Call for Paper: 2nd Workshop on Large-scale Exploits and Emergent Threats (LEET '09)

Thursday, October 9. 2008
The Call for Papers for the Second USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '09) is available since a couple of days. I am very proud to be one of the members of the program committee and hope that some readers of this blog also submit a paper to the workshop. LEET '09 will focus - similar to last year's workshop - on the underlying mechanisms used to compromise and control hosts, the large-scale "applications" being perpetrated upon this framework, and the social and economic networks driving these threats.

Important dates:
  • Paper submissions due: January 16, 2009, 11:59 p.m. EST

  • Notification to authors: March 2, 2009

  • Final papers due: March 30, 2009

  • Workshop: April 21, 2009 - Boston, MA, USA

The workshop will be will be held immediately before the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI '09), which will take place April 22–24, 2009.

Overview:
As the Internet has become a universal mechanism for commerce and communication, it has also become an attractive medium for online criminal enterprise. Today, widespread vulnerabilities in both software and user behavior allow miscreants to compromise millions of hosts (worms, viruses, drive-by exploits, etc.), conceal their activities with sophisticated system software (rootkits), and manage these resources via a distributed command and control framework (botnets). This platform in turn provides economics of scale for a wide range of criminal activities including spam, phishing, DDoS, click fraud, and so on.

Posted by Thorsten Holz in general, paper at 19:58 | Comments (0) | Trackbacks (0)

IMF'08: "Reconstructing People's Lives: A Case Study in Teaching Forensic Computing"

Thursday, October 2. 2008
Last week I attended the 4th International Conference on IT Incident Management & IT Forensics (IMF'08) which took place in Mannheim, Germany. IMF's focus is on different aspects of forensic and the program was a mix of academic and industry talks. Especially the invited talks were interesting, my personal highlight was FX's talk on router forensics (the slides from a similar talk at BlackHat DC are available at Recurity Labs).

Together with Felix Freiling and Martin Mink, I had a paper at IMF about the lessons we learned when teaching IT forensics at our university. The paper is now available and present some of the high-level findings.
At our lab, we regularly offer a lecture on IT forensics that deals with the principles of forensics, file system analysis, live analysis, and similar topics. Last time we had two main exercises: filesystem forensic on a prepared floppy disk and some hard disks we bought at eBay and a live analysis of a compromised honeypot. All slides used during the lecture on IT forensics are available at the website of our lab. Perhaps we can also publish more material (e.g., the exercises we used during the ecture), I need to check this...
We also regularly offer a lab on practical aspects of IT security and last time we also included a part on forensics. In theses exercises the students had to analyze used hard disks, flash drives, and mobile phones.

More information about these lectures and labs is available in the IMF'08 paper.
Posted by Thorsten Holz in general, paper at 15:26 | Comments (0) | Trackbacks (0)
(Page 1 of 1, totaling 2 entries)