Since I frequently get questions from people just setting out on the path (or even some ways along the path) to becoming future cybersecurity experts, here is some quick advice on making the best of your all-too-brief undergraduate years.
Disclaimer: It should go without saying that this is all my personal opinion, not that of my employer, and most importantly caveat lector.
VolgaCTF qualifiers were held last weekend, and this time around I sat in on 0xBU’s team. I managed to solve Transformer, a 400 point reverse engineering challenge, and so here is the requisite writeup.
This year’s edition of the iCTF took place last Friday, and Northeastern fielded a team this year that placed respectably. (At least, we beat BU – sorry Manuel!) I spent most of the day helping out with turing_award, so – as is tradition – here is a writeup on our solution.
If you happen to be at USENIX Security this month, consider dropping by the Friday panel on security competitions! Dave Levin, Sophia D’Antoine, and myself are going to be up on stage pontificating about the relative merits of Capture the Flag and teaching people to hack versus building, breaking, and fixing software. It’s sure to be an interesting time!
Amin will be presenting his latest work on fighting ransomware at USENIX Security this summer. The system he’ll be talking about is called UNVEIL, which enhances dynamic sandboxes to accurately recognize ransomware-like behavior.
We have two papers at Oakland this year: TriggerScope, a technique for static detection of triggered malicious behavior in Android applications, and LAVA, a large-scale technique for injecting bugs into programs.
The lab has two papers at Financial Crypto this year: Excision, our system for in-browser detection of malware using inclusion sequence analysis, and CuriousDroid, our system for intelligently exercising mobile applications to improve dynamic analysis.
Ahmet and I will be presenting CrossFire at Black Hat Asia in Singapore in March. CrossFire is a new attack against Firefox that leverages extension reuse to bypass the extension vetting process, which is the main line of defense against malicious Firefox extensions.
Some of the most popular questions to pop up in my inbox are whether we’re taking new students, whether we have internships available, or whether I can admit you to the PhD program. If any of these questions are on your mind, here’s some advice and insight into the process.