CD

71 records found

Authored

Clustering Payloads

Grouping Randomized Scan Probes Into Campaign Templates

Over the past decade, the scanning landscape has significantly changed. Powerful tools such as Masscan or Zmap allow anyone to scan the entire Internet in a matter of hours. Simultaneously, we witnessed the emergence of stealthy scanners, which map the Internet from thousands of ...

Inside the Matrix

CTI Frameworks as Partial Abstractions of Complex Threats

The Cyber Threat Intelligence (CTI) field has evolved rapidly and most of its reporting is now fairly stan-dardized. Where the Cyber Kill Chain was its sole reference framework 5 years ago, today ATT&CK is the de facto standard for reporting adversary tactics, techniques and ...

Scan, Test, Execute

Adversarial Tactics in Amplification DDoS Attacks

Amplification attacks generate an enormous flood of unwanted traffic towards a victim and are generated with the help of open, unsecured services, to which an adversary sends spoofed service requests that trigger large answer volumes to a victim. However, the actual execution ...

Compare Before You Buy

Privacy-Preserving Selection of Threat Intelligence Providers

In their pursuit to maximize their return on investment, cybercriminals will likely reuse as much as possible between their campaigns. Not only will the same phishing mail be sent to tens of thousands of targets, but reuse of the tools and infrastructure across attempts will lowe ...

Cyber Security Threats to Bitcoin Exchanges

Adversary Exploitation and Laundering Techniques

Bitcoin is gaining traction as an alternative store of value. Its market capitalization transcends all other cryptocurrencies in the market. But its high monetary value also makes it an attractive target to cyber criminal actors. Hacking campaigns usually target an ecosystem's ...

From Hodl to Heist

Analysis of Cyber Security Threats to Bitcoin Exchanges

Bitcoin is gaining traction as an alternative store of value. Its market capitalization transcends all other cryptocurrencies in the market. But its high monetary value also makes it an attractive target to cyber criminal actors. Hacking campaigns usually target the weakest po ...

IMDfence

Architecting a Secure Protocol for Implantable Medical Devices

Over the past decade, focus on the security and privacy aspects of implantable medical devices (IMDs) has intensified, driven by the multitude of cybersecurity vulnerabilities found in various existing devices. However, due to their strict computational, energy and physical const ...

SoK

ATT&CK techniques and trends in windows malware

In an ever-changing landscape of adversary tactics, techniques and procedures (TTPs), malware remains the tool of choice for attackers to gain a foothold on target systems. The Mitre ATT&CK framework is a taxonomy of adversary TTPs. It is meant to advance cyber threat inte ...

Malware Coordination using the Blockchain

An Analysis of the Cerber Ransomware

In order for malicious software to receive configuration information or commands, malware needs to be able to locate and connect to its owner. As hard-coded addresses are easy to block and thus render the malware installation inoperable, malware writers have turned to dynamically ...

How Media Reports Trigger Copycats

An Analysis of the Brewing of the Largest Packet Storm to Date

In late February 2018, news spread through the mainstream media about a massive distributed denial-of-service attack on the popular software collaboration website github.com. Estimated at a rate of 1.3 Terrabit per second, this massive packet flood was the largest DDoS attack by ...

Contributed

Inadvertently Making Cybercriminals Rich

A Comprehensive Study of Cryptojacking Campaigns at Internet Scale

Cryptojacking, a phenomenon also known as drive-by cryptomining, involves stealing computing power from others to be used in illicit cryptomining. While first observed as host-based infections with low activity, the release of an efficient browser-based cryptomining application ...

Opening Pandora’s Box

Charting the ecosystem of Command and Control infrastructures in a terabit-scale network

The amount of people and devices connected through the Internet has been growing at a rapid pace; as of June 2019 58,8% of the world’s population and billions of devices are joined by this vast network of information resources and services. Not every Internet user however has ben ...

An Analysis of Deep Learning Based Profiled Side-channel Attacks

Custom Deep Learning Layer, CNN Hyperparameters for Countermeasures, and Portability Settings

A side-channel attack (SCA) recovers secret data from a device by exploiting unintended physical leakages such as power consumption. In a profiled SCA, we assume an adversary has control over a target and copy device. Using the copy device the adversary learns a profile of the de ...

Clusus

A cyber range for network attack simulations

This report documents the design and implementation of Clusus, a cyber range to provide students with a safe isolated environment to learn about cyber security and computer networks. This Bachelor project was proposed by the TU Delft cyber security group. During a two week resear ...

Android App Tracking

Investigating the feasibility of tracking user behavior on mobile phones by analyzing encrypted network traffic

The mobile phone has become an important part of people's lives and which apps are used says a lot about a person. Even though data is encrypted, meta-data of network traffic leaks private information about which apps are being used on mobile devices.Apps can be detected in netwo ...

Detecting BGP Origin Hijacks

Using a filter-based approach

Many processes rely on the availability of the Internet. The Border Gateway Protocol (BGP) is widely used for exchanging routing information between routers and is essential for the successful operation of the Internet. Because BGP has not been designed with security in mind, BGP ...

Extending Honeytrap with Lua scripting

Honeytrap LUA implementation

This report describes the process, motivation and design choices made during the Bachelor End Project in collaboration with DutchSec. The project consists of implementing Lua-scripting into Honeytrap, which is programmed in Go. The following chapters will discuss which design cho ...

Investigating current state Security of OpenFlow Networks

Focusing on the control-data plane communications

Software-Defined Networking (SDN) is the emerging paradigm that breaks vertical integration in networks, separating the network’s control logic from the underlying network devices such as routers and switches.
The decoupling of this data plane and control plane, there is need ...
In order to stay undetected and keep their operations alive, cyber criminals are continuously evolving their methods to stay ahead of current best defense practices. Over the past decade, botnets have developed from using statically hardcoded IP addresses and domain names to rand ...

Exploitation of Cache Based Side-Channels on ARM

Correlation Analysis of Access-driven Cache Attacks on Android Smartphones

Android smartphones collect and compile a huge amount of sensitive information which is secured using cryptography. There is an unintended leakage of information during the physical implementation of a cryptosystem on a device. Such a leakage is often termed as side channel and i ...