I am a legend: Hacking Hearthstone with machine learning - Defcon 22 talk slides
Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google
The End is Nigh: Generic Solving of Text-based CAPTCHAs
Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild
Dialing Back Abuse on Phone Verified Accounts - CCS 2014
Lessons learned while protecting Gmail
Cloak of Visibility: Detecting When Machines Browse A Different Web - IEEE Security and Privacy 2016
Investigating commercial pay-per-install and the distribution of unwanted software
Bad memories - Blackhat & Defcon 2010
Does dropping usb drives really work? Blackhat USA 2016
Neither snow nor rain nor mitm... an empirical analysis of email delivery security slides imc 15
Cheating at poker James Bond Style
Targeted Attacks Against Corporate Inboxes - a Gmail Perspective RSA 2017