More Than 1,200 Phishing Toolkits Capable of Intercepting 2FA Detected in the Wild bit.ly/3z1fmua

Hackers Are Getting Better and Better At Defeating Your 2FA Security dlvr.it/SG9tGy

Ever realized that online articles can change *after* you read them? Together with Jacky Guo, Brian Kondracki, and Steven Skiena, we explore this phenomenon in our WWW '22 paper "Verba Volant, Scripta Volant: Understanding Post-publication Title Changes in News Outlets"

Later, on June 10, Brian Kondracki and I will present our recent "Catching Transparent Phish" work on identifying new generations of MITM phishing kits in the wild. whova.com/web/GKSmlhCK%2…

Tomorrow (May 25), Johnny will be presenting our work titled "Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust" at @IEEESP 2022 #SP22 youtube.com/watch?v=5Nwnnf…

In one week, Brian Kondracki will present our paper with Johnny So titled “Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots” at USENIX Security . Let me tell you a bit about this work 🧵 securitee.org/files/ctpot_us…

Why don't robust models enjoy much adoption in the real world? In my student's (@PratikV79260717) first USENIX Security paper, we argue that reduction in natural accuracy and the increased training cost are the two culprits and tackle the second challenge head-on. (1/3)

2 papers from PragSec are in the running for the SpringerOpen 2023 Cybersecurity Award. First paper is on evading Android sandboxes. Second one is on building honeypots for Certificate Transparency. If you liked the papers, we would appreciate your vote! zh.surveymonkey.com/r/VWPD7GQ

Today at Usenix Security 2023 #usesec23 Track 1 (10:45AM), I will present our work on attack surface reduction for web applications aka debloating. In the first paper titled Minimalist, Rasoul and I build a static analysis tool to generate the call graphs of PHP applications.

Following up my first talk at Usenix Security 2023 #usesec23 Track 1 (10:45AM), I present AnimateDead🪦, which is a distributed concolic execution engine for PHP applications. AnimateDead leverages a PHP emulator to execute applications in a symbolic environment.

Looking forward to giving this talk next week! I will be presenting our work on crypto scams from NDSS 2023, as well as our upcoming work on how attackers target crypto users on video platforms (NDSS 2024). Next to all the cryptocurrency-specific topics, we will also cover DNS

How do bots attack websites? How can a web browser trust an organization’s public key cryptographic credential? NSA awarded the authors of a paper who dove into these questions and came up with some intriguing answers. Learn more: nsa.gov/Press-Room/New…

Happy to announce that Brian Kondracki and Johnny So's 2022 USENIX Security paper on Certificate Transparency bots was selected as the winner of the 11th NSA Annual Best Scientific Cybersecurity paper competition!

Thanks for your inspiring keynote today Brian Kondracki. We are still celebrating your National Security Agency award with @NickNikiforakis and Johnny So. "Uninvited Guests" Wins National Security Agency Award Link: cs.stonybrook.edu/about-us/News/… SBU College of Engineering & Applied Sciences @AI_SBU Stony Brook University

And the #secweb best paper award goes to "Manufactured Narratives: On the Potential of Manipulating Social Media to Politicize World Events" by Chris Tsoukaladelis (Chris) and Nick Nikiforakis (Nick Nikiforakis) from Stony Brook University ! Congrats to the authors! 🎉 CC jason polakis

⏰ The submission deadline for ISC 2024 is June 6, AoE. Only a week left to get your submissions in! More info at the conference website: isc24.cs.gmu.edu/call-for-paper…

In 2017, with Enrico Mariconti Gianluca Stringhini Jeremiah Onaolapo and other collaborators, we studied the problem of changing profile names on Twitter and how any links from the general web to Twitter/X become "dangling" allowing attackers to claim old profile names and the

Now that I was able to get my hands on a picture, I am happy to announce that Chris won second place in the "social impact" category of the 2024 NYU CSAW Cybersecurity Games and Conference competition, out of 194 submissions!

Our first #ACSAC2024 #PaperPreview today is by Kondracki et al. who show that many #servers start out insecure and only become #secure in the hours and days after they become publicly accessible: openconf.org/acsac2024/modu… #websecurity #TLS Nick Nikiforakis Brian Kondracki Stony Brook University Dept. of Computer Science

Stony Brook University researchers uncovered a new #Blockchain vulnerability, showing how cybercriminals exploit human error in naming systems. Led by Prof. Nick Nikiforakis, they won bronze at eCrime 2024 in Boston! #CyberSecurity