logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: Patrick Wardle Objective-See Foundation
2023-08-01

As the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection heuristic. However, while the concepts of network traffic analysis and monitoring to detect malicious code are well established and widely implemented on platforms such as Windows, there remains a dearth of such capabilities on macOS. This talk aims to remedy this situation by delving deeply into a myriad of programmatic approaches capable of enumerating network state, statistics, and traffic, directly on a macOS host. We will showcase open-source implementations of relatively overlooked low-level APIs, private frameworks, and user-mode extensions that provide insight into all networking activity. And, by leveraging these techniques, you will learn how to efficiently and generically detect both known and unknown threats targeting macOS!
Conference:  Black Hat Asia 2023
Authors: Maxine Holt, Marina Krotofil, Tara Seals, Fyodor Yarochkin, Stefano Zanero
2023-05-11

Artificial Intelligence (AI) has the potential to revolutionize cybersecurity by enhancing detection and response capabilities, automating routine tasks, and identifying threats that are invisible to humans. However, AI also poses significant risks, including the potential for attackers to use AI to develop more sophisticated attacks and evade detection. Panelist will explore how AI can be used to improve cybersecurity, the ethical considerations of using AI in security, and how to manage the risks associated with AI-powered security systems. Additionally, the panel will discuss the future of AI and cybersecurity and the role the InfoSec community and policymakers can have in shaping the development and use of AI in security.
Authors: Or Katz
2021-09-24

tldr - powered by Generative AI

Using data mining techniques to refine and optimize web attack detection, specifically for SQL injection attacks, by analyzing CDN logs and breaking payloads into keywords to gain new insights.
  • SQL injection attacks have been around for over 20 years and some defensive capabilities have stayed obsolete and manual
  • CDN logs classified as SQL injection attacks can be used to refine and optimize security rules
  • Data mining techniques, specifically elements taken from Natural Language Processing, can be used to analyze SQL injection payloads, clean and curate them, break them into keywords, and find the best relation between them to gain new insights
  • The process includes five steps: collecting and cleaning the data, choosing keywords, creating a matrix, creating relationships between keywords, and clustering keywords to gain insights
  • An anecdote is shared about encountering a registration website that did not allow certain characters in the first and last name fields, potentially as a protective detection mechanism against web application attacks