Material del WOOT'14 y sesiones técnicas de 23 USENIX Security Symposium
El 19 de agosto se dio lugar en San Diego una nueva edición de la USENIX, empezando con los workshops (WOOT ‘14), seguido por la 23 edición del USENIX Security Symposium, durante los tres días siguientes, del 20 al 22.
Aquí tenéis la lista de los workshops celebrados en la USENIX Workshop On Offensive Technology (WOOT) 2014. Podéis hacer click en cada enlace para saber más sobre el workshop y bajaros material del mismo, o si os queréis bajar todo el material de golpe, lo podéis hacer desde este enlace.
- Invited Presentation'
- Practical Kleptography'
- Browsers and InterWebs'
- Clickjacking Revisited: A Perceptual View of UI Security'
- Tick Tock: Building Browser Red Pills from Timing Side Channels'
- The End is Nigh: Generic Solving of Text-based CAPTCHAs'
- Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks'
- Infrastructure Insights'
- IPv6 Security: Attacks and Countermeasures in a Nutshell'
- Through the Looking-Glass, and What Eve Found There'
- Green Lights Forever: Analyzing the Security of Traffic Infrastructure'
- Zippier ZMap: Internet-Wide Scanning at 10 Gbps'
- Embedded and Hardware Security'
- Automated Reverse Engineering using Lego®'
- Are Your Passwords Safe: Energy-Efficient Bcrypt Cracking with Low-Cost Parallel Hardware'
- Printed Circuit Board Deconstruction Techniques'
- Mouse Trap: Exploiting Firmware Updates in USB Peripherals'
- Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation'
- Security Analysis'
- Attacking the Linux PRNG On Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy'
- Security Impact of High Resolution Smartphone Cameras'
- Inaudible Sound as a Covert Channel in Mobile Devices'
- An Experience Report on Extracting and Viewing Memory Events via Wireshark'
PDFs USENIX Security '14 Full Proceedings (PDF) USENIX Security '14 Proceedings Interior (PDF, best for mobile devices)
ePub (para iPad y otros eReaders) USENIX Security '14 Full Proceedings (ePub)
Mobi (Kindle) USENIX Security '14 Full Proceedings (Mobi)
- Opening Remarks and Awards'
- USENIX Security '14 Opening Remarks'
- Keynote Address'
- Phone Phreaks: What We Can Learn From the First Network Hackers?'
- Lightning Talks for the One-Track Mind'
- Privacy'
- Privee: An Architecture for Automatically Analyzing Web Privacy Policies'
- Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing'
- Mimesis Aegis: A Mimicry Privacy Shield–A System’s Approach to Data Privacy on Public Cloud'
- XRay: Enhancing the Web’s Transparency with Differential Correlation'
- Mass Pwnage'
- An Internet-Wide View of Internet-Wide Scanning'
- On the Feasibility of Large-Scale Infections of iOS Devices'
- A Large-Scale Analysis of the Security of Embedded Firmwares'
- Exit from Hell? Reducing the Impact of Amplification DDoS Attacks'
- Privacy Enhancing Technology'
- Never Been KIST: Tor’s Congestion Management Blossoms with Kernel-Informed Socket Transport'
- Effective Attacks and Provable Defenses for Website Fingerprinting'
- TapDance: End-to-Middle Anticensorship without Flow Blocking'
- A Bayesian Approach to Privacy Enforcement in Smartphones'
- Crime and Pun.../Measure-ment'
- The Long “Taile” of Typosquatting Domain Names'
- Understanding the Dark Side of Domain Parking'
- Towards Detecting Anomalous User Behavior in Online Social Networks'
- Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers'
- USENIX Security '14 Symposium Reception'
- Work-in-Progress Reports'
- Forensics'
- DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse'
- Cardinal Pill Testing of System Virtual Machines'
- BareCloud: Bare-metal Analysis-based Evasive Malware Detection'
- Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components'
- Invited Talk'
- Information Security War Room'
- Attacks and Transparency'
- On the Practical Exploitability of Dual EC in TLS Implementations'
- iSeeYou: Disabling the MacBook Webcam Indicator LED'
- From the Aether to the Ethernet—Attacking the Internet using Broadcast Digital Television'
- Security Analysis of a Full-Body Scanner'
- ROP: Return of the %edi'
- ROP is Still Dangerous: Breaking Modern Defenses'
- Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection'
- Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard'
- Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing'
- Safer Sign-Ons'
- Password Managers: Attacks and Defenses'
- The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers'
- SpanDex: Secure Password Tracking for Android'
- SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities'
- Tracking Targeted Attacks against Civilians and NGOs'
- When Governments Hack Opponents: A Look at Actors and Technology'
- Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware'
- A Look at Targeted Attacks Through the Lense of an NGO'
- Panel Discussion'
- Passwords'
- A Large-Scale Empirical Analysis of Chinese Web Passwords'
- Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts'
- Telepathwords: Preventing Weak Passwords by Reading Users’ Minds'
- Towards Reliable Storage of 56-bit Secrets in Human Memory'
- Web Security: The Browser Strikes Back'
- Automatically Detecting Vulnerable Websites Before They Turn Malicious'
- Hulk: Eliciting Malicious Behavior in Browser Extensions'
- Precise Client-side Protection against DOM-based Cross-Site Scripting'
- On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications'
- Poster Session and Happy Hour'
- USENIX Security '14 Doctoral Colloquium'
- Side Channels'
- Scheduler-based Defenses against Cross-VM Side-channels'
- Preventing Cryptographic Key Leakage in Cloud Virtual Machines'
- FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack'
- Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks'
- Invited Talk'
- Battling Human Trafficking with Big Data'
- After Coffee Break Crypto'
- Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns'
- TRUESET: Faster Verifiable Set Computations'
- Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture'
- Faster Private Set Intersection Based on OT Extension'
- Program Analysis: Attack of the Codes'
- Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data'
- X-Force: Force-Executing Binary Programs for Security Applications'
- BYTEWEIGHT: Learning to Recognize Functions in Binary Code'
- Optimizing Seed Selection for Fuzzing'
- After Lunch Break Crypto'
- LibFTE: A Toolkit for Constructing Practical, Format-Abiding Encryption Schemes'
- Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens'
- ZØ: An Optimizing Distributing Zero-Knowledge Compiler'
- SDDR: Light-Weight, Secure Mobile Encounters'
- Program Analysis: A New Hope'
- Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM'
- ret2dir: Rethinking Kernel Isolation'
- JIGSAW: Protecting Resource Access by Inferring Programmer Expectations'
- Static Detection of Second-Order Vulnerabilities in Web Applications'
- Mobile Apps and Smart Phones'
- ASM: A Programmable Interface for Extending Android Security'
- Brahmastra: Driving Apps to Test the Security of Third-Party Components'
- Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks'
- Gyrophone: Recognizing Speech from Gyroscope Signals'
- Panel'
- The Future of Crypto: Getting from Here to Guarantees'
Buscar
Entradas Recientes
- Posts
- Reemplazando la bateria del AirTag
- OpenExpo Europe décima edición, 18 de mayo: El Epicentro de la Innovación y la Transformación Digital
- Docker Init
- Kubernetes para profesionales
- Agenda: OpenExpo Europe 2022 llega el 30 de junio en formato presencial
- Libro 'Manual de la Resilencia', de Alejandro Corletti, toda una referencia para la gestión de la seguridad en nuestros sistemas
- Mujeres hackers en ElevenPaths Radio
- Creando certificados X.509 caducados
- Generador de imágenes Docker para infosec