KNIHOVNA
2026()
2025()
2024()
2023()
2022()
OTHER()
HOME PAPERS(523) REPORTS(264)
WHITEPAPERS(29)
KNIHY(24) RFC popisy(9411)
SLOVNÍČEK(9) Podpůrné materiály(16)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 9.6.26 | FROST ATTACK | FROST: Fingerprinting Remotely using OPFS-based SSD Timing | PAPERS | PAPERS |
| 6.6.26 |
Patch-to-PoC: A
Systematic Study of Agentic LLM Systems for Linux Kernel N-Day Reproduction |
Autonomous large language model (LLM) based systems have recently shown promising results across a range of cybersecurity tasks. However, there is no systematic study on their effectiveness in autonomously reproducing Linux kernel vulnerabilities with concrete proofs-of-concept (PoCs). | PAPERS | PAPERS |
| 20.5.26 | StopRansomware Guide | Ransomware is a form of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. | PAPERS | PAPERS |
| 20.5.26 | SOFTWARE BILL OF MATERIALS FOR AI | Accessing information on the supply chain of an artificial intelligence (AI) system, as well as its individual components and dependencies, is critical to strengthen cybersecurity of AI. Transparency and knowledge about AI system composition fosters vulnerability management and supports cybersecurity risk management. | PAPERS | PAPERS |
| 16.5.26 | GhostLock | GhostLock: SMB Deny-Share Handles as a Zero-Privilege Availability Weapon | WHITEPAPERS | WHITEPAPERS |
| 3.5.26 | Linux Kernel Runtime Guard (LKRG) 1.0 | Linux Kernel Runtime Guard (LKRG) is a Linux kernel module that performs runtime integrity checking of the kernel and detection of security vulnerability exploits against the kernel, prevention of and response to successful attacks, and encrypted remote logging. The project was founded by Adam 'pi3' Zabrocki, who invited Solar Designer to join and we released version 0.0 publicly in 2018 under Openwall umbrella (announced as Openwall's most controversial project to date). | PAPERS | PAPERS |
| 3.5.26 | Password cracking: past, present, future | Passwords (or phrases) remain a distinct and ubiquitous authentication factor. They are also widely used to derive encryption keys for data or other keys. Password cracking is used in security audits, penetration testing, to recover or gain access to data, keys, or funds, and for a variety of other purposes. | PAPERS | PAPERS |
| 3.5.26 | Linux kernel remote logging: approaches, challenges, implementation | This talk is based on research conducted for our Linux Kernel Runtime Guard (LKRG) project, which is a Linux kernel module that performs runtime integrity checking of the kernel and detection of security vulnerability exploits against the kernel. Delivery, storage, and processing of LKRG security events to/on a remote system is a natural extension of LKRG's functionality. Remote logging is also valuable on its own, including for troubleshooting and post-mortem analyses of (non-)security incidents, where the system's local logs might be unavailable, incomplete, or tampered with. | PAPERS | PAPERS |
| 3.5.26 | 15+ years of oss-security | These are the slides of Solar Designer's SSTIC 2023 keynote talk with minor revisions as later presented at BSidesLjubljana 2023. | PAPERS | PAPERS |
| 3.5.26 | Linux Kernel Runtime Guard (LKRG) in a nutshell | These are the slides on LKRG that we used at OSTconf 2020. This presentation is an update of LKRG under the hood (CONFidence 2018). | PAPERS | PAPERS |
| 3.5.26 | Linux Kernel Runtime Guard (LKRG) under the hood | These are the slides on LKRG that we used at CONFidence 2018. This presentation is updated by LKRG in a nutshell (OSTconf 2020), so you might want to check that one out as well. | PAPERS | PAPERS |
| 3.5.26 | Haswell metaprogramming | Haswell is an Intel CPU microarchitecture introduced to market in 2013 with CPUs such as Core i7-4770K (which we used for the testing mentioned on slide 3). The information on these slides should also apply to Intel's newer CPUs at least through the end of 2019. | PAPERS | PAPERS |
| 3.5.26 | yescrypt: large-scale password hashing | These are the slides on yescrypt that we used at BSidesLjubljana 2017. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12), Password hashing at scale (YaC 2012), New developments in password hashing: ROM-port-hard functions (ZeroNights 2012), and yescrypt: password hashing scalable beyond bcrypt and scrypt (PHDays 2014), so you might want to check those out as well. Also relevant is our presentation on Energy-efficient bcrypt cracking (Passwords^14). | PAPERS | PAPERS |
| 3.5.26 | john-devkit: specialized compiler for hash cracking | These are the slides we used for a lightning talk at PHDays 2015, and here's the corresponding GitHub project. Aleksey also gave a follow-up talk at PHDays 2016. | PAPERS | PAPERS |
| 3.5.26 | Is infosec a game? | You can play the game online in recent web browsers on fast CPUs (we use JsDOSBox) or offline in DOSBox (which works perfectly even on slower CPUs) or on bare metal (e.g. by adding it into a FreeDOS image). To obtain a copy for offline play, simply unzip the PDF file below (yes, you read this right). | PAPERS | PAPERS |
| 3.5.26 | Energy-efficient bcrypt cracking | These are the slides we used at PasswordsCon Las Vegas 2014 (colocated with BSidesLV), Skytalks 2014 (colocated with DEFCON), and FSEC 2014. We used a much older version of these slides at PasswordsCon Bergen 2013. | PAPERS | PAPERS |
| 3.5.26 | yescrypt: password hashing scalable beyond bcrypt and scrypt | These are the slides on yescrypt that we used at PHDays 2014. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12), Password hashing at scale (YaC 2012), New developments in password hashing: ROM-port-hard functions (ZeroNights 2012), and it is continued with yescrypt: large-scale password hashing (BSidesLjubljana 2017), so please check those out as well. | PAPERS | PAPERS |
| 3.5.26 | Looking inside the (Drop) box | These are the slides we used at NordU2002, CanSecWest / core02, and FOSDEM 2003 (with updates). (A Polish translation was also used at Open Source Security 2005.) | PAPERS | PAPERS |
| 3.5.26 | Distributable probabilistic candidate password generators | These are the slides we used at Passwords^12. You might also want to see Automatic wordlists mangling rules generation, also presented by Simon at Passwords^12. | PAPERS | PAPERS |
| 3.5.26 | Automatic wordlists mangling rules generation | These are the slides we used at Passwords^12. You might also want to see Distributable probabilistic candidate password generators, also presented by Simon at Passwords^12. | PAPERS | PAPERS |
| 3.5.26 | New developments in password hashing: ROM-port-hard functions | These are the slides we used at ZeroNights 2012. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12) and Password hashing at scale (YaC 2012), and it is continued with yescrypt: password hashing scalable beyond bcrypt and scrypt (PHDays 2014), so please check those out as well. | PAPERS | PAPERS |
| 3.5.26 | Password hashing at scale | These are the slides we used at YaC 2012. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12) and it is continued with New developments in password hashing: ROM-port-hard functions (ZeroNights 2012) and yescrypt: password hashing scalable beyond bcrypt and scrypt (PHDays 2014), so please check those out as well. | PAPERS | PAPERS |
| 3.5.26 | Password security: past, present, future | These are the slides we used at PHDays 2012 and Passwords^12 (with major updates). In a sense, this presentation is continued with Password hashing at scale (YaC 2012) and New developments in password hashing: ROM-port-hard functions (ZeroNights 2012), so please check those out as well, although the most relevant material from them has been merged into the Passwords^12 revision of this presentation. | PAPERS | PAPERS |
| 3.5.26 | IPv6: What, Why, How | PAPERS | PAPERS | |
| 3.5.26 | Openwall GNU/*/Linux | This presentation/tutorial by Jen "Furry" Linkova introduces those familiar with IPv4 to IPv6. It covers both "executive" and highly technical topics, with slight bias on security and privacy. | PAPERS | PAPERS |
| 3.5.26 | SSH Traffic Analysis | These are the slides we used at HAL2001 and NordU2002 (with updates). | PAPERS | PAPERS |
| 28.4.26 | LEROBOT: AN OPEN-SOURCE LIBRARY FOR END-TO-END ROBOT LEARNING | Robotics is undergoing a significant transformation powered by advances in highlevel control techniques based on machine learning, giving rise to the field of robot learning. | PAPERS | PAPERS |
| 26.4.26 | GopherWhisper | GopherWhisper: A burrow full of malware | PAPERS | PAPERS |
| 10.4.26 | ESPIONAGE FOR REPRESSION: FORENSIC ANALYSIS OF A CROSS-BORDER HACK-FOR-HIRE CAMPAIGN TARGETING CIVIL SOCIETY IN MENA | ESPIONAGE FOR REPRESSION: FORENSIC ANALYSIS OF A CROSS-BORDER HACK-FOR-HIRE CAMPAIGN TARGETING CIVIL SOCIETY IN MENA | PAPERS | PAPERS |
| 8.4.26 | GeForge: Hammering GDDR Memory to Forge GPU Page Tables for Fun and Profit | Over the years, Rowhammer has been leveraged to mount a wide range of attacks against system main memory. | PAPERS | PAPERS |
| 8.4.26 |
GDDRHammer:
Greatly Disturbing DRAM Rows — Cross-Component Rowhammer Attacks from Modern GPUs |
While Rowhammer has been extensively studied in CPU-based memory systems, a very recent work by Lin etal. (USENIX Security ‘25) extended this line of research to GDDR6 GPU memory, demonstrating the first Rowhammer bit flips on NVIDIA GPUs | PAPERS | PAPERS |
| 8.4.26 | GPUHammer: Rowhammer Attacks on GPU Memories are Practical | Rowhammer is a read disturbance vulnerability in modern DRAM that causes bit-flips, compromising security and reliability. | PAPERS | PAPERS |
| 17.2.26 |
Zero Knowledge
(About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers |
Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those vaults. | PAPERS | PAPERS |
| 5.2.26 |
The Trigger in the
Haystack: Extracting and Reconstructing LLM Backdoor Triggers |
Detecting whether a model has been poisoned is a longstanding problem in AI security. In this work, we present a practical scanner for identifying sleeper agent-style backdoors in causal language models. | PAPERS | PAPERS |
| 23.1.26 | Ransomware 2026 | New Actors and Threats Emerge as the Threat Landscape Evolves | PAPERS | PAPERS |
| 19.1.26 |
StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine |
Confidential Virtual Machines (CVMs), such as AMD SEVSNP, aim
to protect guest operating systems from an untrusted host by encrypting state and constraining privileged control. These platforms promise isolation even in multi-tenant cloud setups where simultaneous multithreading (SMT) remains enabled |
PAPERS | PAPERS |