| Speaker | Report | Slides | Video |
|---|---|---|---|
| Alex Matrosov (@matrosov) | Hardware Security is Hard: how hardware boundaries define platform security | Link | Link |
| Juho Nurminen (@jupenur) | app setAsDefaultRCE Client: Electron, scheme handlers and stealthy security patches | Link | Link |
| An Trinh (@_tint0) | Dark sides of Java remote protocols | Link | Link |
| Jakub Vrana (@jakubvrana), Krzysztof Kotowicz (@kkotowicz) | Trusted Types & the end of DOM XSS | Link | Link |
| md4 | CiscoASA: From Zero to ID=0 | Link | Link |
| Andrey Akimov (@e13fter) | Launching feedback-driven fuzzing on TrustZone TEE | Link | Link |
| Emil Lerner | Single byte write to RCE: exploiting a bug in php-fpm | Link | Link |
| Maria Nedyak (@mariya_ns) | Hacking Medical Imaging with DICOM | Link | Link |
| Alex Kovrizhnykh (@a1exdandy) | crauEmu - your IDE for code-reuse attacks | Link | Link |
| Roman Palkin (@chicken_2007) | Malign Machine Learning Models | Link | Link |
| LimitedResults (@LimitedResults) | Fatal Fury on ESP32: Time to release Hardware Exploits | Link | Link |
| Ke Liu (@klotxl404) | Two Bytes to Rule Adobe Reader Twice: The Black Magic Behind the Byte Order Mark | Link | Link |
| Jayson E. Street | I PWN thee, I PWN thee not! | Link | Link |
| Pavel Cheremushkin | Opwnsource: VNC vulnerability research | Link | Link |
| Kai Jern Lau (@sgniwx), Nguyen Anh Quynh (@capstone_engine) | qiling.io: Advanced Binary Emulation framework | Link | Link |
| Cesar Cerrudo (@cesarcer), Esteban Martinez Fayo (@estemf), Matias Sequeira | Practical LoRaWAN auditing and exploitation | Link | Link |
| CiscoPangPang | Cisco to Disco! | Link | Link |
| Ilya Shaposhnikov (@drakylar) | Oldschool way of hacking MicroDigital ip-cameras | Link | Link |
WEB VILLAGE
| Speaker | Report | Slides |
|---|---|---|
| Aleksei "GreenDog" Tiurin (@antyurin) | From misconfigs to severe consequences | Link |
| Pavel “sorokinpf” Sorokin (@sorokinpf) | GraphQL applications security testing automatization | Link |
| Valeriy “krevetk0” Shevchenko (@Krevetk0Valeriy) | Principles in software testing and some bugs that others did not notice | Link |
| Alexei “SooLFaa” Morozov (@xSooLFaa) | Blind SSRF | Link |
| Ramazan "r0hack" Ramazanov | Operation of injections in ORM libraries | Link |
| Sergey "BeLove" Belov (@sergeybelove) | The future without passwords | Link |
| Paul Axe (@Paul_Axe) | ZN PWN Challenge | Link |
| Denis “ttffdd” Rybin (@_ttffdd_) | Doing AWS Zoo Audit | Link |
| Andrei Plastunov | Misusing oop in mvc frameworks. How to conveniently develop broken apps | Link |
| Andrey Belenko | (Why) We Still Fail at Cryptography in 2019 | Link |
| Igor Grachev, Evgeny Sidorov | Improving application security and exploitation detection with AppArmor & Osquery | Link |
| Andrey Skablonsky | Threat hunting in сall trace | Link |
| Andrey Abakumov, Andrew Krasichkov | Blue Team's approach to discovering 'secrets' in code | Link |
DEFENSIVE TRACK
| Speaker | Report | Slides |
|---|---|---|
| Andrey Belenko | (Why) We Still Fail at Cryptography in 2019 | Link |
| Igor Grachev, Evgeny Sidorov | Improving application security and exploitation detection with AppArmor & Osquery | Link |
| Andrey Skablonsky | Threat hunting in сall trace | Link |
| Andrey Abakumov, Andrew Krasichkov | Blue Team's approach to discovering 'secrets' in code | Link |