Vulnerability Discovery

Carlotta Tagliaro, Martina Komsic, Andrea Continella, Kevin Borgolte, Martina Lindorfer

Proceedings of the 27th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2024

@inproceedings{raid2024-iot-backends,
  title     = {{Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols}},
  author    = {Tagliaro, Carlotta and Komsic, Martina and Continella, Andrea and Borgolte, Kevin and Lindorfer, Martina},
  booktitle = {Proceedings of the 27th International Symposium on Recent Advances in Intrusion Detection (RAID)},
  series    = {Lecture Notes in Computer Science (LNCS)},
  date      = {2024-09},
  doi       = {https://doi.org/10.1145/3678890.3678899},
  edition   = {27},
  editor    = {Aafer, Yousra and Fratantonio, Yanick},
  isbn      = {979-8-4007-0959},
  location  = {Padua, Italy},
  publisher = {Springer International Publishing},
  url       = {https://doi.org/10.1145/3678890.3678899}
}

Ting-Han Chen, Carlotta Tagliaro, Martina Lindorfer, Kevin Borgolte, Jeroen van der Ham-de Vos

Proceedings of the 9th International Workshop on Traffic Measurements for Cybersecurity (WTMC), July 2024

@inproceedings{wtmc2024are-you-sure-you-want-to-do-cvd,
  title     = {{Are You Sure You Want To Do Coordinated Vulnerability Disclosure?}},
  author    = {Chen, Ting-Han and Tagliaro, Carlotta and Lindorfer, Martina and Borgolte, Kevin and van der Ham-de Vos, Jeroen},
  booktitle = {Proceedings of the 9th International Workshop on Traffic Measurements for Cybersecurity (WTMC)},
  date      = {2024-07-08},
  doi       = {10.1109/EuroSPW61312.2024.00039},
  edition   = {9},
  location  = {Vienna, Austria},
  publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
  url       = {https://doi.org/10.1109/EuroSPW61312.2024.00039}
}

David Schmidt, Carlotta Tagliaro, Kevin Borgolte, Martina Lindorfer

Proceedings of the 30th ACM SIGSAC Conference on Computer and Communications Security (CCS), November 2023

@inproceedings{ccs2023-iotflow,
  title     = {{IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis}},
  author    = {Schmidt, David and Tagliaro, Carlotta and Borgolte, Kevin and Lindorfer, Martina},
  booktitle = {Proceedings of the 30th ACM SIGSAC Conference on Computer and Communications Security (CCS)},
  date      = {2023-11},
  doi       = {10.1145/3576915.3623211},
  edition   = {30},
  editor    = {Cremers, Cas and Kirda, Engin},
  location  = {Copenhagen, Denmark},
  publisher = {Association for Computing Machinery (ACM)},
  url       = {https://doi.org/10.1145/3576915.3623211}
}

Stijn Pletinckx, Kevin Borgolte, Tobias Fiebig

Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS), November 2021

@inproceedings{ccs2021-out-of-sight-out-of-mind,
  title     = {{Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale}},
  author    = {Pletinckx, Stijn and Borgolte, Kevin and Fiebig, Tobias},
  booktitle = {Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS)},
  date      = {2021-11},
  doi       = {10.1145/3460120.3485367},
  edition   = {28},
  editor    = {Shi, Elaine and Vigna, Giovanni},
  isbn      = {978-1-4503-8454-4},
  location  = {Seoul, South Korea},
  publisher = {Association for Computing Machinery (ACM)},
  url       = {https://doi.org/10.1145/3460120.3485367}
}

Antonio Bianchi, Kevin Borgolte, Jacopo Corbetta, Francesco Disperati, Andrew Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Giovanni Vigna, Ruoyu Wang

Phrack (Volume 15, Issue 70), October 2021

Authors listed alphabetically.

@article{phrack2021-cyber-grand-shellphish,
  title     = {{Cyber Grand Shellphish}},
  author    = {Bianchi, Antonio and Borgolte, Kevin and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Shoshitaishvili, Yan and Stephens, Nick and Vigna, Giovanni and Wang, Ruoyu},
  date      = {2021-10-05},
  journal   = {Phrack},
  number    = {70},
  publisher = {The Phrack Staff},
  url       = {http://phrack.org/papers/cyber_grand_shellphish.html},
  volume    = {15}
}

Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel, Giovanni Vigna

Proceedings of the 2018 Applied Networking Research Workshop (ANRW), July 2018

Extended abstract. Co-located with IETF 102.

@inproceedings{anrw2018-cloud-strife,
  title     = {{Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates}},
  author    = {Borgolte, Kevin and Fiebig, Tobias and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni},
  booktitle = {Proceedings of the 2018 Applied Networking Research Workshop (ANRW)},
  date      = {2018-07-16},
  doi       = {10.1145/3232755.3232859},
  editor    = {Choffnes, David and Goldberg, Sharon},
  isbn      = {978-1-4503-5585-8},
  location  = {Montréal, QC, Canada},
  publisher = {Association for Computing Machinery (ACM)},
  url       = {https://doi.org/10.1145/3232755.3232859}
}

Kevin Borgolte, Shuang Hao, Tobias Fiebig, Giovanni Vigna

Proceedings of the 39th IEEE Symposium on Security & Privacy (S&P), May 2018

@inproceedings{sp2018-enumerating-ipv6,
  title     = {{Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones}},
  author    = {Borgolte, Kevin and Hao, Shuang and Fiebig, Tobias and Vigna, Giovanni},
  booktitle = {Proceedings of the 39th IEEE Symposium on Security \& Privacy (S\&P)},
  date      = {2018-05},
  doi       = {10.1109/SP.2018.00027},
  edition   = {39},
  editor    = {Parno, Bryan and Kruegel, Christopher},
  isbn      = {978-1-5386-4353-2},
  issn      = {2375-1207},
  location  = {San Francisco, CA, USA},
  pages     = {438--452},
  publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
  url       = {https://doi.org/10.1109/SP.2018.00027}
}

Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Andrew Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Christopher Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna

IEEE Security & Privacy, March 2018

@article{spm2018-mechanical-phish,
  title     = {{Mechanical Phish: Resilient Autonomous Hacking}},
  author    = {Shoshitaishvili, Yan and Bianchi, Antonio and Borgolte, Kevin and Cama, Amat and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Stephens, Nick and Wang, Ruoyu and Vigna, Giovanni},
  date      = {2018-03/2018-04},
  doi       = {10.1109/MSP.2018.1870858},
  issn      = {1558-4046},
  journal   = {IEEE Security \& Privacy},
  number    = {2},
  pages     = {12--22},
  publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
  url       = {https://doi.org/10.1109/MSP.2018.1870858},
  volume    = {16}
}

Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel, Giovanni Vigna

Proceedings of the 25th Network and Distributed System Security Symposium (NDSS), February 2018

@inproceedings{ndss2018-cloud-strife,
  title     = {{Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates}},
  author    = {Borgolte, Kevin and Fiebig, Tobias and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni},
  booktitle = {Proceedings of the 25th Network and Distributed System Security Symposium (NDSS)},
  date      = {2018-02},
  doi       = {10.14722/ndss.2018.23327},
  edition   = {25},
  editor    = {Traynor,  Patrick and Oprea, Alina},
  isbn      = {1891562-49-5},
  location  = {San Diego, CA, USA},
  publisher = {Internet Society (ISOC)},
  url       = {https://doi.org/10.14722/ndss.2018.23327}
}