This is a really quick post. No analysis or commentary, just some links to papers I found interesting. These are from some conferences (WOOT, NDSS, ACM CCS, ASAC) from this year.

Tick Tock: Building Browser Red Pills from Timing Side Channels. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-ho.pdf

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. NDSS 2014. http://www.internetsociety.org/sites/default/files/05_4_0.pdf

Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS 2014. http://www.internetsociety.org/sites/default/files/01_5.pdf

Zippier ZMap: Internet-Wide Scanning at 10 Gbps. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-adrian.pdf

Through the Looking-Glass, and What Eve Found There. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bruno.pdf

The End is Nigh: Generic Solving of Text-based CAPTCHAs. WOOT 2014. https://www.usenix.org/system/files/conference/woot14/woot14-bursztein.pdf

Uncovering Network Tarpits with Degreaser http://www.rbeverly.net/research/papers/degreaser-acsac14.pdf http://www.cmand.org/degreaser/alt_degreaser_caidatopology_052014.pdf (slides)

SEER: Practical Memory Virus Scanning as a Service http://gionta.org/static/pdf/seer_acsac14.pdf

Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System https://www.sec.in.tum.de/assets/Uploads/scalability-fidelity-stealth.pdf

Protecting Client Browsers with a Principal-based Approach http://yinzhicao.org/thesis/thesis.pdf

From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation http://www.utdallas.edu/~hamlen/araujo14ccs.pdf

Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising. ACM CCS 2014 http://wenke.gtisc.gatech.edu/papers/ccs2014-meng.pdf

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. ACM CCS 2014 https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf

A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. ACM CCS 2014 http://www.cypherpunks.ca/~iang/pubs/webfingerprint-ccs14.pdf

Characterizing Large-Scale Click Fraud in ZeroAccess. ACM CCS 2014 http://cseweb.ucsd.edu/~voelker/pubs/za-ccs14.pdf

(Nothing else) MATor(s): Monitoring the Anonymity of Tor’s Path Selection. ACM CCS 2014 http://www.infsec.cs.uni-saarland.de/~mohammadi/paper/mator.pdf

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound http://arxiv.org/pdf/1407.0803v1.pdf

Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. ACM CCS 2014 http://www.icir.org/robin/papers/ccs14-concurrency.pdf

A Critical Evaluation of Website Fingerprinting Attacks. ACM CCS 2014 https://www.eecs.berkeley.edu/~sa499/papers/ccs-webfp-final.pdf

To Find:

AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis An Epidemiological Study of Malware Encounters in a Large Enterprise

6 Short Links on PDNS Graph Analytics for Security

A short listing of recent papers I've read or plan to read using passive DNS data and graph analytics for identifying malicious domains Continue reading