Eldar Marcussen While auditing a system administration tool, I spotted what appeared to be a clear vulnerability when skimming some code. What I believed was a command injection flaw failed to execute when tested against a lab system, but it did exhibit behaviour that was somewhat consistent with injection flaws. This talk describes the
Perri Adams & Sophia D'Antoine
Digital markets have quickly grown to international proportions, complexities in materials, development, and distribution have developed accordingly, resulting in market efficiency.
Digital markets have quickly grown to international proportions, complexities in materials, development, and distribution have developed accordingly, resulting in market efficiency.
Sophia D'Antoine
Last year, Bloomberg's Big Hack article gave everyone a much needed scare which forced companies to evaluate their exposure to supply chain intervention attacks. But a wider acknowledgment of the problem doesn't make it go away.
Last year, Bloomberg's Big Hack article gave everyone a much needed scare which forced companies to evaluate their exposure to supply chain intervention attacks. But a wider acknowledgment of the problem doesn't make it go away.
Jeremy Blackthorne
Ghidra is the recently published NSA tool for software reverse-engineering. Development for Ghidra began approximately 20 years ago but remained classified within the NSA.
Ghidra is the recently published NSA tool for software reverse-engineering. Development for Ghidra began approximately 20 years ago but remained classified within the NSA.
Numaan Huq
The Energy & Water (E&W) sectors are critical to the economy of every nation and need to be secured. During our investigations we found a certain amount of exposed and unprotected E&W systems online, bringing with them a danger to these Critical Infrastructure (CI).
The Energy & Water (E&W) sectors are critical to the economy of every nation and need to be secured. During our investigations we found a certain amount of exposed and unprotected E&W systems online, bringing with them a danger to these Critical Infrastructure (CI).
Costin G. Raiu & Vitaly Kamluk
Supply chain attacks are becoming some of the least-expected and hard to discover threats in the modern world. Often employing valid digital signatures and capitalizing on the reputation of established
Supply chain attacks are becoming some of the least-expected and hard to discover threats in the modern world. Often employing valid digital signatures and capitalizing on the reputation of established
John McCumber
(ISC)2 recently conducted their annual Cybersecurity Workforce Study. With input from more 1,400 participants surveyed worldwide, including professionals - CISSP certified and non-certified professionals - who spend at least 25% of their time on cybersecurity.
(ISC)2 recently conducted their annual Cybersecurity Workforce Study. With input from more 1,400 participants surveyed worldwide, including professionals - CISSP certified and non-certified professionals - who spend at least 25% of their time on cybersecurity.
Zeshan Aziz
As expected, many of the previously useful automated heuristics for bot detection have started to become less relevant as bot creators have updated their operational security (OPSEC) and tactics, techniques, and procedures (TTP) to account for common detection mechanisms.
As expected, many of the previously useful automated heuristics for bot detection have started to become less relevant as bot creators have updated their operational security (OPSEC) and tactics, techniques, and procedures (TTP) to account for common detection mechanisms.
Simon Zuckerbraun
JavaScript is everywhere and the providers of JavaScript engines are locked in a tight race to deliver high performance and low resource consumption. In this environment, the major JavaScript engines have evolved into machines of monstrous complexity, employing
JavaScript is everywhere and the providers of JavaScript engines are locked in a tight race to deliver high performance and low resource consumption. In this environment, the major JavaScript engines have evolved into machines of monstrous complexity, employing
Ryan Warns
This talk is a case study of a systemic security issue when developing a subset of device drivers based on a previously unexplored exploitation vector: unrestricted or improperly validated access to the privileged Model Specific Register (MSR) instructions.
This talk is a case study of a systemic security issue when developing a subset of device drivers based on a previously unexplored exploitation vector: unrestricted or improperly validated access to the privileged Model Specific Register (MSR) instructions.