Vídeos de Usenix Enigma 2017

Aquí tenéis los charlas (vídeos y algunas diapositivas) de la edición de este año de la conferencia Usenix Enigma: Human Computation with an Application to Passwords Moving Account Recovery beyond Email and the “Secret” Question Secrets at Scale: Automated Bootstrapping of Secrets & Identity in the Cloud Inside “MOAR TLS:” How We Think about Encouraging External HTTPS Adoption on the Web Ghost in the Machine: Challenges in Embedded Binary Security LLC Cache Attacks: Applicability and Countermeasures IoT, a Cybercriminal’s Paradise Hacking Sensors Test Driven Security in Continuous Integration As We May Code Leveraging the Power of Automated Reasoning in Security Analysis of Web Applications and Beyond Startups + Industry: How Everyone Can Win Behaviors and Patterns of Bulletproof and Anonymous Hosting Providers StreamAlert: A Serverless, Real-time Intrusion Detection Engine Neural and Behavioral Insights on Trust What Does the Brain Tell Us about Usable Security?
Leer más

Vídeos de USENIX Enigma 2016

Otra de las grandes conferencias USENIX que tuvo lugar a finales de enero Enigma 2016, enfocada a ataques emergentes, tiene publicado los vídeos de las presentaciones. La lista no es muy amplia, pero la mayoría muy interesantes: ToStaticHTML for Everyone! About DOMPurify, … Building a Competitive Hacking Team Verification, Auditing, and Evidence: If We Didn’t Notice Anything Wrong… Keys Under Doormats: Mandating Insecurity… Trust Beyond the First Hop–What Really Happens to Data Sent to HTTPS Websites Drops for Stuff: An Analysis of Reshipping Mule Scams Sanitize, Fuzz, and Harden Your C++ Code Dolla Dolla Bill Y’all: Cybercrime Cashouts Usable Security–The Source Awakens Defending, Detecting, and Responding to Hardware and Firmware Attacks Timeless Debugging Modern Automotive Security: History, Disclosure, and Consequences Protecting High Risk Users Opening Video PKI at Scale Using Short-lived Certificates We Need Something Better—Building STAR Vote Bullet-Proof Credit Card Processing Why Is Usable Security Hard, and What Should We Do about it?
Leer más

Material de USENIX 24 y sus talleres: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS

La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles: Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper TaintPipe: Pipelined Symbolic Taint Analysis - Paper Type Casting Verification: Stopping an Emerging Attack Vector - Paper All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper Automatic Generation of Data-Oriented Exploits - Paper Protocol State Fuzzing of TLS Implementations - Paper Verified Correctness and Security of OpenSSL HMAC - Paper Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper De-anonymizing Programmers via Code Stylometry - Paper RAPTOR: Routing Attacks on Privacy in Tor - Paper Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper Trustworthy Whole-System Provenance for the Linux Kernel - Paper Securing Self-Virtualizing Ethernet Devices - Paper EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper Marionette: A Programmable Network Traffic Obfuscation System - Paper CONIKS: Bringing Key Transparency to End Users - Paper Investigating the Computer Security Practices and Needs of Journalists - Paper Constants Count: Practical Improvements to Oblivious RAM - Paper Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper M2R: Enabling Stronger Privacy in MapReduce Computation - Paper Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper Android Permissions Remystified: A Field Study on Contextual Integrity - Paper Phasing: Private Set Intersection Using Permutation-based Hashing - Paper Faster Secure Computation through Automatic Parallelization - Paper The Pythia PRF Service - Paper EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper Trends and Lessons from Three Years Fighting Malicious Extensions - Paper Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper Recognizing Functions in Binaries with Neural Networks - Paper Reassembleable Disassembling - Paper How the ELF Ruined Christmas - Paper Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper Boxify: Full-fledged App Sandboxing for Stock Android - Paper Cookies Lack Integrity: Real-World Implications - Paper The Unexpected Dangers of Dynamic JavaScript - Paper ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper Bohatei: Flexible and Elastic DDoS Defense - Paper Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper Thermal Covert Channels on Multi-core Platforms - Paper Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper A Measurement Study on Co-residence Threat inside the Cloud - Paper Towards Discovering and Understanding Task Hijacking in Android - Paper Cashtags: Protecting the Input and Display of Sensitive Data - Paper SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper UIPicker: User-Input Privacy Identification in Mobile Applications - Paper Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.
Leer más

Material del WOOT'14 y sesiones técnicas de 23 USENIX Security Symposium

El 19 de agosto se dio lugar en San Diego una nueva edición de la USENIX, empezando con los workshops (WOOT ‘14), seguido por la 23 edición del USENIX Security Symposium, durante los tres días siguientes, del 20 al 22. Aquí tenéis la lista de los workshops celebrados en la USENIX Workshop On Offensive Technology (WOOT) 2014. Podéis hacer click en cada enlace para saber más sobre el workshop y bajaros material del mismo, o si os queréis bajar todo el material de golpe, lo podéis hacer desde este enlace.
Leer más