Tags » Security » Page 2

Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms

We investigate a new point in the design space of red/green systems , which provide the user with a highly-protected, yet also highly-constrained trusted (“green”) environment for performing security-sensitive transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive or “red”) applications.

122 more words

Manufacturing Compromise: The Emergence of Exploit-as-a-Service

We investigate the emergence of the exploit-as-a-service model for
driveby browser compromise. In this regime, attackers pay for an
exploit kit or service to do the “dirty work” of exploiting a victim’s…

236 more words

Digital Forensics with Open Source Tools

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of these tools on Linux and Windows systems as a platform for performing computer forensics.

36 more words

Distributed forensics and incident response in the enterprise

Remote live forensics has recently been increasingly used in order to facilitate rapid remote access to enterprise machines. We present the GRR Rapid Response Framework (GRR), a new multi-platform, open source tool for enterprise forensic investigations enabling remote raw disk and memory access.

43 more words

Rootkits in your web application

In this work, I discuss practical approaches for exploiting cross-site scripting (XSS) and other client-side script injection vulnerabilities, and introduce novel techniques for maintaining and escalating access within the victim’s browser.

69 more words

Large-Scale Automatic Classification of Phishing Pages

Phishing websites, fraudulent sites that trick viewers into interacting with them, continue to cost Internet users over a billion dollars each year. In this paper, we describe the design and performance characteristics of a scalable machine learning classifier we developed to detect phishing web sites.

100 more words

E Unum Pluribus - Google Network Filtering Management

Network filtering can be a very difficult challenge in large, complex and sprawling networks. Through the use of internally developed software, Google has automated and simplified many of the difficult tasks and provided the capability to easily audit and validate its filters.

26 more words