In this research paper we investigate if people do plug random USB drives and found out that 45-98% do. We analyze the factors that affect opening rate and people motivation for plug-in in their computers those insecure drives.
This post summarizes which equipement the FBI use to seize the content of servers and laptops despite many of them use full disk encryption and which defenses exist.
Paper about a novel generic approach to solving captchas using a single step that uses machine learning to attack the segmentation and the recognition problems simultaneously. Our tests show that this approac is able solve all the real world captcha schemes evaluated including Yahoo (5.33%) and ReCaptcha (33.34%), without any adjustments to the algorithm or its parameters. Our success against the Baidu (38.68%) and CNN (51.09%) schemes that use occluding lines as well as character collapsing leads us to believe that our approach is able to defeat occluding lines in an equally general manner.
This talk about how to use Machine learning to attack trading cards games using Hearthstone as an example.
WebDroid the first framework specifically dedicated to build secure embedded WebApp. This framework is build on the insights we gleaned from the security analysis of 30 embedded devices web interfaces for which we found over than 50 vulnerabilities.
We present how to by pass offline the 4 layers of Windows encryption that protect web credentials and instant messengers credentials. We explain how to extract the sensitive data stored by the four major web browsers and the most popular instant messengers softwares such as Skype and Live messenger.
We show how to perform memory based attack against real-strategy games using our tool Kartograph to create map-hack. To defend against theses attacks we develop secure protocols for distributing game state among players so that each client only has the data he is allowed to see.
We show how using a generic approach, based on advanced audio processing and machine learning algorithm, our captcha breaker "Decaptcha" is able to break all the popular audio CAPTCHA schemes, including Microsoft and Yahoo.
Based on our reverse-engineering we show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
We present Kartograph our memory analyzer designed to perform live memory attacks against various games. We demonstrate how to use Kartograph to create undetectable map-hacks against various populars RTS such as Civ 4, Warcraft 3 and Supreme commander 2 in a matter of minutes.