Free Access Now: CTF Field Guide

Whether you’re ready to dominate the next Capture The Flag event, or just learn the ropes, this field guide will show you how it’s done.


THREADS is an annual conference that focuses on pragmatic security research and new discoveries in network attack and defense. Held each year during NYU-Poly's Cyber Security Awareness Week (CSAW) in Brooklyn, NY, THREADS is organized by NYU-Poly Hacker in Residence Dan Guido with the help of cyber security students at the university.

THREADS aims to present and discuss cutting edge, peer reviewed, industrial and academic research in computer and network security. THREADS focuses on developments and advances in attack techniques and attacker methodologies. We want to discuss what vulnerabilities exist and how attackers of today and tomorrow exploit those vulnerabilities.

THREADS 2014 (Security Automation)

Companies such as Amazon and Netflix deploy code to worldwide production systems several times per hour. Tesla automobiles download software updates over the Internet to provide new functionality. An Internet-connected thermostat is a best-selling home automation gadget.

Traditional models of security are increasingly irrelevant in a rapidly updated world of Internet-connected devices. Gating deployments by manual security assessments would erase the point of agile development and continuous deployment. Endpoint security products can’t target rapidly updated customized embedded platforms like cars and thermostats. The new model of security has to focus on automation, integration, detection and response time.

This year’s THREADS conference will focus on how to automate security. The goal of automating security is to ensure that security is never a roadblock, but a core part of development and operations. The success of automated security is essential to our ever more internetworked society and devices.

Day 1 - Research

The research portion of THREADS will discuss the latest academic and industrial advances in security automation for the identification of errors in programs and intrusions in networks. This will include dynamic and static analysis, symbolic execution and constraint solving, data flow tracking and fuzz testing, host and network monitoring, and related technologies. This research advances the state of the art in reasoning about applications and systems to discover security vulnerabilities, identify flaws in applications, and formulate effective defenses.

Day 2 - Developments

The developments portion of THREADS will discuss strategies to integrate security into your development pipeline: what automated analysis tools are available, how to integrate them with developers, and how to provide feedback to developers that encourage reporting instead of assigning blame. Other workshops will show you how to add security monitoring triggers to existing monitoring infrastructure, and how to tune these triggers to information attackers want to steal. Our focus is on practical examples and lessons learned when automating security.

Register for THREADS 2014 on EventBrite today.

THREADS 2013 (DARPA Cyber Fast Track)

In 2011, DARPA launched Cyber Fast Track and led a revolution in government-funded cybersecurity research. For the first time, individual hackers could pitch their own great ideas and, if selected, receive government funding for their projects immediately. For 18 months, DARPA came to agreements with over 100 commercial firms to fund cutting-edge advancements in information security that have now made their way into open-source and commercial products. This year’s THREADS conference highlights some of the best tools, products and research to come out of the Cyber Fast Track program and gives you the opportunity to hear from the researchers themselves.

An album of all the recorded talks from THREADS 2013 is available on Vimeo.

Speaker Talk
Peiter "Mudge" Zatko
Opening Remarks
Jacob Torrey
Assured Information Security
Measurement of Running Executables
Jonathan Grier
Grier Forensics
Detecting Patterns of Theft with Pyrometers
Mark Haase, Chris Taylor
Hidden Layer LLC
Static Code Analysis with Machine Learning
Tomislav Pericin, Mario Vuksan
Detecting OS X and Windows Bootkits with RDFU
Vico Marziale, Joe Sylve
504ENSICS Labs
Differential Analysis of Malware in RAM
Michael Costello, Ang Cui
Red Balloon Security
Firmware Fun Time
Dan Griffin
JW Secure
BIOS Integrity Measurements Heuristics Tool
Joshua Saxe
Invincea Labs
A Crowd-Trained Machine Learning Model for Malware Capability Detection
Michael Ossman
Great Scott Gadgets
HackRF: A Low Cost Software Defined Radio Platform
Julien Vanegue
Sergey Bratus
Dan Caselden
Brandon Edwards
Pete Markowsky
Chris Rohlf
Dionysus Blazakis
Travis Goodspeed
Meredith Patterson
PANEL: Are Reversing and Exploitation an Art or a Science?
Part 1
Part 2
Part 3
Mike Walker
Could a purpose-built supercomputer play DEFCON capture the flag?

THREADS 2012 (Mobile Security)

Speaker Talk
Nasir Memon, NYU-Poly Opening Remarks [video]
Dan Guido, NYU-Poly Executive Overview: NYU-Poly & Mobile Security [video] [slides]
Dino Dai Zovi, NYU-Poly iOS Jailbreak Analysis [video] [slides]
Mike Arpaia, iSEC Partners Mobile Exploit Intelligence Project [video] [slides]
Collin Mulliner, NEU Probing Mobile Operator Networks [video] [slides]
Vincenzo Iozzo, Trail of Bits A Tale of Mobile Threats [video] [slides]
Chris Rohlf, Leaf SR Analysis of the Google Native Client Sandbox [paper] [slides]
Jon Oberheide, DUO Security Mobile Vulnerability Assessment: There's an App for That [website] [blog]

We would like to thank Evan Jensen at NYU-Poly for his assistance organizing THREADS 2012.