USA 2017: MAY 4 SELECTIONS - 35 NEW BRIEFINGS ANNOUNCED
As our Review Board members continue to work their way through a record number of submissions, we are releasing new selections in batches. Below are the most recently announced Briefings, with links to their abstracts.
For a complete list of ALL Briefings selected to date, and to search by specific tracks, click here.
- 'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback
by Yuwei Zheng, Lin Huang
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
by Orange Tsai
- Automated Testing of Crypto Software Using Differential Fuzzing
by Jean-Philippe Aumasson, Yolan Romailler
- AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically
by Chanil Jeon, Insu Yun, Jinho Jung, Max Wolotsky, Taesoo Kim
- Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
by Mateusz Jurczyk
- Bot vs. Bot for Evading Machine Learning Malware Detection
by Hyrum Anderson
- Breaking the Laws of Robotics: Attacking Industrial Robots
by Andrea Maria Zanchettin, Davide Quarta, Federico Maggi, Marcello Pogliani, Mario Polino, Stefano Zanero
- Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS
by Ayoub El Aassal
- Defeating Samsung KNOX with Zero Privilege
by Di Shen
- Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
by Waylon Grange
- Exploitation of Kernel Pool Overflow on Microsoft Windows 10 DKOM/DKOHM is Back in DKOOHM! Direct Kernel Optional Object Header Manipulation
by Nikita Tarakanov
- Exploiting Network Printers
by Ty Miller, Paul Kalinin
- Exploit Kit Cornucopia
by Brad Antoniewicz, Matt Foley
- FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches
by Nicholas Gray
- Free-Fall: Hacking Tesla from Wireless to CAN Bus
by Ling Liu, Sen Nie, Yuefeng Du
- Hacking Serverless Runtimes: Profiling AWS Lambda, Azure Functions, and More
by Andrew Krug, Graham Jones
- Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening
by Nick Kralevich
- Intel SGX Remote Attestation is Not Sufficient
by Yogesh Swami
- Intercepting iCloud Keychain
by Alex Radocea
- IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
by Tongbo Luo, Xing Jin, Zhaoyan Xu
- Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev
by Harold Chun, Norman Barbosa
- Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
by Patrick Wardle
- Protecting Visual Assets: Digital Image Counter-Forensics
by Kenneth Brown, Nikita Mazurov
- Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard
by Sarah Zatko
- Redesigning PKI to Solve Revocation, Expiration, and Rotation Problems
by Brian Knopf
- Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
by Daniel Bohannon, Lee Holmes
- Skype & Type: Keystroke Leakage over VoIP
by Daniele Lain
- Taking Over the World Through MQTT - Aftermath
by Lucas Lundgren
- Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging Write-What-Where Vulnerabilities in Creators Update
by Morten Schenk
- The Art of Securing 100 Products
by Nir Valtman
- The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines
by Natalie Silvanovich
- Web Cache Deception Attack
by Omer Gil
- When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices
by Billy Rios, Jonathan Butts
- WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
by Mathy Vanhoef
- Wire Me Through Machine Learning
by Ankit Singh, Vijay Thawre
