Conferences
Investigating Operators' Perspective on Security Misconfigurations
Constanze Dietrich ,Katharina Krombholz ,Kevin Borgolte ,Tobias Fiebig Proceedings of the 25th ACM SIGSAC Conference on Computer and Communications Security (CCS),October 2018 Paper Link to paper BibTeX@inproceedings{ccs2018-security-misconfigurations, title = {{Investigating Operators' Perspective on Security Misconfigurations}}, author = {Dietrich, Constanze and Krombholz, Katharina and Borgolte, Kevin and Fiebig, Tobias}, booktitle = {Proceedings of the 25th ACM SIGSAC Conference on Computer and Communications Security (CCS)}, date = {2018-10}, doi = {10.1145/3243734.3243794}, edition = {25}, editor = {Backes, Michael and Wang, XiaoFeng}, isbn = {978-1-4503-5693-0}, location = {Toronto, ON, Canada}, publisher = {Association for Computing Machinery (ACM)}, url = {http://dx.doi.org/10.1145/3243734.3243794} }Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks
Wei Meng ,Chenxiong Qian ,Shuang Hao ,Kevin Borgolte ,Giovanni Vigna ,Christopher Kruegel ,Wenke Lee Proceedings of the 27th USENIX Security Symposium (USENIX Security),August 2018 Paper Link to paper BibTeX@inproceedings{sec2018-rampart, title = {{Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks}}, author = {Meng, Wei and Qian, Chenxiong and Hao, Shuang and Borgolte, Kevin and Vigna, Giovanni and Kruegel, Christopher and Lee, Wenke}, booktitle = {Proceedings of the 27th USENIX Security Symposium (USENIX Security)}, date = {2018-08}, edition = {27}, editor = {Enck, William and Porter Felt, Adrienne}, location = {Baltimore, MD, USA}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/meng} }Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones
Kevin Borgolte ,Shuang Hao ,Tobias Fiebig ,Giovanni Vigna Proceedings of the 39th IEEE Symposium on Security & Privacy (S&P),May 2018 Paper Link to paper Link to recorded presentation BibTeX@inproceedings{sp2018-enumerating-ipv6, title = {{Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones}}, author = {Borgolte, Kevin and Hao, Shuang and Fiebig, Tobias and Vigna, Giovanni}, booktitle = {Proceedings of the 39th IEEE Symposium on Security \& Privacy (S\&P)}, date = {2018-05}, doi = {10.1109/SP.2018.00027}, edition = {39}, editor = {Parno, Bryan and Kruegel, Christopher}, isbn = {978-1-5386-4353-2}, issn = {2375-1207}, location = {San Francisco, CA, USA}, pages = {438--452}, publisher = {Institute of Electrical and Electronics Engineers (IEEE)}, url = {http://dx.doi.org/10.1109/SP.2018.00027} }In rDNS We Trust: Revisiting a Common Data-Source's Reliability
Tobias Fiebig ,Kevin Borgolte ,Shuang Hao ,Christopher Kruegel ,Giovanni Vigna ,Anja Feldmann Proceedings of the 19th Passive and Active Measurement (PAM),March 2018 Paper Link to paper BibTeX@inproceedings{pam2018-in-rdns-we-trust, title = {{In rDNS We Trust: Revisiting a Common Data-Source's Reliability}}, author = {Fiebig, Tobias and Borgolte, Kevin and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni and Feldmann, Anja}, booktitle = {Proceedings of the 19th Passive and Active Measurement (PAM)}, series = {Lecture Notes in Computer Science (LNCS)}, date = {2018-03}, doi = {10.1007/978-3-319-76481-8_10}, edition = {13}, editor = {Beverly, Robert and Smaragdakis, Georgios}, isbn = {978-3-319-54327-7}, location = {Berlin, Germany}, pages = {131--145}, publisher = {Springer International Publishing}, url = {http://dx.doi.org/10.1007/978-3-319-76481-8_10}, volume = {10771} }Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
Kevin Borgolte ,Tobias Fiebig ,Shuang Hao ,Christopher Kruegel ,Giovanni Vigna Proceedings of the 25th Network and Distributed System Security Symposium (NDSS),February 2018 Paper Link to paper Link to recorded presentation BibTeX@inproceedings{ndss2018-cloud-strife, title = {{Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates}}, author = {Borgolte, Kevin and Fiebig, Tobias and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni}, booktitle = {Proceedings of the 25th Network and Distributed System Security Symposium (NDSS)}, date = {2018-02}, doi = {10.14722/ndss.2018.23327}, edition = {25}, editor = {Traynor, Patrick and Oprea, Alina}, isbn = {1891562-49-5}, location = {San Diego, CA, USA}, publisher = {Internet Society (ISOC)}, url = {http://dx.doi.org/10.14722/ndss.2018.23327} }Something From Nothing (There): Collecting Global IPv6 Datasets From DNS
Tobias Fiebig ,Kevin Borgolte ,Shuang Hao ,Christopher Kruegel ,Giovanni Vigna Proceedings of the 18th Passive and Active Measurement (PAM),March 2017 Paper Link to paper BibTeX@inproceedings{pam2017-something-from-nothing-there, title = {{Something From Nothing (There): Collecting Global IPv6 Datasets From DNS}}, author = {Fiebig, Tobias and Borgolte, Kevin and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni}, booktitle = {Proceedings of the 18th Passive and Active Measurement (PAM)}, series = {Lecture Notes in Computer Science (LNCS)}, date = {2017-03}, doi = {10.1007/978-3-319-54328-4_3}, edition = {12}, editor = {Kâafar, Mohamed Ali and Uhlig, Steve and Johanna Amann}, isbn = {978-3-319-54328-4}, location = {Sydney, Australia}, pages = {30--43}, publisher = {Springer International Publishing}, url = {http://dx.doi.org/10.1007/978-3-319-54328-4_3}, volume = {10176} }Drops for Stuff: An Analysis of Reshipping Mule Scams
Shuang Hao ,Kevin Borgolte ,Nick Nikiforakis ,Gianluca Stringhini ,Manuel Egele ,Michael Eubanks ,Brian Krebs ,Giovanni Vigna Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS),October 2015 Paper Link to paper Slides BibTeX@inproceedings{ccs2015-drops-for-stuff, title = {{Drops for Stuff: An Analysis of Reshipping Mule Scams}}, author = {Hao, Shuang and Borgolte, Kevin and Nikiforakis, Nick and Stringhini, Gianluca and Egele, Manuel and Eubanks, Michael and Krebs, Brian and Vigna, Giovanni}, booktitle = {Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS)}, acmid = {2813620}, date = {2015-10}, doi = {10.1145/2810103.2813620}, edition = {22}, editor = {Li, Ninghui and Kruegel, Christopher}, isbn = {978-1-4503-3832-5}, location = {Denver, CO, USA}, numpages = {12}, pages = {1081--1092}, publisher = {Association for Computing Machinery (ACM)}, url = {http://dx.doi.org/10.1145/2810103.2813620} }Meerkat: Detecting Website Defacements through Image-based Object Recognition
Kevin Borgolte ,Christopher Kruegel ,Giovanni Vigna Proceedings of the 24th USENIX Security Symposium (USENIX Security),August 2015 Paper Link to paper Slides BibTeX@inproceedings{sec2015-meerkat, title = {{Meerkat: Detecting Website Defacements through Image-based Object Recognition}}, author = {Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni}, booktitle = {Proceedings of the 24th USENIX Security Symposium (USENIX Security)}, date = {2015-08}, edition = {24}, editor = {Jung, Jaeyeon Jung and Holz, Thorsten}, isbn = {978-1-931971-232}, location = {Washington, D.C., USA}, note = {Internet Defense Prize Finalist}, pages = {595--610}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/borgolte} }Protecting Web Single Sign-on against Relying Party Impersonation Attacks through a Bi-directional Secure Channel with Authentication
Yinzhi Cao ,Yan Shoshitaishvili ,Kevin Borgolte ,Christopher Kruegel ,Giovanni Vigna ,Yan Chen Proceedings of the 17th International Symposium on Recent Advances in Intrusion Detection (RAID),September 2014 Paper Link to paper Slides Link to recorded presentation BibTeX@inproceedings{raid2014-protecting-websso, title = {{Protecting Web Single Sign-on against Relying Party Impersonation Attacks through a Bi-directional Secure Channel with Authentication}}, author = {Cao, Yinzhi and Shoshitaishvili, Yan and Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni and Chen, Yan}, booktitle = {Proceedings of the 17th International Symposium on Recent Advances in Intrusion Detection (RAID)}, series = {Lecture Notes in Computer Science (LNCS)}, date = {2014-09}, doi = {10.1007/978-3-319-11379-1_14}, edition = {17}, editor = {Stavrou, Angelos and Bos, Herbert and Portokalidis, Georgios}, isbn = {978-3-319-11379-1}, location = {Gothenburg, Sweden}, pages = {276--298}, publisher = {Springer International Publishing}, url = {http://dx.doi.org/10.1007/978-3-319-11379-1_14}, volume = {8688} }Relevant Change Detection: Framework for the Precise Extraction of Modified and Novel Web-based Content as a Filtering Technique for Analysis Engines
Kevin Borgolte ,Christopher Kruegel ,Giovanni Vigna Proceedings of the 23rd World Wide Web Conference (WWW),April 2014 Paper Link to paper BibTeX@inproceedings{wwwdev2014-relevant-change-detection, title = {{Relevant Change Detection: Framework for the Precise Extraction of Modified and Novel Web-based Content as a Filtering Technique for Analysis Engines}}, author = {Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni}, booktitle = {Proceedings of the 23rd World Wide Web Conference (WWW)}, series = {WWW Companion}, acmid = {2578039}, date = {2014-04}, doi = {10.1145/2567948.2578039}, edition = {23}, editor = {Broder, Andrei Z. and Shim, Kyuseok and Suel, Torsten}, isbn = {978-1-4503-2745-9}, location = {Seoul, Republic of Korea}, note = {Developers' Track}, numpages = {4}, pages = {595--598}, publisher = {International World Wide Web Conference Committee (IW3C2)}, url = {http://dx.doi.org/10.1145/2567948.2578039} }Delta: Automatic Identification of Unknown Web-based Infection Campaigns
Kevin Borgolte ,Christopher Kruegel ,Giovanni Vigna Proceedings of the 20th ACM SIGSAC Conference on Computer and Communications Security (CCS),November 2013 Paper Link to paper Slides BibTeX@inproceedings{ccs2013-delta, title = {{Delta: Automatic Identification of Unknown Web-based Infection Campaigns}}, author = {Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni}, booktitle = {Proceedings of the 20th ACM SIGSAC Conference on Computer and Communications Security (CCS)}, acmid = {2516725}, date = {2013-11}, doi = {10.1145/2508859.2516725}, edition = {20}, editor = {Gligor, Virgil D. and Yung, Moti}, isbn = {978-1-4503-2477-9}, location = {Berlin, Germany}, numpages = {12}, pages = {109--120}, publisher = {Association for Computing Machinery (ACM)}, url = {http://dx.doi.org/10.1145/2508859.2516725} }
Journals
Cyber Grand Shellphish
Antonio Bianchi ,Kevin Borgolte ,Jacopo Corbetta ,Francesco Disperati ,Andrew Dutcher ,John Grosen ,Paul Grosen ,Aravind Machiry ,Christopher Salls ,Yan Shoshitaishvili ,Nick Stephens ,Giovanni Vigna ,Ruoyu Wang Phrack (Volume 15, Issue 70),January 2017 Link to paper Plaintext BibTeX@article{phrack2017-cyber-grand-shellphish, title = {{Cyber Grand Shellphish}}, author = {Bianchi, Antonio and Borgolte, Kevin and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Shoshitaishvili, Yan and Stephens, Nick and Vigna, Giovanni and Wang, Ruoyu}, date = {2017-01}, journal = {Phrack}, note = {Authors listed alphabetically}, number = {70}, publisher = {The Phrack Staff}, url = {http://phrack.org/papers/cyber_grand_shellphish.html}, volume = {15} }What You Submit is Who You Are: A Multi-Modal Approach for Deanonymizing Scientific Publications
Mathias Payer ,Ling Huang ,Neil Zhenqiang Gong ,Kevin Borgolte ,Mario Frank IEEE Transactions on Information Forensics and Security (TIFS) (Volume 10, Issue 1),January 2015 Paper Link to paper BibTeX@article{tifs2015-what-you-submit-is-who-you-are, title = {{What You Submit is Who You Are: A Multi-Modal Approach for Deanonymizing Scientific Publications}}, author = {Payer, Mathias and Huang, Ling and Gong, Neil Zhenqiang and Borgolte, Kevin and Frank, Mario}, date = {2015-01}, doi = {10.1109/TIFS.2014.2368355}, issn = {1556-6013}, journal = {IEEE Transactions on Information Forensics and Security (TIFS)}, number = {1}, pages = {200--212}, publisher = {Institute of Electrical and Electronics Engineers (IEEE)}, url = {http://dx.doi.org/10.1109/TIFS.2014.2368355}, volume = {10} }
Magazines
Mechanical Phish: Resilient Autonomous Hacking
Yan Shoshitaishvili ,Antonio Bianchi ,Kevin Borgolte ,Amat Cama ,Jacopo Corbetta ,Francesco Disperati ,Andrew Dutcher ,John Grosen ,Paul Grosen ,Aravind Machiry ,Christopher Salls ,Nick Stephens ,Ruoyu Wang ,Giovanni Vigna IEEE Security & Privacy,March 2018 Link to paper BibTeX@article{spm2018-mechanical-phish, title = {{Mechanical Phish: Resilient Autonomous Hacking}}, author = {Shoshitaishvili, Yan and Bianchi, Antonio and Borgolte, Kevin and Cama, Amat and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Stephens, Nick and Wang, Ruoyu and Vigna, Giovanni}, date = {2018-03/2018-04}, doi = {10.1109/MSP.2018.1870858}, issn = {1558-4046}, journal = {IEEE Security \& Privacy}, number = {2}, pages = {12--22}, publisher = {Institute of Electrical and Electronics Engineers (IEEE)}, url = {http://dx.doi.org/10.1109/MSP.2018.1870858}, volume = {16} }
Presentations
Moving Fast and Breaking Things: Security Misconfigurations
Kevin Borgolte Industry Conference, USENIX Enigma 2019,January 2019 BibTeX@misc{enigma2018-moving-fast, title = {{Moving Fast and Breaking Things: Security Misconfigurations}}, author = {Borgolte, Kevin}, date = {2019-01-30}, howpublished = {Industry Conference, USENIX Enigma 2019} }Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
Kevin Borgolte Industry Conference, 2018 Applied Networking Research Workshop (ANRW), co-located with IETF 102,July 2018 BibTeX@misc{anrw2018-cloud-strife, title = {{Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates}}, author = {Borgolte, Kevin}, date = {2018-07-16}, howpublished = {Industry Conference, 2018 Applied Networking Research Workshop (ANRW), co-located with IETF 102} }Cyber Grand Shellphish: Shellphish and the DARPA CGC
Kevin Borgolte Hacker Conference, hack.lu 2016,October 2016 BibTeX@misc{hacklu2016-cyber-grand-shellphish, title = {{Cyber Grand Shellphish: Shellphish and the DARPA CGC}}, author = {Borgolte, Kevin}, date = {2016-10-18}, howpublished = {Hacker Conference, hack.lu 2016} }Cyber Grand Shellphish: Shellphish and the DARPA CGC
Antonio Bianchi ,Kevin Borgolte ,Jacopo Corbetta ,Francesco Disperati ,Andrew Dutcher ,John Grosen ,Paul Grosen ,Aravind Machiry ,Christopher Salls ,Yan Shoshitaishvili ,Nick Stephens ,Giovanni Vigna ,Ruoyu Wang Hacker Conference, DEFCON 24,August 2016 BibTeX@misc{defcon2016-cyber-grand-shellphish, title = {{Cyber Grand Shellphish: Shellphish and the DARPA CGC}}, author = {Bianchi, Antonio and Borgolte, Kevin and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Shoshitaishvili, Yan and Stephens, Nick and Vigna, Giovanni and Wang, Ruoyu}, date = {2016-08-07}, howpublished = {Hacker Conference, DEFCON 24} }
Workshops
Ten Years of iCTF: The Good, The Bad, and The Ugly
Giovanni Vigna ,Kevin Borgolte ,Jacopo Corbetta ,Adam Doupé ,Yanick Fratantonio ,Luca Invernizzi ,Dhilung Kirat ,Yan Shoshitaishvili Proceedings of the 1st USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE),August 2014 Paper Link to paper Link to recorded presentation BibTeX@inproceedings{3gse2014-10-years-of-ictf, title = {{Ten Years of iCTF: The Good, The Bad, and The Ugly}}, author = {Vigna, Giovanni and Borgolte, Kevin and Corbetta, Jacopo and Doupé, Adam and Fratantonio, Yanick and Invernizzi, Luca and Kirat, Dhilung and Shoshitaishvili, Yan}, booktitle = {Proceedings of the 1st USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE)}, date = {2014-08}, edition = {1}, editor = {Peterson, Zachary N. J.}, location = {San Diego, CA}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/3gse14/summit-program/presentation/vigna} }