A great ride with Adil Inam Wajih Ul Hassan @AliThespy Adam Bates Yuile and other collaborators to NDSS Symposium! #NDSS22 It's eye-opening when Wajih Ul Hassan first showed me that configurations can be as crazy as part of attack vectors by presenting CVE-2016-7790 in CS 523.

Excited to announce that our *data provenance* SoK, "History is a Vast Early Warning System: Auditing the Provenance of System Intrusions," has been conditionally accepted to IEEE S&P #Oakland23. Before finalizing the camera-ready paper, we need your help!

Tomorrow morning in Session 9C (9am, Bayview AB) — system auditing research may not be sexy, but it has *exploded* since 2015. Come watch Adil Inam and I break it all down for you in our data provenance SoK, “History is a vast early warning system!”

Woooooo great job Adil Inam !!!

Upcoming at USENIX Security’24 — In (academic) systems security research, name checking ATT&CK has been the “peer review armor” of choice for a lot of work recently. But do these papers understand what ATT&CK is(n’t)? What about commercial products?

To understand how ATT&CK is used in commercial endpoint detection products, Apurva Virkud led an analysis of the ATT&CK technique annotations in the Carbon Black, Splunk, Elastic, and Sigma rulesets.

Paper link here: gangw.cs.illinois.edu/mitre24.pdf. We disclosed our results to the surveyed company’s, ATT&CK and CITD, and will be also be presenting these results at ATTACKCon 5.0 this Fall.

Every person who you mentor is a unique individual, and none of them are you. Mentoring isn’t about sharing what you would do, but exploring what’s best for them to do.

Traditionally in ML, building models is the central activity and evaluation is a bit of an afterthought. But the story of ML over the last decade is that models are more general-purpose and more capable. General purpose means you build once but have to evaluate everywhere.

Listen to this guy.

Keep an eye out for our presentations. 🕴️

The struggle is real. 🤷‍♂️

Yes please.