Contemporary blogs receive comments and TrackBacks, which result in cross-references between blogs.
We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples from a massive spam campaign over a one-year period. Unlike common delivery of email spam, the spammers did not use bots, but took advantage of an official Chinese site [...]

We study the security of embedded web servers used in consumer electronic devices, such as security cameras and photo frames, and for IT infrastructure, such as wireless access points and lights-out management systems. All the devices we examine turn out to be vulnerable to a variety of web attacks, including cross site scripting (XSS) and [...]

CAPTCHA tests aim at preventing attackers from performing automatic registration. In this paper we show that our prototype Decaptcha is able to successfully break 75% of eBay audio captchas. We compare its performance with the state of the art, readily
available speech recognition system Sphinx and discuss the implications for eBay security.
Presented at Woot’09, montréal [...]

Over the last few years, the number of devices that embed user-friendly management interfaces accessible from the network has drastically increased. These interfaces can be found on almost every kind of device, from lights-out management systems for PCs, to small SOHO NAS appliances, to photo frames.
In this talk, we will cover the attack surface of [...]

Over the last few years, attack graphs have became a well recognized tool to analyze and model complex network attack. The most advanced evolution of attack graphs, called anticipation games, is based on game theory. However even if anticipation games allow to model time, collateral effects and player interactions with the network, there is still [...]

NetQi is a freely available model-checker designed to analyze network incidents such as intrusion. This tool is an implementation of the anticipation game framework, a variant of timed game tailored for network analysis.
The main purpose of NetQi is to find, given a network initial state and a set of rules, the best strategy that fulfills [...]

Photos taken while attending the 1st MITACS workshop to present NetQi.

Apsm is a desktop application that gathers Apache status mod data to plot charts and compute statistics. Its goal is to help you analyze how the load of your HTTP servers evolves real time. It is written in Java so it should run on every OS.
Download it from Google Code
While fully functional, this is a [...]

Photos taken while I was attending the WISTP conference in Sevilla.

Published at WISTP 2008 and Awarded Best Paper
With the growing use of protocols obfuscation techniques, protocol identification for Q.O.S enforcement, traffic prohibition, and intrusion detection has became complex task. This paper address this issue with a probabilistic identification analysis that combines multiples advanced identification techniques and returns an ordered list of probable protocols. [...]