Some talks are being presented at both.
BlackHat:
Must See:
Breaking the Laws of Robotics: Attacking Industrial Robots
Practical attacks against industrial robots with real hard data? Sign me on
Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
For making me think deeply
Escalating Insider Threats Using VMware's API
Could be useful when encountering VMware products on the network, once potential for other low-hanging fruit has been exhausted
Exploiting Network Printers
Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud)
I had an engagement where Google products were used almost exclusively, e.g. GMail, Docs, Drive. This meant: most communication was via HTTPS; there was limited chatter visible just by plugging in; and no AD environment, no Outlook, etc. Short of ARP spoofing on a limited segment, I ran out of ideas.
Ichthyology: Phishing as a Science
I want to learn more about phishing.
Practical Tips for Defending Web Applications in the Age of DevOps
Yup, dynamic analysis just doesn't cut it when the focus is on integrating security earlier into the SDLC. See also SecDevOps
The Industrial Revolution of Lateral Movement
I'd like to know how this is presented (industrial revolution?)
They're Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention
You can never stay in one spot, relying on a few tools. Even in the glacial world of enterprise security, NBNS/LLMNR will stop working eventually.
Why Most Cyber Security Training Fails and What We Can Do About it
Introduces a framework for comparing cyber security training. Useful for anyone in a corporate environment where testing against frameworks and standards is a trusted baseline.
For Fun:
Tracking Ransomware End to End
Ties into phishing. Big picture of ransomware should be great as a high- and low- level overview.
What's on the Wireless? Automating RF Signal Identification
Anything from Michael Ossmann is a must-see.
Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization
I'd like to see how the presenters deal with large quantities of data, having encountered increasing amounts of files and logs with each engagement, and not just as a CYA measure.
The Active Directory Botnet
AD and botnets are unfamiliar territory.
(P.S. Check out the bios of the EFF panel speakers, intensely qualified each and every one)
Must See:
Game of Drones: Putting the Emerging "Drone Defense" Market to the Test
Introducing HUNT: Data Driven Web Hacking & Manual Testing
Another burp plugin, to make my life easier? Yes please
I Know What You Are by the Smell of Your Wifi
Can I find more vulnerabilities with it?
D0 No H4RM: A Healthcare Security Conversation (Panel)
Medical industry security is a hot topic. I've had one engagement in the industry and the mindset of health-care professionals is one to come to grips with before you start working.
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods
101 indeed.
Dark Data
Wiping out CSRF
CSRF has always been a weak point for me.
Game of Chromes: Owning the Web with Zombie Chrome Extensions
Owning stuff with new attack vectors? Yes please
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
I click blindly on anything that has SSRF in it.
There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers
Could be dry, or not
For Fun:
Popping a Smart Gun
Hacking travel routers like it's 1999
Given my habit of using a PirateBox on the plane, this could be fun.
Breaking Wind: Adventures in Hacking Wind Farm Control Networks
One of several presentations at either Defcon or Blackhat about hacking esoteric ICS stuff (there's another one about vulnerabilities in radiation monitoring devices).