TrackBack Spam: Abuse and Prevention Contemporary blogs receive comments and TrackBacks, which result in cross-references between blogs. We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples...
XCS: cross channel scripting and its impact on web... We study the security of embedded web servers used in consumer electronic devices, such as security cameras and photo frames, and for IT infrastructure, such as wireless access points and lights-out management...
Embedded Management Interfaces: Emerging Massive Insecurity Over the last few years, the number of devices that embed user-friendly management interfaces accessible from the network has drastically increased. These interfaces can be found on almost every kind of...
Decaptcha: Breaking 75% of eBay Audio CAPTCHAs. CAPTCHA tests aim at preventing attackers from performing automatic registration. In this paper we show that our prototype Decaptcha is able to successfully break 75% of eBay audio captchas. We compare...
Extending Anticipation Games with Location, Penalty... Over the last few years, attack graphs have became a well recognized tool to analyze and model complex network attack. The most advanced evolution of attack graphs, called anticipation games, is based...
This is a sort of code think tank. I put here all the code ideas – improvement that I haven’t time to do but wish I could. One day I might code them, of course if if you are interested by one of those ideas, I will be happy to discuss it with you.
RSS [...]
The traceroute tool is one of the basic tool used for network troubleshooting. It has been available since network early days. Still because it is based on TTL header modification and ICMP message, it is not straightforward to understand and implement. The goal of this exercise is to re-implement and add additional techniques to [...]
L’objectif du TD est la récolte, l’analyse, la synthèse et la restitution de données concernant les stratégies d’innovation et de marketing de sociétés conceptrices de logiciels.
Ce TD permet de mieux comprendre les problèmes de sécurité lié à la mémoire des programmes et la nature des “exploits”. Il les aborde en vous faisant réaliser un exploit sur un programme qui souffre d’un débordement de mémoire (buffer overflow). La méthode d’exploitation demandé est l’utilisation d’un shellcode car c’est la plus simple.
Few pictures from the qatar taken during my trip for the Asia 2007 conference.
Le but du TD est de pouvoir auditer un site web automatiquement pour découvir si des données ou des fichiers sensibles sont accessibles publiquement. On utilise une representation du site sous forme de graph pour representer les chemins d’accès menant aux dit documents / informations.
Accepted paper at ASIAN 2007 at Carnegie Mellon University in Qatar.
This paper presents a logic-based framework to evaluate the resilience of computer networks in the face of incidents, i.e., attacks from malicious intruders as well as random faults …
Ce TD à pour but de mieux comprendre la cryptographie à clé public au travers de l’implementation du chiffrement RSA. Ce TD effleure aussi la cryptanalyse avec l’attaque de Coppersmith sur RSA et l’analyse frequentiel sur les permutations mono-alphabétique.
This work was presented at NordSec 2007: The 12th Nordic Workshop on Secure IT Systems as short paper.
In this paper we introduce a new technique to count the number of hosts behind a NAT. This technique based on TCP timestamp option, works with Linux and BSD system and therefore is complementary to the previous one [...]
Informations sur le cours politique de securité et initiation à la cryptographie: plan, objectif, les TD et examens prevues…
