Wild Wild Web -- Wild Extensions: Discovering and Analyzing Unlisted Chrome Extensions -- New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild -- Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting -- On the Perils of Leaking Referrers in Online Collaboration Services -- Cyber-Physical Systems -- Detecting, Fingerprinting and Tracking Reconnaissance Campaigns Targeting Industrial Control Systems -- Overshadow PLC to Detect Remote Control-Logic Injection Attacks -- A Security Evaluation of Industrial Radio Remote Controllers -- Understanding the Security of Traffic Signal Infrastructure -- Malware -- Practical Enclave Malware with Intel SGX -- How does Malware Use RDTSC? A Study on Operations Executed by Malware for CPU Cycle Measurement -- On Deception-Based Protection Against Cryptographic Ransomware -- PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware -- Software Security and Binary Analysis -- Memory Categorization: Separating Attacker-Controlled Data -- TypeMiner: Recovering Types in Binary Programs using Machine Learning -- SAFE: Self-Attentive Function Embeddings for Binary Similarity -- Triggerflow: Regression Testing by Advanced Execution Path Inspection -- Network Security -- Large-scale Analysis of Infrastructure-leaking DNS Servers -- Security In Plain TXT: Observing the Use of DNS TXT Records in the Wild -- No Need to Marry to Change Your Name! Attacking Profinet IO Automation Networks Using DCP -- DPX: Data-Plane eXtensions for SDN Security Service Instantiation -- Attack Mitigation -- Practical Password Hardening based on TLS -- Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks -- BinTrimmer: Towards Static Binary Debloating through Abstract Interpretation.