I am a security enthusiast who is currently working as security engineer at Intuit. This blog post I will be using to write some tech blogs so that I can share my knowledge with the world and keep an archive for myself.
© 2019. All rights reserved.
This thesis, presents a new approach to vulnerability analysis. The vulnerability analysis module presented uses a novel approach of Inductive Reverse Engineering (IRE) to understand and model the web application. IRE first attempts to understand the behavior of the web application by giving certain number of input/output pairs to the web application. Then, the IRE module hypothesizes a set of programs (in a limited language specific to web applications, called AWL) that satisfy the input/output pairs. These hypotheses takes the form of a directed acyclic graph (DAG). AWL vulnerability analysis module can then attempt to detect vulnerabilities in this DAG. Further, it generates the payload based on the DAG, and therefore this payload will be a precise payload to trigger the potential vulnerability (based on our understanding of the program). It then tests this potential vulnerability using the generated payload on the actual web application, and creates a verification procedure to see if the potential vulnerability is actually vulnerable, based on the web application’s response.
Toward Inductive Reverse Engineering of Web Applications
Kevin liao, Tejas Khairnar, Dr. Adam Doupe [In Submission]
In this research work we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. Our framework consists of various intelligence modules viz., IOC module, Malware Analysis module, Bitcoin module, Social dynamics module.
Toward Automated Threat Intelligence Fusion
Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Dr. Adam Doupe, Dr. Gail-Joon Ahn, Paul Black
Automated Threat Intelligence Fusion: Design and Implementation
Zhibo Sun, Ajay Modi, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Dr. Adam Doupe, Dr. Gail-Joon Ahn