KNIHOVNA

KNIHOVNA() HOME PAPERS(523) REPORTS(264) CONFERENCE(22) WHITEPAPERS(29) KNIHY(24) RFC popisy(9411) SLOVNÍČEK(9) Podpůrné materiály(16)

DATE	NAME	CATEGORY	SUBCATE	INFO
29.10.24	Breaking the Barrier: Post-Barrier Spectre Attac	PAPERS	PAPERS	The effectiveness of transient execution defenses rests on obscure model-specific operations that must be correctly implemented in microcode and applied by software. In this paper, we study branch predictor invalidation through.
28.10.24	Multi-Turn Context Jailbreak Attack on Larg	PAPERS	PAPERS	Large language models (LLMs) have significantly enhanced the performance of numerous applications, from intelligent conversations to text generation. However, their inherent security vulnerabilities have become an increasingly significant challenge, especially with respect to jailbreak attacks.
28.10.24	End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosyst	PAPERS	PAPERS	Cloud storage is ubiquitous: Google Drive, Dropbox, and OneDrive are household names. However, these services do not provide end-to-end encryption (E2EE), meaning that the provider has access to the data stored on their servers. The promise of end-to-end encrypted cloud storage is that users can have the best of both worlds, keeping control of their data using cryptographic techniques, while still benefiting from low-cost storage solutions.
15.8.24	GhostWrite	PAPERS	CPU	RISCVuzz: Discovering Architectural CPU Vulnerabilities via Differential Hardware Fuzzi
23.7.24	VIGORISH VIPER	PAPERS	PAPERS	This groundbreaking report unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia.
13.7.24	RADIUS/UDP Considered Harmf	PAPERS	PAPERS	The core of the RADIUS protocol predates modern secure cryptographic design. Surprisingly, in the two decades since Wang et al. demonstrated an MD5 hash collision in 2004, RADIUS has not been updated to remove MD5. In fact, RADIUS appears to have received notably little security analysis given its ubiquity in modern networks.
8.7.24	Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers	PAPERS	PAPERS	In this proof-of-concept (PoC) report, we used Recorded Future Identity Intelligence’s vast trove of information stealer (“infostealer”) malware data to identify consumers of child sexual abuse material (CSAM), surface additional sources, and arrive at geographic and behavioral trends for the most popular sources
2.7.24	Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predict	PAPERS	CPU	This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs.
17.6.24	Mass exploitation	PAPERS	PAPERS	The vulnerable edge of enterprise security
17.6.24	ARM 'TIKTAG' attack	PAPERS	ARM CPU	TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Executi
28.5.24	DNSBOMB: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses	Papers	DNS	DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.
10.5.24	Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tabl	Papers	Papers	Virtual Private Networks (VPNs) authenticate and encrypt network traffic to protect users’ security and privacy, and are used in professional and personal settings to defend against malicious actors, circumvent censorship, remotely work from home, etc. It is therefore essential that VPNs are secure.
8.5.24	Pathfinder	Papers	CPU	Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor
3.5.24	The Shape of Money Laundering: Subgraph Representation Learning on the Blockchain with the Elliptic2 Dataset	Papers	Papers	Subgraph representation learning is a technique for analyzing local structures (or shapes) within complex networks. Enabled by recent developments in scalable Graph Neural Networks (GNNs), this approach encodes relational information at a subgroup level (multiple connected nodes) rather than at a node level of abstraction.
5.4.24	JSOutProx RAT	Papers	Papers	Multi-Staged JSOutProx RAT Targets Indian Co-Operative Banks and Finance Companies
26.3.24	Generic and Automated Drive-by GPU Cache Attacks from the Browser	Papers	Papers	Generic and Automated Drive-by GPU Cache Attacks from the Browser
16.3.24	GhostRace	Papers	Vulnerebility	GhostRace: Exploiting and Mitigating Speculative Race Conditio
4.3.24	Fast Adversarial Attacks on Language Models In One GPU Minute	Papers	CPU
4.3.24	Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs	Papers	CPU
12.1.24	Flying Under the Radar: Abusing GitHub for Malicious Infrastructure	Papers	Malware
6.1.24	No-justice” wiper	Papers	Malware
1.1.24	Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation	Papers	Attack
16.11.23	The attack against Danish, CLEAR critical infrastructure	Papers	ICS
15.11.23	CacheWarp: Software-based Fault Injection using Selective State Res	Papers	CPU
27.10.23	iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices	Papers	Apple
26.8.23	Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems	Papers	Attack
13.7.23	Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions	Papers	Malware
5.5.23	Iran turning to cyber-enabled influence operations for greater effect	Papers	Campaign
28.4.23	Nomadic Octopus’ Paperbug Campaign	Papers	Campaign
17.4.23	BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware	Papers	Malware
25.3.23	Detect and Prevent Web Shell Malware	Papers	Malware
17.3.23	SILKLOADER	Papers	Malware
15.3.23	Operation ENDTRAD	Papers	Operation
2022	The Lazarus Constellation A study on North Korean malware	Papers	APT