Blackhat & Defcon

Blackhat & Defcon are two top tier security & hacker conferences

4 papers and 3 talks

Blackhat is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Defcon is one of the world’s largest hacker conventions, held annually in Las Vegas, Nevada, with the first Defcon taking place in June 1993.

Papers

• Paper - Cyber Kill Chain vs. Defense Effectiveness »»
  Data from extensive and harsh live testing of security products demonstrates that 100% attack prevention is an illusion. Organizations should assume that they are already compromised, and therefore complement prevention with breach detection.
  | Published: May 2013 | Available: Paper (en) »

• Paper - Understanding The Web Browser Threat »»
  Access to Google’s global Web server logs enabled us to provide the first in-depth global perspective on the state of insecurity for Web browser technologies. Understanding the nature of the threats against Web browser and their plug-in technologies is important for continued Internet usage.
  | Published: Aug 2008 | Available: Paper (en) »

• Paper - Exposing Vendors (In)security Performance (0-Day Patch) »»
  We evaluated the patch development process of Microsoft and Apple using publicly available vulnerability data from 2002 to 2007. By correlating information from multiple sources, we analyzed possible bias in vendor information.
  | Published: Mar 2008 | Available: Paper (en) »

• Paper - Large-Scale Vulnerability Analysis »»
  Analyzing over 80,000 security advisories, we determined the discovery-, disclosure-, exploit-, and patch-date of the vulnerabilities. We quantify the trend towards zero-day exploits and measure the gap between exploit- and patch-availability.
  | Published: Sep 2006 | Available: Paper (en) »

Talks

• Talk - BlackHat Briefings - Abu Dhabi
  Cybercrime Kill Chain vs. Defense Effectiveness
  Abu Dhabi, Dec 2012
  | Event: www.blackhat.com ..
  | Slides: blackhat_cyber_kill_chain_vs_defense_effectiveness_2012.pdf

• Talk - BlackHat Europe Briefings
  0-Day-Patch Exposure - Exposing vendors patch performance
  Amsterdam, Mar 2008
  | Event: www.blackhat.com ..
  | Slides: blackhat_0day_patch_dynamics_2008.pdf

• Talk - BlackHat USA Briefings
  The speed of (in)security
  Las Vegas, Aug 2006
  | Event: www.blackhat.com ..
  | Slides: blackhat_speed_of_insecurity_2006.pdf