4,445 Hits in 5.3 sec

How Professional Hackers Understand Protected Code while Performing Attack Tasks

M. Ceccato, P. Tonella, C. Basile, B. Coppens, B. De Sutter, P. Falcarin, M. Torchiano
2017 2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC)  
Knowing the way hackers understand protected code and perform attacks is important to achieve a stronger protection of the software assets, based on realistic assumptions about the hackers' behaviour.  ...  In particular, we have been able to perform a qualitative analysis of three reports of professional penetration test performed on protected industrial code.  ...  Protected Code while Performing Attack Tasks".  ... 
doi:10.1109/icpc.2017.2 dblp:conf/iwpc/CeccatoTBCSFT17 fatcat:2m5rlawkd5csxht7ogy6x4ssyi

Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge

Mariano Ceccato, Paolo Tonella, Cataldo Basile, Paolo Falcarin, Marco Torchiano, Bart Coppens, Bjorn De Sutter
2018 Empirical Software Engineering  
Knowledge of the actual hacker behaviours while performing real attack tasks can inform better ways to protect the software and can provide more realistic assumptions to the developers, evaluators, and  ...  The process and strategy followed by hackers to understand and tamper with protected software might differ from program understanding for benign purposes.  ...  After reading each sentence, decide if it is relevant for the goal of the study, which is investigating "How Professional Hackers Understand Protected Code while Performing Attack Tasks".  ... 
doi:10.1007/s10664-018-9625-6 fatcat:yxwqfjacrjb43nqtnbkiwvldky

Malware Analysis: From Large-Scale Data Triage to Targeted Attack Recognition (Dagstuhl Seminar 17281)

Sarah Zennou, Saumya K. Debray, Thomas Dullien, Arun Lakhothia, Marc Herbstritt
2018 Dagstuhl Reports  
This report summarizes the program and the outcomes of the Dagstuhl Seminar 17281, entitled "Malware Analysis: From Large-Scale Data Triage to Targeted Attack Recognition".  ...  Deobfuscation: semantic analysis to the rescue How Professional Hackers Understand Protected Code while Performing Attack Tasks Code protections aim at blocking (or at least delaying) reverse engineering  ...  professional hackers understand protected code while performing attack tasks", in Proc. of the 25th International Conference on Program Comprehension,ICPC 2017, Buenos Aires, Argentina, May 22-23, 2017  ... 
doi:10.4230/dagrep.7.7.44 dblp:journals/dagstuhl-reports/ZennouDDL17 fatcat:2tvbxmrtffbovlowx5fvmwx2qm

Assessment of Source Code Obfuscation Techniques

Alessio Viticchie, Leonardo Regano, Marco Torchiano, Cataldo Basile, Mariano Ceccato, Paolo Tonella, Roberto Tiella
2016 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)  
We conducted an experiment with student participants performing two attack tasks on clear and obfuscated versions of two applications written in C.  ...  Obfuscation techniques are a general category of software protections widely adopted to prevent malicious tampering of the code by making applications more difficult to understand and thus harder to modify  ...  Application used in a task; this can be used to understand how code complexity influences the time or the correctness of the attack task.  ... 
doi:10.1109/scam.2016.17 dblp:conf/scam/ViticchieRTBCTT16 fatcat:ohikixngkjdevm2zn3gkiiftzu

Issues of Implied Trust in Ethical Hacking

Georg Thomas, Oliver Burmeister, Gregory Low
2018 ORBIT Journal  
Because ethical hackers could gain access to highly sensitive and confidential information and there is potential for misuse of such information, the need to ensure professionalism is maintained through  ...  As a result, this profession does not currently have a uniformed or mandated code, nor does it require any form of licensing.  ...  This research could include identifying whether there is merit in developing a mandatory, unified code of conduct that applies to ethical hackers and helps ensure appropriate ethical behavior and levels  ... 
doi:10.29297/orbit.v2i1.77 fatcat:ukjm7df4gnabrh5b32nccl5oc4

Distributed denial of service attacks and the zombie ant effect

J. Elliott
2000 IT Professional Magazine  
Yet it may be more illuminating to examine how hackers assemble an army of zombie ants. An attacker creates a zombie ant by gaining superuser access to the victim host.  ...  In an enterprise with many hosts, protecting the integrity of the system becomes a task of enormous proportions that can quickly exhaust available resources.  ... 
doi:10.1109/mitp.2000.839372 fatcat:ri7n5obecrhjzo5aur54oasyly

Preface to the Special Issue on Program Comprehension

David Lo, Alexander Serebrenik
2018 Empirical Software Engineering  
The results call for tool support to help guide developers in understanding the structure of the code and the technical details of a project while taking into account the exact requirements imposed by  ...  In their extended version, entitled BInvestigating Whether and How Software Developers Understand Open Source Software Licensing^, the authors have conducted a survey of 375 developers that posed development  ...  Another paper in this special issue is authored by Ceccato et al. entitled BUnderstanding the Behaviour of Hackers while Performing Attack Tasks in a Professional Setting and in a Public Challenge^.  ... 
doi:10.1007/s10664-018-9662-1 fatcat:3yllti2spjet3ocz4jiikpt4ce

Security Professionals Must Reinforce Detect Attacks to Avoid Unauthorized Data Exposure

Alain Loukaka, Shawon S. M. Rahman
2021 Information Technology in Industry  
Cyberattacks are continually increasing due to the sophistication and innovation of cyber attackers.  ...  Hackers are still able to breach a system when security tools such as firewalls, SIEM, anti-virus software, encryption, and IDPS are readily in place within an organization.  ...  Organizations should develop an understanding of a hacker's motivations and probably involve professional hacker expertise [8] .  ... 
doi:10.17762/itii.v8i1.76 fatcat:fp3fpedw3vbffm3c65lp4r5jcq

Agents of responsibility—freelance web developers in web applications development

Malik Aleem Ahmed, Jeroen van den Hoven
2009 Information Systems Frontiers  
To justify this claim we will take the case of using free malicious code by freelance web developers and show how their actions or omissions may cause harm to the users, clients and others.  ...  The relevant moral question is not "can freelancers be considered as professionals?", but "are they agents of responsibility and can they cause harm"? It is obvious that they can.  ...  An attacker may be able to trick an already authenticated user into performing malicious actions.  ... 
doi:10.1007/s10796-009-9201-0 fatcat:vmwtnmyed5f7xccv2cejyw4wqy

Threats, Attacks, and Mitigations of Smartphone Security

Hewa M. Zangana, Marwan Omar
2020 Academic Journal of Nawroz University  
Mobile devices such as Smart Phones and Personal Assistant Devices (PDA) that are Internet based are becoming much more capable of handling complex tasks such as online shopping, online banking as well  ...  the use of smart phones that are Internet based, explore the current security mechanisms and strategies that are in place, and finally propose some proactive defense strategies to ensure appropriate protection  ...  mitigations and controls necessary to stop attacks launched by a community of cyber high profile hackers who are versed in the attack vector and understand the nature of vulnerabilities existed in the  ... 
doi:10.25007/ajnu.v9n4a989 fatcat:str4ze77ofcpngpajl2rndooim

A Survey on Ethical Hacking: Issues and Challenges [article]

Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, Ali Chehab
2021 arXiv   pre-print
However, in order to reduce the effect of these attacks, penetration tests are highly required, and can be considered as a suitable solution for this task.  ...  In fact, any identified exploitable vulnerability will be used to conduct attacks on systems, devices, or personnel.  ...  Therefore, it is highly important to know how pen testing is linked to ethical hackers, and how ethical hackers perform their pen testing duties and tasks.  ... 
arXiv:2103.15072v1 fatcat:kqj6isalovdzbald3w2kxnqhbe

The Consent of the Victim as Legal Defence in Cybercrime cases

2017 Challenges of the Knowledge Society  
the victim may grant permission to the attackers to perform specific tasks against its own systems or data, especially when these belongs to a public institution.  ...  The rise of Cybercrimes provides with great concerns among users, industry, banking sector or public institutions in terms of how much secure their computer systems or computer data are.  ...  In other words, there are some risks that the willing natural or legal person should take on when deciding to let a hacker or an external IT security specialist to perform hacking-style tasks on your systems  ... 
doaj:54be5e9b71f44e99a2837467c7ae0765 fatcat:jhjgsvfqsbaw7bu3oqq2d3n3ma


2020 Issues in Information Systems  
This journal article provides and in depth look at what Cybersecurity Engineers do, why more are needed, and how universities are creating programs to tackle the need.  ...  This may satisfy the immediate need well enough, but it does not address the demand for cybersecurity professionals with advanced degrees such as Cybersecurity Risk Management and Cybersecurity Engineering  ...  Programmers were aware of the potential trouble months prior to the attack, but playing catch-up to remedy the problem is more challenging that understanding how to cyber-harden technology from the beginning  ... 
doi:10.48009/4_iis_2020_275-284 fatcat:24qixl6para3nh36tojxovw72u

Common web application attack types and security using ASP.NET

Bojan Jovicic, Dejan Simic
2006 Computer Science and Information Systems  
It explains how to use ASP.NET to provide Web applications security.  ...  Web applications security is one of the most daunting tasks today, because of security shift from lower levels of ISO OSI model to application level, and because of current situation in IT environment.  ...  , then the coder needs to know how to code properly, or in security context, how to code defensively.  ... 
doi:10.2298/csis0602083j fatcat:hlcrse4s7zayxprw7v6rwmycxa

Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions

Adnan Akhunzada, Mehdi Sookhak, Nor Badrul Anuar, Abdullah Gani, Ejaz Ahmed, Muhammad Shiraz, Steven Furnell, Amir Hayat, Muhammad Khurram Khan
2015 Journal of Network and Computer Applications  
Secondly, the attacker has limitless and authorized access to the target. Thirdly, all major protections stand up to a determined attacker till a certain period of time.  ...  The ensuing paper also highlights the fundamental concept of digital assets, and the core protection mechanisms and their qualitative comparison against MATE attacks.  ...  Software protection resilience and MATE Code obfuscation is a largely adopted solution and is intended to obstruct code understanding. Code understanding, however, cannot be completely impeded.  ... 
doi:10.1016/j.jnca.2014.10.009 fatcat:kp3dqvfqhbewhlzz67r3xidgx4
« Previous Showing results 1 — 15 out of 4,445 results