Conference Presentations

Google employees regularly present at security conferences around the world. We believe this sharing of research can improve collaboration, help advance the state of security, and ultimately make the Internet a safer place.

Googler Conference Date Presentation
Felix Groebert n/a 2017-05 Secure iOS application development
Michele Spagnuolo, Lukas Weichselbaum OWASP AppSec Europe, Belfast + HitB, Amsterdam 2017-05 So we broke all CSPs... You won't guess what happened next!
Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela Nava OWASP AppSec Europe, Belfast 2017-05 Breaking XSS mitigations via Script Gadgets
Tara Matthews, Kathleen O’Leary, Anna Turner, Manya Sleeper, Jill Palzkill Woelfer, Martin Shelton, Cori Manthorne, Elizabeth F. Churchill, Sunny Consolvo CHI 2017 (https://chi2017.acm.org/) 2017-05 Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse
Krzysztof Kotowicz RuhrSec, Bochum 2017-05 Secrets of Google VRP. A look from a different angle
Dan Austin Zer0Con 2017-04 Your Move: Vulnerability Exploitation and Mitigation on Android
Max Moroz FOSDEM 2017 2017-02 Modern Fuzzing of Media-processing projects
Emily Schechter Enigma 2017-01 Inside "MOAR TLS:" How we think about encouraging external HTTPS adoption on the web
Benjamin Kreuter Real World Crypto 2017-01 Secure Multiparty Computation at Google
Max Moroz ZeroNights 2016 2016-11 Modern fuzzing of C/C++ Projects
Lukas Weichselbaum DeepSec, Vienna 2016-11 CSP Is Dead, Long Live Strict CSP!
Emily Schechter O'Reilly Security Amsterdam 2016-11 The case for HTTPS everywhere
Hunter King, August Huber O'Reilly Security Amsterdam 2016-11 BeyondCorp: Five years of remote attestation
Robert Swiecki PWNing Conference 2016 2016-11 Control Flow Path Tracking for Security Researchers (pl)
Eric Lawrence O'Reilly Security New York 2016-11 Migrating to HTTPS
Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies, Artur Janc ACM CCS, Vienna 2016-10 CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
Ilya Mironov, Ananth Raghunathan ACM CCS 2016 2016-10 Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE
Martin Abadi, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang ACM CCS 2016 2016-10 Deep Learning with Differential Privacy
Thiébaud Weksteen Ruxcon 2016-10 Firmware Biopsy
Gábor Molnár Hacktivity 2016 2016-10 War Stories from Google’s Vulnerability Reward Program
Gábor Molnár Hacktivity 2016-10 War Stories from Google’s Vulnerability Reward Program
Jeff Vander Stoep Linux Security Summit 2016 2016-08 Android: Protecting the Kernel
Jorge Lucangeli Obes Linux Security Summit 2016 2016-08 Minijail: Running Untrusted Programs Safely
Kees Cook Linux Security Summit 2016 2016-08 The State of Kernel Self Protection Project
Michele Spagnuolo, Lukas Weichselbaum OWASP AppSec Europe, Rome 2016-06 Making CSP great again!
Lukas Weichselbaum, Michele Spagnuolo Area41, Zurich 2016-06 Breaking Bad CSP!
Nicolas Ruff SSTIC 2016 2016-06 Mac OS X System Integrity Protection
Dan Austin Qualcomm Mobile Security Summit 2016 2016-05 Overcoming Stagefright: Integer Overflow Protection in Android
Max Moroz Positive Hack Days 2016 2016-05 Scalable and Effective Fuzzing of Google Chrome Browser
Tara Matthews, Kerwell Liao, Anna Turner, Marianne Berkovich, Rob Reeder, Sunny Consolvo CHI 2016 (ACM Conference on Human Factors in Computing Systems) 2016-05 “She’ll just grab any device that’s closer”: A Study of Everyday Device & Account Sharing in Households
Lukas Weichselbaum, Michele Spagnuolo, Artur Janc IEEE SecDev, Boston 2016-04 Adopting Strict Content Security Policy for XSS Protection
Juan Lang, Alexei Czeskis, Dirk Balfanz and Marius Schilder Twentieth International Conference on Financial Cryptography and Data Security 2016-02 Security Keys: Practical Cryptographic Second Factors for the Modern Web
Kosyta Serebryany Enigma 2016-02 Sanitize, Fuzz, and Harden Your C++ Code
Christoph Kern OWASP AppSec California 2016-01 Preventing Security Bugs through Software Design
Christoph Kern German OWASP Day 2015-12 Technical Keynote: Robuste und Praktikable Ansätze zur Verhinderung von Sicherheitsdefekten
Nicolas Lidzborski ACM IMC 2015 2015-10 Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
Jeff Vander Stoep Linux Security Conference 2015-08 Ioctl Command Whitelisting in SELinux
Paul Lawrence and Mike Halcrow Linux Security Conference 2015-08 Linux and Mobile Device Encryption
Christoph Kern 25th USENIX Security Symposium 2015-08 Preventing Security Bugs through Software Design
Natalie Silvanovich BlackHat USA 2015-08 Attacking ECMAScript Engines with Redefinition
Chris Evans and Natalie Silvanovich Shakacon 2015-07 I am the 100% (terms and conditions apply)
Julien Tinnes SSTIC 2015 2015-06 Keynote: Security and engineering (in Chromium)
Nicolas Ruff SSTIC 2015 2015-06 RowHammer in 15'
Nicolas Ruff Insomni'hack 2015 2015-03 Security by Google
James Forshaw Syscan/Infiltrate 2015-03 A Link to the Past
Chris Evans CanSecWest 2015-03 Taming wild copies: from hopeless crash to working exploit
Emilia Kasper Real World Crypto 2015 2015-01 We <3 SSL
James Forshaw Smoocon/Nullcon 2015-01 The Windows Sandbox Paradox
Michele Spagnuolo Hack in the box: Malaysia 2014-10 Abusing JSONP with Rosetta Flash
Mateusz Jurczyk, Gynvael Coldwind CONFidence 2013 2013-05 Beyond MOV ADD XOR – the unusual and unexpected in x86
Mateusz Jurczyk NoSuchCon #1 2013-05 Abusing the Windows Kernel: How to Crash an Operating System With Two Instructions
Mateusz Jurczyk, Gynvael Coldwind SyScan 2013 2013-04 Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns
Thomas Dullien SyScan 2013 2013-04 Checking the Boundaries of Static Analysis
Eduardo Vela TetCon 2013 2013-01 Tyranny of small decisions
Thai Duong ekoparty 2012-09 The CRIME attack
Fermin Serna Blackhat (Las Vegas) 2012-07 The Case of the Perfect Infoleak
Artur Janc 28C3 2011-12 Rootkits in your Web application
Felix Gröbert 27c3 2010-12 Automatic Identification of Cryptographic Primitives in Software
Eduardo Vela OWASP AppSec 2010-06 Security and HTTP Redirects
Chris Evans Conference on Cyber Conflict, CCDCOE 2010-06 The Future of Browser Security
Eduardo Vela BlackHat Europe 2010-04 Universal XSS via IE8s XSS Filters
Tavis Ormandy, Julien Tinnes CanSecWest, BlackHat USA 2010-03 There's a party at Ring0, and you're invited
Julien Tinnes, Tavis Ormandy PacSec 2009-11 Virtualization security and the Intel privilege model
Julien Tinnes, Chris Evans Hack in The Box (Malaysia), BlackHat Europe 2009-10 Security in Depth for Linux Software
Chris Evans, Billy Rios PacSec, Hack in The Box (Dubai) 2009-04 Cross-domain leakiness