Secure remote access is integral to the workflow of virtually every enterprise today. It is also an avenue ripe for network infiltration---attackers who can steal network-login credentials can often readily penetrate a site's perimeter security to obtain a persistent foothold within the network. Once inside, they can often further their access by escalating privileges and moving laterally, potentially operating for months, all the while remaining undetected under the guise of a legitimate user. Such threats can prove hugely expensive and damaging to sites, fueling APT campaigns and enormous data breaches. For example, the 2013 theft from Target of 40,000,000 credit card numbers began with attackers compromising remote-access credentials o...
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections bet...
We present a method for detecting when a user’s remote ac-cess account has been compromised in such ...
The possibility for theft or misuse of legitimate user credentials is a potential cyber-security wea...
Brute-force attacks are omnipresent and manyfold on the Internet, and aim at compromising user accou...
Brute-force attacks are omnipresent and manyfold on the Internet, and aim at compromising user accou...
The growing demand for processing and storage capabilities has led to the deployment of high-perform...
Our society is facing a growing threat from data breaches, where confidential information is stolen ...
Abstract. This paper analyses the forensic data on credential stealing incidents over a period of 5 ...
With the advent of the Internet of Things (IoT) era, the concept of smart office has gradually come ...
We present a large-scale characterization of attacker activity across 111 real-world enterprise orga...
This thesis first presents Continuous Auditing of Secure Shell (SSH) Servers to Mitigate Brute-Force...
This dissertation builds new defenses to thwart digital attacks on enterprises. Specifically, we dev...
In SSH brute forcing attacks, adversaries try a lot of different username and password combinations ...
Credential tweaking attacks use breached passwords to generate semantically similar passwords and ga...
In today’s world, taking secret word hash records and cracking the hash passwords has become extreme...
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections bet...
We present a method for detecting when a user’s remote ac-cess account has been compromised in such ...
The possibility for theft or misuse of legitimate user credentials is a potential cyber-security wea...
Brute-force attacks are omnipresent and manyfold on the Internet, and aim at compromising user accou...
Brute-force attacks are omnipresent and manyfold on the Internet, and aim at compromising user accou...
The growing demand for processing and storage capabilities has led to the deployment of high-perform...
Our society is facing a growing threat from data breaches, where confidential information is stolen ...
Abstract. This paper analyses the forensic data on credential stealing incidents over a period of 5 ...
With the advent of the Internet of Things (IoT) era, the concept of smart office has gradually come ...
We present a large-scale characterization of attacker activity across 111 real-world enterprise orga...
This thesis first presents Continuous Auditing of Secure Shell (SSH) Servers to Mitigate Brute-Force...
This dissertation builds new defenses to thwart digital attacks on enterprises. Specifically, we dev...
In SSH brute forcing attacks, adversaries try a lot of different username and password combinations ...
Credential tweaking attacks use breached passwords to generate semantically similar passwords and ga...
In today’s world, taking secret word hash records and cracking the hash passwords has become extreme...
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections bet...
We present a method for detecting when a user’s remote ac-cess account has been compromised in such ...
The possibility for theft or misuse of legitimate user credentials is a potential cyber-security wea...