Category Archives: Systems Security

About Nexat paper in ACSAC 2011

Last week, our group attended ACSAC 2011. The conference was held in Buena Vista Palace, Orlando, Florida. I presented Nexat paper, and the feedbacks were encouraging. Nexat was a research project in collaboration with Casey Cipriano, and Amir Houmansadr. Nexat tries to solve … Continue reading

Posted in Systems Security | Leave a comment

EXPOSURE: A new service from iSecLab goes online

Last month, in this post, we announced an upcoming service called EXPOSURE which detects domain names that are involved in malicious activities. We perform passive DNS analysis. After a period of testing, finally, we started the beta version of the service. … Continue reading

Posted in Botnets, DNS, General, Malware Analysis and Detection, Systems Security | Leave a comment

G-Free: Defeating Return-Oriented Programming and ACSAC 2010

After an adrenaline-inducing trip involving an aircraft breakdown and heavy snowing, I am back from Austin, TX, where I attended ACSAC ’10 together with Davide. Austin is promoted as the “The Live Music Capital of the World”, and it shows: … Continue reading

Posted in Conferences, Systems Security | Tagged , , , , , | Leave a comment

EXPOSURE, a new upcoming service for finding malicious domains using passive DNS analysis

One of the papers we will be presenting in the upcoming NDSS 2011 conference in San Diego will be Leyla‘s work on detecting malicious DNS domains using large-scale passive DNS analysis. We have used EXPOSURE in practice to automatically detect … Continue reading

Posted in Malware Analysis and Detection, Systems Security | Leave a comment

Anubis – Managing a growing, distributed infrastructure for Binary Analysis [Part I]

As promised in the last blog-post, I will cover some of the internals of our analysis infrastructure for analyzing unknown binaries (Anubis) in a series of posts. With this article, I would like to make a start in that direction, … Continue reading

Posted in Anubis, Binary Analysis, Malware Analysis and Detection, Systems Security | Leave a comment

Digital Signatures and the Austrian Experiment: Our Story

Last year in May, a technical report we published online on the security analysis of the so-called “Citizen Card” in Austria received some press coverage. I noticed that some sites (e.g., the Wikipedia entry for the Citizen Card and a site … Continue reading

Posted in General, Privacy, Systems Security | Leave a comment

FORWARD and SysSec: Attempting to “predict” the future

A couple of weeks ago, I had a déjà vu effect after reading an article that stated that regulators were blaming a computer algorithm for a stock market ‘flash crash’. About a year ago, last November, we were busy creating … Continue reading

Posted in General, Systems Security | Leave a comment