Titlebook: Research in Attacks, Intrusions, and Defenses; 21st International S Michael Bailey,Thorsten Holz,Sotiris Ioannidis Conference proceedings 2

可憎

Reading Between the Lines: Content-Agnostic Detection of Spear-Phishing Emailse thousands of senders, identifying spoofed emails with 90% detection rate and less than 1 false positive in 10,000 emails. Moreover, we show that individual traits are hard to guess and spoofing only succeeds if entire emails of the sender are available to the attacker.

conservative

Characterizing Eve: Analysing Cybercrime Actors in a Large Underground Forum will become an actor of interest to law enforcement, and would therefore benefit the most from intervention. This work provides the first step towards identifying ways to deter the involvement of young people away from a career in cybercrime.

反感

: Helping Users to Create Strong and Memorable PasswordsB-approved user studies [.]. We compare our approach to password creation with creation under NIST [.] policy, Ur et al. [.] guidance, and zxcvbn password-meter. We show that GuidedPass outperforms competing approaches both in password strength and in recall performance.

Decrepit

遗传

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviewsa popular technique to build so-called hybrid applications, but it circumvents the usual security model of the browser: any malicious JavaScript code injected into the Webview gains access to the custom interface and can use it to manipulate the device or exfiltrate sensitive data. In this paper, we

琐碎

Defeating Software Mitigations Against Rowhammer: A Surgical Precision HammerRowhammer. In response, the research community has developed several software defenses to protect existing hardware against this threat. In this paper, we show that the assumptions existing software defenses make about memory addressing are inaccurate. Specifically, we show that physical address spa

Classify

极深

大漩涡

Decibel

DNS Unchained: Amplified Application-Layer DoS Attacks Against DNS Authoritativesification of 8.51, we carefully chain . records and force resolvers to perform deep name resolutions—effectively overloading a target authoritative name server with valid requests. We identify 178 508 potential amplifiers, of which 74.3% can be abused in such an attack due to the way they cache reco