HOME!! - HACKING Z-WAVE HOME AUTOMATION SYSTEMS
THE OUTER LIMITS: HACKING THE SAMSUNG SMART TV
OUT OF CONTROL: DEMONSTRATING SCADA DEVICE EXPLOITATION
UART THOU MAD?

TERIDIAN SOC EXPLOITATION: EXPLORATION OF HARVARD ARCHITECTURE SMART GRID SYSTEMS
STEPPING P3WNS: ADVENTURES IN FULL-SPECTRUM EMBEDDED EXPLOITATION (AND DEFENSE!)
THE SCADA THAT DIDN'T CRY WOLF- WHO'S REALLY ATTACKING YOUR ICS DEVICES- PART DEUX!
RFID HACKING: LIVE FREE OR RFID HARD
POWER ANALYSIS ATTACKS FOR CHEAPSKATES

[mobile]
ANDROID: ONE ROOT TO OWN THEM ALL
BLACKBERRYOS 10 FROM A SECURITY PERSPECTIVE
HOW TO BUILD A SPYPHONE
ROOTING SIM CARDS
REVEALING EMBEDDED FINGERPRINTS: DERIVING INTELLIGENCE FROM USB STACK INTERACTIONS
MULTIPLEXED WIRED ATTACK SURFACES
MOBILE ROOTKITS: EXPLOITING AND ROOTKITTING ARM TRUSTZONE
I CAN HEAR YOU NOW: TRAFFIC INTERCEPTION AND REMOTE MOBILE PHONE CLONING WITH A COMPROMISED CDMA FEMTOCELL

[system]
A TALE OF ONE SOFTWARE BYPASS OF WINDOWS 8 SECURE BOOT
BIOS SECURITY
FUNDERBOLT: ADVENTURES IN THUNDERBOLT DMA ATTACKS
HACKING LIKE IN THE MOVIES: VISUALIZING PAGE TABLES FOR LOCAL EXPLOITATION
HIDING @ DEPTH - EXPLORING, SUBVERTING AND BREAKING NAND FLASH MEMORY
LET'S GET PHYSICAL: BREAKING HOME SECURITY SYSTEMS AND BYPASSING BUILDINGS CONTROLS
PASS-THE-HASH 2: THE ADMIN'S REVENGE
PASS THE HASH AND OTHER CREDENTIAL THEFT AND REUSE: MITIGATING THE RISK OF LATERAL MOVEMENT AND PRIVILEGE ESCALATION

[else]
WITH BIGDATA COMES BIG RESPONSIBILITY: PRACTICAL EXPLOITING OF MDX INJECTIONS
WHAT SECURITY RESEARCHERS NEED TO KNOW ABOUT ANTI-HACKING LAW
TOWN HALL MEETING: CFAA REFORM STRATEGY
POST EXPLOITATION OPERATIONS WITH CLOUD SYNCHRONIZATION SERVICES
MAINFRAMES: THE PAST WILL COME BACK TO HAUNT YOU
LEGAL CONSIDERATIONS FOR CELLULAR RESEARCH
LEGAL ASPECTS OF FULL SPECTRUM COMPUTER NETWORK (ACTIVE) DEFENSE
LAWFUL ACCESS PANEL
IS THAT A GOVERNMENT IN YOUR NETWORK OR ARE YOU JUST HAPPY TO SEE ME?