“A DECEPTICON and AUTOBOT walk into a bar: Python for enhanced OPSEC” Joe Gray · Talk (40 minutes)
When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. As someone who unapologetically loses their mind at vendor FUD and buzzword bingo, I was reluctant to use those terms in a s…
“Post-quantum security: should you care?” Jean-Philippe Aumasson · Talk (40 minutes)
You might have read that quantum computers will break all cryptography and that you should seriously worry about it—and fix your worries by buying the product of company XYZ. But seriously, is this just FUD, real science, or both? What's exactly a quantum computer? When IBM and Google claim to have…
“Paste Wars: fighting for copypaste freedom” Ignat Korchagin · Talk (40 minutes)
No one knows where it came from, but it is spreading like a disease: blocking paste functionality on online password forms. There is no explanation, no research, just a typical “this is for your security…”. And yet, all this is in the age of almost defeating the threat of weak and reused passwords …
“The country of unlearned lessons” Kostiantyn Korsun · Talk (40 minutes)
The active phase of the Ukrainian-Russian cyberwar in 2014-2017 has created several new pages in the cybersecurity textbooks. The whole world was closely watching the dynamics of the most massive attacks. After similar events in the offline world, the Ukrainian army has become one of the most capab…
“Using cloud implementations to hack IoT. A practical guide working on multiple vendors” Alex "Jay" Balan · Talk (40 minutes)
Using cloud implementations to hack IoTs. A practical guide that works on multiple vendors
Abstract (short): With all IoT vendors moving to cloud management, we felt it necessary to have a look at some of those implementations. In this talk, we'll showcase our latest findings on 4 popular vendors a…
“How 2 remove a viru$” Oksana Safronova · Talk (40 minutes)
The research about interesting cases of what type of software the regular user may quickly find in web, searching for solution for malicious items removal.
“PEASS - Privilege Escalation Awesome Scripts Suite” Carlos Polop · Talk (40 minutes)
Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries.
Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain.
Several tools have been created to find possi…
“Cyber Attacks Against Georgia (October 2019 ) and Georgian Internet Security Landscape” Mikheil · Talk (40 minutes)
Cyber attacks against Georgia in October, 2019 drew international attention. Georgian hosting provider was attacked and hundreds of websites (hosted there) defaced.
In February, 2020 US State Department along with UK, NATO, Ukraine, Estonia, Poland, etc. condemnds these attacks and declared that it…
“Help, my browser is leaking! Exploring XSLeaks attacks and defenses” Tom Van Goethem · Talk (40 minutes)
For many years, injection-based vulnerabilities such as XSS and SQL-injection have dominated the web security landscape. However, as browsers and applications are becoming increasingly complex, new vulnerability classes surface. One of these new-kids-on-the-block is XSLeaks, a vulnerability class t…
“Special exclusive interview with Bruce Schneier” Bruce Schneier, Ruslan Kiyanchuk · Talk (40 minutes)
Special exclusive interview with Bruce Schneier.
Interviewer: Ruslan Kiyanchuk.
“Recording with Andy Greenberg” Andy Greenberg · Talk (40 minutes)
Recording with Andy Greenberg