Information stealer malware is underestimated by our industry. In this deep-dive, we look into what is captured by them – desktop screenshots, password vaults, browser extensions, MFA bypass material, etc. –, cover the Redline takedown, and offer defensive countermeasures including code and samples.
Learn to build your own treasure map of how attackers might move laterally through your company’s assets. We’ll provide a conceptual engineering framework for attack path analysis, recommend no- or low-cost tools, share examples, and release an open-source attack graph ontology to learn from.
What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective.
While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface, and leaving the floodgates ajar to remote network attacks. This session will dive into the 0.0.0.0 exploit research conducted by the team.
Discover how Yelp's Infrastructure Security team transformed past challenges and failures into success by shifting authentication and authorization from the infrastructure to the application layer. Learn how this pragmatic approach met all security requirements applicable to Yelp's threat model.
From p0f to MuonFP and JA4+, learn how network fingerprinting evolved. See how each step helps security teams spot malicious traffic, detect scanners, and more. Attendees gain real-world use cases and practical tips to deploy fingerprinting for monitoring and threat hunting.
