Jonathan Fuller, c3pO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration
Current techniques to monitor botnets towards disruption or takedown are easily detected and insufficient. Seeking a covert and scalable solution, we look to an evolving pattern in malware that integrates standardized over-permissioned protocols, exposing privileged access to C&C servers. We implement techniques to detect and exploit these protocols from over-permissioned bots. Our findings suggest the over-permissioned protocol weakness provides a scalable approach to covertly monitor C&C servers, which is a fundamental enabler of botnet disruptions and takedowns.
Carter Yagemann, Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis
The increasing cost of successful cyberattacks has caused a mindset shift, whereby defenders now employ proactive defenses, namely software bug hunting, alongside existing reactive measures (firewalls, IDS, IPS) to protect systems. Unfortunately, bug hunting remains laborious and analysts struggle to communicate their discoveries to developers effectively for patching. In this talk, I will present my latest work on a technique I define as symbolic root cause analysis and demonstrate how it can be used to discover and explain novel vulnerabilities in real-world software.
Sena Sahin, Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication
To enhance the usability of password authentication, typo-tolerant
password authentication schemes permit certain deviations in the
user-supplied password, to account for common typographical errors yet still allow the user to successfully log in. In prior work, analysis by Chatterjee et al. demonstrated that typo-tolerance indeed
notably improves password usability, yet (surprisingly) does not
appear to significantly degrade authentication security. In practice,
major web services such as Facebook have employed typo-tolerant
password authentication systems
- Tags
-