Posts


PortSwigger Research Names "Cached and Confused" the Top Web Hacking Technique of 2019

Last updated
PortSwigger Research, the research arm of the folks behind Burp, has named our USENIX 2020 paper on web cache deception their top web hacking technique of 2019! There was a number of very interesting new web attacks in contention this year, so we are very honored to have been selected. Thanks PortSwigger!

Read More »

Research Group Applicants

Last updated

If you want to start a Ph.D. to solve open problems in security, I would love to talk to you! To get the ball rolling, here is some information about the group and what I look for in an applicant.

Read More »

Advice to (Cybersecurity) Undergrads

Last updated

Since I frequently get questions from people just setting out on the path (or even some ways along the path) to becoming future cybersecurity experts, here is some quick advice on making the best of your all-too-brief undergraduate years.

Read More »

VolgaCTF 2017 Writeup: Transformer

Last updated

VolgaCTF qualifiers were held last weekend, and this time around I sat in on 0xBU’s team. I managed to solve Transformer, a 400 point reverse engineering challenge, and so here is the requisite writeup.

Read More »

iCTF 2017 Writeup: Turing Award

Last updated

This year’s edition of the iCTF took place last Friday, and Northeastern fielded a team this year that placed respectably. (At least, we beat BU – sorry Manuel!) I spent most of the day helping out with turing_award, so – as is tradition – here is a writeup on our solution.

Read More »

UNVEIL at USENIX Security 2016

Last updated

Amin will be presenting his latest work on fighting ransomware at USENIX Security this summer. The system he’ll be talking about is called UNVEIL, which enhances dynamic sandboxes to accurately recognize ransomware-like behavior.

Read More »

Overhaul at DSN 2016

Last updated

Kaan will be presenting a paper describing Overhaul, a technique for inferring user intent for resource authorization in traditional operating systems, at DSN 2016 this summer.

Read More »

TriggerScope and LAVA at Oakland 2016

Last updated

We have two papers at Oakland this year: TriggerScope, a technique for static detection of triggered malicious behavior in Android applications, and LAVA, a large-scale technique for injecting bugs into programs.

Read More »

Excision and CuriousDroid at FC 2016

Last updated

The lab has two papers at Financial Crypto this year: Excision, our system for in-browser detection of malware using inclusion sequence analysis, and CuriousDroid, our system for intelligently exercising mobile applications to improve dynamic analysis.

Read More »