Stealing Traffic: Analyzing a Mobile Fraud

Intro to Reversing Malware

Let's Make Pentesting Fun Again! Report writing in 5 minutes.

Applying Fuzzy Hashing to Phishing Page Identification (Lightning Talk)

From Mirai to Monero – One Year’s Worth of Honeypot Data

Catch Me If You Can - Finding APTs in your network

Privacy: Between Hype and Need

Web Isolation 101: Securing Web Apps against data exfiltration and shielding corporate endpoints from web-borne threats

IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies

Backdooring DVR/NVR devices

The lions and the watering hole

Back to the future: how to respond to threats against ICS environments.

Burp-ing through your cryptography shield

Weaponizing Neural Networks. In your browser!

Opening Speech

The Hitchhiker's Guide to Disinformation, Public Opinion Swinging and False Flags

One year after a major attack

What happened behind the closed doors at MS

We will charge you. How to [b]reach vendor’s network using EV charging station.

AutoHotKey Malware – The New AutoIT

Applying Honey to the Pot - The Saga of Port 5555 (Lightning Talk)

One year after a major attack

Tailored, Machine Learning-driven Password Guessing Attacks and Mitigation

Needles, Haystacks and Algorithms: Using Machine Learning to detect complex threats

In search of unique behaviour

Back to the future: how to respond to threats against ICS environments.

Tor .onions: The Good, The Rotten and The Misconfigured

Timing attacks against web applications: Are they still practical?

OSSTMM: The “Measure, Don’t Guess” Security Testing Methodology

Open Directories: Sensitive data (not) hiding in plain sight

You're right, this talk isn't really about you!

The challenge of building a secure and safe digital environment in healthcare

Security pitfalls in script-able infrastructure pipelines.

Well, that escalated quickly! - a penetration tester's approach to privilege escalation

Mobile signaling threats and vulnerabilities - real cases and statistics from our experience

WiFi practical hacking "Show me the passwords!"

Catch Me If You Can - Finding APTs in your network

Lattice based Merkle for post-quantum epoch

CPU vulnerabilities - where are we now?

How to Fuzz like a Hacker

In search of unique behaviour

From Mirai to Monero – One Year’s Worth of Honeypot Data

Year of the #WiFiCactus

Trust, but verify – Bypassing MFA

Implementation of information security techniques on modern android based Kiosk ATM/remittance machines

Building application security with 0 money down

Threat Hunting: From Platitudes to Practical Application

Hacking at the ECSC

Drupalgeddon 2 – Yet Another Weapon for the Attacker

Economical Denial of Sustainability in the Cloud (EDOS)

Secure and privacy-preserving data transmission and processing using homomorphic encryption

Bridging the gap between CyberSecurity R&D and UX

Trust, but verify – Bypassing MFA

Internet Balkanization: Why Are We Raising Borders Online?

The Charter of Trust

Remote Yacht Hacking

Weaponizing Neural Networks. In your browser!

Mobile, IoT, Clouds… It’s time to hire your own risk manager!

Pentest-Tools.com - The first online penetration testing framework

Eternal Blues with EternalBlue

BlackBox Debugging of Embedded Systems

Sharper than a Phisher's Hook - The Story of an Email Autopsy

Incident Busters. A 2017 retrospective

Evolution of threats to Electric Power Grid Operations

ATM: every day trouble

Fileless malware - beyond a cursory glance

Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software

ICS Humla

Are we alone in our infrastructure? A look into the dark corners of endpoints with Hubble.

Attacking Mongoose OS on Xtensa platforms

Incident Busters. A 2017 retrospective

Weaponized RaspberryPi in Red Team Engagements

Back to the IoT Future: Where Marty controls all your routers

Splunking the Clouds: finding the needle in AWS & Azure.

Minute-hacks against Robi the Robot

SHA-3 vs the world

Road to ECSC 2017

Keeping customer data safe in EC2 – a deep dive

Drive safely on the internet lane: how smart cars can leak your data

In Soviet Russia, Vulnerability Finds You

Sharper than a Phisher's Hook - The Story of an Email Autopsy

Efficient Defenses Against Adversarial Examples for Deep Neural Networks

Securing without Slowing

Unexpected Shells with "covertutils"

Turning IDS signatures against an IDS itself: a new evasion technique

Are you keeping up with the Commodore, 'cause the Commodore is keeping up with you!

Fileless malware - beyond a cursory glance

IoT botnets? How do they work?

What the WiFiCactus?!?!?!

Active Defense Untangled

Road to ECSC 2017

ATM: every day trouble

Twisting Layer 2 Protocols

Attacking Mongoose OS on Xtensa platforms

Smart Cities under Attack: Cybercrime and Technology Response

Hijacking the Boot Process - Ransomware Style

Fuzzing closed source applications

Remote Attacks against IoT

ICS Humla

Minute-hacks against Robi the Robot

Drive safely on the internet lane: how smart cars can leak your data

The Business of Cybersecurity: Life-Lessons Learned

GDPR - T minus 6 months. Are you ready?

Splunking the Clouds: finding the needle in AWS & Azure.

Supporting innovation in cybersecurity through acceleration program – Orange Fab

Bug bounty conspiracy and 50 shades of gray hat. Who owns the vulnerability?

Lockpicking and IT Security

You Fail in SE If You Make Those Mistakes

The rise of security assistants over security audit services

From Threat Intelligence to Rapsheets in just a few steps

InterPlanetary File System (IPFS)

How I hacked my city

DVB-T Hacking

Detecting Drive-By Attacks by Analyzing Malicious Javascript in Big Data Environments

Infecting Internet of Things

Threat Intelligence! DIY!

Online Alter Ego - A Simple Button for Military Security

Knock knock.." "Who's there?" .."The Law! Open up!

Security through open innovation and data sharing

Security of Mobile Cryptocoin Wallets

Social Engineering - Security through education

Threat Intelligence! DIY!

Split Personalities: The Psychology of Social Engineering

Real-world Lessons about Spies Every Security Researcher Should Know

From Threat Intelligence to Rapsheets in just a few steps

Testers vs Writers: pentests quality in assurance projects

Do Tinder Bots Dream of Electric Toys?

Windows shellcodes: To be continued

…And bad mistakes…I've made a few…

Moving forward with cybersecurity

Web Application Firewall Bypassing

Bad software is eating the world! Let's fix it!

Follow the Money.

Browser instrumentation for exploit analysis

Crafting the Unavoidable

Online Alter Ego - A Simple Button for Military Security

Reversing a Polymorphic File-Infecting Ransomware

Making hacking and social engineering harder with typing biometrics.

Real-world Lessons about Spies Every Security Researcher Should Know

Functionality, Security, Usability: Choose any two. Or GNOME.

Securing the Openness. The operator challenge.

SE Exploit by improvisación

Riskware Betrayer. Who is the biggest one?

A new Hope - CTF stories & IoT Hacking

IoT Village Awards

Game of Hacks: Play, Hack & Track

(In)Security of Embedded Devices' Firmware – Fast and Furious at Large Scale

Hacking and Securing Network Monitoring Systems: End-to-end walkthrough example on Ganglia

IoT Security

IoT Security

From Hype Hangover to Happy Hacking: Shaping the World through Shaping Actions

A new Hope - CTF stories & IoT Hacking

What's in a name? DNS use for exfiltration, and monitoring for detection

Finding media bugs in Android using file format fuzzing

White hat hacker bounty program to improve online environment security

Orange about Bug Bounty and Innovation Labs 2016

ELK stack for Hackers

When Steganography Stops Being Cool

Integrating Mobile Devices into Your Penetration Testing Program

Toward large-scale vulnerability discovery using Machine Learning

Breaking in Bad (I'm the one who doesn't knock)

Modern approaches to Wi-Fi attacks

Building a Weaponized Honeybot (part I) || Building a Weaponized Honeybot (part II)

Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts

Defending the Enterprise Against Network Infrastructure Threats

Challenges on Reversing Layered Malware

How to mess with Android Intents

Cryptography – our weapon in the 21st century

Luke 8:17 – Misleading implementations that compromise the privacy and information security || Abstract [email protected] Technique

Building a Cyber Security Operations Center

Pentesting Android Applications - Workshop

What's in a name? DNS use for exfiltration, and monitoring for detection

IDS Evasion Techniques

Untrusted Mobile Applications. State of Art of Security App-Apocalypse

PuttyRider - Pivoting from Windows to Linux in a penetration test

Owning the girl next door

All your bitcoins belong to us!

A Pyrotechnic Composition: Fireworks, Embedded Wireless and Insecurity-by-Design

SSH Tunneling - a gate to freedom and a threat

Leading and Developing the Cyber Workforce

Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT)

A look into Bullet Proof Hosting

SCADA Software or Swiss Cheese Software?

A Practical Study of Security Problems on One of the Most Efficient Web Application Firewall

Managing Risk Effectively

Securing Networks using SDN and Machine Learning

Vulnerability Assessments on SCADA Networks: Outsmarting the Smart Grid.

Memory Forensics & Security Analytics: Detecting Unknown Malware

Security Nightmares for Journalists, why we must all be SysAdmins

Finding a European way for a safer cyberworld integrating our continent's millenary humanistic values, pluralist educational and philosophical systems, and overpassing its actual political weaknesses

Penetration Testing – 7 Deadly Sins

What happens in Windows 8 stays in Windows 8

CubeSats – A fairy tale; How academia got the chance to implement satellite (in-)security and how I tried to fix it

Cyber Necromancy: Reverse Engineering Dead Protocols

I can track you! They can track you! Everybody can track you!

Crypto as a global business

What happens in Windows 8 stays in Windows 8

Cyber Ranges

Android(in)Security

Democracy and massive-control in the post-Snowden age

The 80% Solution at 20% of the Cost'. The Utilization of 'Cyber Hygiene' to Mitigate SCADA System Vulnerabilities

A look into Bullet Proof Hosting

Social Engineering, or "hacking people"

Privacy in Mobile Apps. Enterprise Opportunities

Scanning Romania with Nessus

DRM to p0wn NSA in a few easy steps

Android hacking techniques

Exploring Bucharest for Free with RATB/Metrorex – RFID Mifare Classic attacks, frauds and countermeasures

0class2DOS

A few cybercrime cases that could make us think…

An overview of in vehicle CAN network security

The limit between law and surveillance

10 Years Later: Are We There Yet?

Does it pay to be a black-hat hacker?

SSL Ripper - All your encrypted traffic belongs to us

Into The Worm Hole: Metasploit for Web PenTesting

Android hacking techniques

AAA – Analyzing Android APKs (our way)

HTTP Header Analysis

Peering in the soul of Hackers: HPP (the United Nations Hacker’s Profiling Project by UNICRI) v2.0 reloaded

The NSA activities are a violation of the human rights and it is time to take action

Cops hacking into computers to investigate crimes. What could go wrong?

Digipass Instrumentation for Fun and Profit

Human brain, friend or foe?

Hunting and Exploiting Bugs in Kernel Drivers

DefCamp 2012 Opening Speech

Mobile networks: exploiting HTTP headers and data traffic

Web Applications - Security and Scalability Checklist

Detecting and Defending against Advanced Persistent Threats

Social Engineering

Blended Threat Concept in Web Applications

NVidia CUDA for Bruteforce Attacks

SMART Project

Attacks Against Captcha Systems

How does a 0day work?

Social Enterprise Rises! …and so are the Risks

OWASP Overview of Projects You Can Use Today

Hacking beyond hacking - Forgotten Chapters

Critical vulnerabilities in the online services of a romanian telephony company

The importance of logs

CensorMeOrNot - P2P System of DNS Caches

Zombie browsers spiced with rootkit extensions

Evolution & Analysis of Web Vulnerabilities

SYDO - Secure Your Data by Obscurity

SmartFender

DefCamp 2011 - Call 2 action

Chess Club - Ground Zero Security

Forms Injections

Advanced data mining in my sql injections using subqueries and custom variables

PE Format

Security in 21st century

Cross Site Request Forgery Attacks

DefCamp 2011 Opening Speech

High Security Web Server

Virtual Anonimity – What? Why? When? How?

Attacking SIM Toolkit

Mobile Security - SMS Attacks

0-day vulnerabilities in main stream software

Corporate Network Security 101

Information means power.

How to generate persistent errors in BIOS