Blackhat 2013

Lessons from Surviving a 300Gbps Denial of Service Attack
Speaker: Matthew Prince, CEO of Cloudflare 
Date: 2016-12-16
Summary: This talk presents how the attackers use DNS open resolver to conduct a DDoS attack of a size larger than 300Gpbs on Spamhaus. The attack is defeated by 
A similar but less technical talk was given by the speaker in Defcon at the same year. 


Million Browser Botnet

Date: 2016-12-18
Summary:  This talk presents how to hack the browser to crack websites.  The attack is conducted by injecting a javascript to the browser of a client. The secret is to use for-loop to request for resources from the victim website using ftp protocol rather than http to break the ceiling limit in the browser. 




[安全论文阅读笔记]Survey on Web Spam Detection: Principles and Algorithms

Date: 2016-12-16

这篇文章发表在SIGKDD Explorations 2013,作者是来自UIUC的 Nikita Spirin 和 Jiawei Han

这篇文章总结了web spam 检测的主要算法分类。主要针对的spam是搜索引擎spam,而非social media spam。

Spam的分类以及技术
1. Content Spam
因为搜索引擎对网页的内容的排名采用TFIDF模型。因此这些spam会在内容里加入一些popular的词,来提高rank。
2. Link Spam
搜索引擎采用page rank来评估网页排名,因此这些spam会通过提高incoming link数量质量来提高目标页面的排名,他们也会通过购买被抛弃的域名来获取有一定reputation的域名。
3. Cloking and Redirection
对于同一个页面,Spammers会根据不同的clients来展示不同的内容。因此对于搜索引擎爬虫,他们可以放比较有利于rank的内容,而对于普通用户,他们可以展示广告内容。

已有的检测方法大概可以分为三类
1. content-based methods
这些方法主要通过分析word counts, language models, HTML页面的结构,clocking score
2. link-based methods
这些方法主要通过分析link构成的图结构的特性,label propagation,Link pruning and reweighting, graph regularization (建议如果有意通过link结构来做检测的同学可以细读具体内容)
3. data-based methods, e.g., user behavior, clicks, HTTP sessions.
这些方法通过Markov model来分析用户行为等

DEFCON 24 in 2016

Karyn Benson – Examining the Internet’s pollution
Relatedness: ****
Date: 2016-12-08
Summary
Analyzing the trash packets on the Internet to find out the attack activity or software bugs. For example, figure out when the attackers are scanning the internet of thing devices. 

Jay Beale and Larry Pesce – Phishing without Failure and Frustration
Relatedness: *
Summary:
It discusses how to conduct phishing test in an enterprise.

Shane Steiger Are You Playing with a Full Deck
Relatedness: *****
Date: 2016-12-08
Summary:
It discusses how the defenders can act to disrupt the attack life-cycle of attackers. This is exactly what the Moving Target Defense (MTD) is. It is important to figure out the attack patterns in order to decide how the defenders can play effectively in breaking the attacks.effectively in breaking the attacks.effectively.effectively

Luke Young – Attacking Network Infrastructure to Generate a 4 Tbs DDoS
Relatedness: ****
Date: 2016-12-09
Summary:
This talk exploits the devices with large uplinks to gain root privileges. Then they can launch huge DDoS attacks by sending HTTP requests to the victims. Note that rather than DNS amplification attack which can be easily blocked by firewall, attack traffics with normal http requests are hard to be blocked.

Lucas Lundgren, Neal Hindocha – Light Weight Protocol: Critical Implications
Relatedness: ***
Date: 2016-12-09
Summary:
This talk discusses the MQTT protocol and how it can be exploited for critical information. In EQTT, each client is subscribed to several queues for different functions. Each client can listen to what other clients are doing. The attackers can easily change the subscriptions of the devices and to control them. For example, the attackers can  issue a software update to the victim devices.
Take away: Please do not expose MTQQ on the internet.

Willa Cassandra Riggins, abyssknight – Esoteric Exfiltration
Relatedness: ****
Date: 2016-12-09
Summary:
This talk discusses how to avoid leaking information via convert channel. It turns out blacklist doesn’t work due to business requirement and the criticalness of context.

Kai Zhong – 411: A framework for managing security alerts
Relatedness: *
Date: 2016-12-09
Status: 20 minutes
Summary: This talk discusses how they enrich the elastic search framework to have the function to create and notify the alerts.

Joshua Drake, Steve Christey Coley – Vulnerabilities 101
Relatedness: **
Date: 2016-12-12
Summary: This talk gives advice and guidance for the newbies on how to do the vulnerability research.

Weston Hecker – Hacking Hotel Keys and Point of Sale Systems
Relatedness: **
Interestingness: *****
Date: 2016-12-12
Summary: This talk introduces how they hack the hotel keys.

Zack Fasel, Erin Jacobs – Attacks Against Top Consumer Products
Relatedness: **
Date: 2016-12-13
Summary: This talk introduces the security issues in blue tooth, cameras.

Dr Phil – Mouse Jiggler: Offense and Defense
Relatedness: **
Date: 2016-12-13
Summary: This talk introduces how to defend against mouse jiggler which the attackers use  to keep your computer in active mode.

Greg Norcie – My Usability Goes to 11 A Hackers Guide to Use
Relatedness: **
Date: 2016-12-13
Summary: This talk discusses the difficulty of usable security. In designing the usable software, cognitive walkthrough is a good way to go.  It is important to be in the customers’ shoes and think about what customers will react on the functionalities. A user case study would be helpful in evaluating the design.

Grant Bugher – Bypassing Captive Portals and Limited Networks
Relatedness: **
Date: 2016-12-14
Summary: This talk discusses how to bypass to reach the restricted networks. These networks are usually set by the owners and require payment for access.

Delta Zero, KingPhish3r – Weaponizing Data Science for Social Engineering
Relatedness: ****
Date: 2016-12-14
Summary: This talk presents a recurrent neural network that learns to tweet phishing posts targeting specific users. The model is trained using spear phishing pen-testing data. In order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow. The performance is measured using click-through rate.


Clarence Chio – Machine Duping 101: Pwning Deep Learning Systems
Relatedness: ***
Date: 2016-12-14
Summary: This talk presents attacks on the deep learning model by feeding it with adversarial inputs.
It is important to evaluate the robustness of machine learning system to see what will it turns out when someone tries to bypass it.
It also mentioned that in Facebook spam fighting, the spammers try to alter the spam images to bypass detection. Using fuzzy matching would not be enough to cluster similar images together. However, deep learning is a good way to go. In specific, we can train the images using neural networks and compare the 2nd layers to measure the similarities which allow us to neglect some trivial details on the images.

Alex Chapman and Paul Stone – Toxic Proxies: Bypassing HTTPS
Relatedness: **
Date: 2016-12-14
Summary: This talk presents how the attackers can use new techniques to bypass encryption to monitor your search history and take over your online accounts.
The attackers can extract the information from the users’ searching process. Besides, the CDNs’ only serve contents without encryption, though the URLs are often complicated and are difficult to be guessed, whoever get those URLs would be able to access the resources.

Salvador Mendoza – Samsung Pay: Tokenized Numbers, Flaws and Issues
Relatedness: **
Date: 2016-12-14
Summary: This talk presents the attack on Samsung pay.
Background knowledge: when you pay using your card, a token number will be generated which contains service code, transaction id, and a random number.
Flaws: If Samsung generates a token which is not used, it has a blank expiration date.
Attach approach:
1. Social engineering to get the token
2. Use the token to do purchase

告一段落

这周刚投完paper,一下子好茫然。开始寻找下一篇paper的idea,之前有一个一直很想研究的问题,但是还没有想出解决方案。同时心里又很抗拒,觉得不应该这样找idea,而是应该知道重要的问题是什么,去解决重要的问题才有意义。理论研究固然有意义,但是这并不是我所追求,也不是我所能匹及的。读这个博士让我明白的最深的一点,就是要知道自己能做什么,不能做什么。能力之外的事情,花再多力气也是白费。

索性听了一天的歌,自从实习回来就没有怎么听了。听了杰伦的新歌,一下子回忆起暑假在F实习的日子,真美好。好幸运地遇到了很棒的同事,好棒的风景。马上就要毕业了,好期待毕业以后的日子。同时也希望自己能够在这剩下的时间里,多学习一些知识和待人处事,在正式进入职场之前。