Material de USENIX 24 y sus talleres: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS


La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles:

  • Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper
  • Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper
  • Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper
  • Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper
  • TaintPipe: Pipelined Symbolic Taint Analysis - Paper
  • Type Casting Verification: Stopping an Emerging Attack Vector - Paper
  • All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper
  • Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper
  • Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper
  • Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper
  • Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper
  • Automatic Generation of Data-Oriented Exploits - Paper
  • Protocol State Fuzzing of TLS Implementations - Paper
  • Verified Correctness and Security of OpenSSL HMAC - Paper
  • Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper
  • To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper
  • De-anonymizing Programmers via Code Stylometry - Paper
  • RAPTOR: Routing Attacks on Privacy in Tor - Paper
  • Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper
  • SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper
  • Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper
  • Trustworthy Whole-System Provenance for the Linux Kernel - Paper
  • Securing Self-Virtualizing Ethernet Devices - Paper
  • EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper
  • Marionette: A Programmable Network Traffic Obfuscation System - Paper
  • CONIKS: Bringing Key Transparency to End Users - Paper
  • Investigating the Computer Security Practices and Needs of Journalists - Paper
  • Constants Count: Practical Improvements to Oblivious RAM - Paper
  • Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper
  • M2R: Enabling Stronger Privacy in MapReduce Computation - Paper
  • Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper
  • Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper
  • Android Permissions Remystified: A Field Study on Contextual Integrity - Paper
  • Phasing: Private Set Intersection Using Permutation-based Hashing - Paper
  • Faster Secure Computation through Automatic Parallelization - Paper
  • The Pythia PRF Service - Paper
  • EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper
  • Trends and Lessons from Three Years Fighting Malicious Extensions - Paper
  • Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper
  • Recognizing Functions in Binaries with Neural Networks - Paper
  • Reassembleable Disassembling - Paper
  • How the ELF Ruined Christmas - Paper
  • Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper
  • You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper
  • Boxify: Full-fledged App Sandboxing for Stock Android - Paper
  • Cookies Lack Integrity: Real-World Implications - Paper
  • The Unexpected Dangers of Dynamic JavaScript - Paper
  • ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper
  • Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper
  • LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper
  • PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper
  • In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper
  • Bohatei: Flexible and Elastic DDoS Defense - Paper
  • Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper
  • GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper
  • Thermal Covert Channels on Multi-core Platforms - Paper
  • Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper
  • Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper
  • A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper
  • A Measurement Study on Co-residence Threat inside the Cloud - Paper
  • Towards Discovering and Understanding Task Hijacking in Android - Paper
  • Cashtags: Protecting the Input and Display of Sensitive Data - Paper
  • SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper
  • UIPicker: User-Input Privacy Identification in Mobile Applications - Paper
  • Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper
  • WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper
  • Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper
  • Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper
A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.

Cada uno de dichos talleres, a excepción de HotSet, también han publicado el contenido de sus sesiones, aunque en el caso the HealthTech sólo tienen publicada una de ellas.

A continuación listo los enlaces a cada uno de los documentos:


  • FLEXTLS: A Tool for Testing TLS Implementations - Paper
  • Prying Open Pandora's Box: KCI Attacks against TLS - Paper
  • P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks - Paper
  • Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics - Paper
  • Own Your Android! Yet Another Universal Root - Paper
  • One Class to Rule Them All: 0-Day Deserialization Vulnerabilities in Android - Paper
  • RouteDetector: Sensor-based Positioning System That Exploits Spatio-Temporal Regularity of Human Mobility - Paper
  • SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems - Paper
  • Symbolic Execution for BIOS Security - Paper
  • IoTPOT: Analysing the Rise of IoT Compromises - Paper
  • Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers - Paper
  • How to Break XML Encryption – Automatically - Paper
  • Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring - Paper
  • CAIN: Silently Breaking ASLR in the Cloud - Paper
  • Run-DMA - Paper
  • Fast and Vulnerable: A Story of Telematic Failures - Paper
  • Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition - Paper
  • Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis - Paper
  • Replication Prohibited: Attacking Restricted Keyways with 3D-Printing - Paper
  • An Analysis of China’s “Great Cannon” - Paper
  • Every Rose Has Its Thorn: Censorship and Surveillance on Social Video Platforms in China - Paper
  • Understanding Internet Censorship Policy: The Case of Greece - Paper
  • Half Baked: The Opportunity to Secure Cookie-based Identifiers from Passive Surveillance - Paper
  • New Techniques for Electronic Voting - Paper
  • Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting - Paper
  • Verifiable European Elections: Risk-limiting Audits and Universally Verifiable Tallies for D'Hondt and Its Relatives - Paper
  • From Error to Error: Why Voters Could not Cast a Ballot and Verify Their Vote with Helios, Prêt à Voter, and Scantegrity II - Paper
  • Diffusion of Voter Responsibility: Potential Failings in E2E Voter Receipt Checking - Paper
  • This is Not a Game: Early Observations on Using Alternate Reality Games for Teaching Security Concepts to First-Year Undergraduates - Paper
  • Build It Break It: Measuring and Comparing Development Security - Paper
  • Experiences with Honey-Patching in Active Cyber Security Education - Paper
  • PRISM: Private Retrieval of the Internet’s Sensitive Metadata - Paper
  • Developing Security Reputation Metrics for Hosting Providers - Paper
  • Finding Bugs in Source Code Using Commonly Available Development Metadata - Paper
  • Shadow-Bitcoin: Scalable Simulation via Direct Execution of Multi-Threaded Applications - Paper
  • Experimental Study of Fuzzy Hashing in Malware Clustering Analysis - Paper
  • An Offline Capture The Flag-Style Virtual Machine and an Assessment of Its Value for Cybersecurity Education - Paper
  • Multidisciplinary Experiential Learning for Holistic Cybersecurity Education, Research and Evaluation - Paper
  • Engaging Novices in Cybersecurity Competitions: A Vision and Lessons Learned at ACM Tapia 2015 - Paper
  • An Examination of the Vocational and Psychological Characteristics of Cybersecurity Competition Participants - Paper
  • Using CTFs for an Undergraduate Cyber Education - Paper
  • Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education - Paper
  • A Scaffolded, Metamorphic CTF for Reverse Engineering - Paper
  • Automatic Problem Generation for Capture-the-Flag Competitions - Paper
  • Lessons Learned in Game Development for Crowdsourced Software Formal Verification - Paper
  • An Expanding Threat Spectrum for Health-Related Information Technologies - Paper
También tenéis todo el material de USENIX disonible an varios formatos:

PDFs USENIX Security ‘15 Full Proceedings (PDF) USENIX Security ‘15 Proceedings Interior (PDF, best for mobile devices) USENIX Security ‘15 Errata Slip (PDF) Supplement to the Proceedings of the 22nd USENIX Security Symposium (PDF)

ePub USENIX Security ‘15 Full Proceedings (ePub)

Mobi (Kindle) USENIX Security ‘15 Full Proceedings (Mobi)

Con esto, el material de Defcon y Blackhat, tenéis lectura para el resto del año! :)