This is a really quick post. No analysis or commentary, just some links to papers I found interesting. These are from some conferences (WOOT, NDSS, ACM CCS, ASAC) from this year.

Tick Tock: Building Browser Red Pills from Timing Side Channels. WOOT 2014.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. NDSS 2014.

Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS 2014.

Zippier ZMap: Internet-Wide Scanning at 10 Gbps. WOOT 2014.

Through the Looking-Glass, and What Eve Found There. WOOT 2014.

The End is Nigh: Generic Solving of Text-based CAPTCHAs. WOOT 2014.

Uncovering Network Tarpits with Degreaser (slides)

SEER: Practical Memory Virus Scanning as a Service

Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System

Protecting Client Browsers with a Principal-based Approach

From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation

Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising. ACM CCS 2014

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. ACM CCS 2014

A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. ACM CCS 2014

Characterizing Large-Scale Click Fraud in ZeroAccess. ACM CCS 2014

(Nothing else) MATor(s): Monitoring the Anonymity of Tor’s Path Selection. ACM CCS 2014

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound

Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. ACM CCS 2014

A Critical Evaluation of Website Fingerprinting Attacks. ACM CCS 2014

To Find:

AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis An Epidemiological Study of Malware Encounters in a Large Enterprise

6 Short Links on PDNS Graph Analytics for Security

A short listing of recent papers I've read or plan to read using passive DNS data and graph analytics for identifying malicious domains Continue reading