A big THANK YOU to everyone who submitted artifacts alongside their papers! 👏👏👏 Overall 43 artifacts could be awarded a badge this year. That is a huge leap forward from ~20 last year and represents 59% of all accepted papers 🥳🙌 acsac.org/2022/program/a…

We are looking for ACM CCS 2023 PC members! Self-nomination is also encouraged. We are looking for PC members that can help ensure constructive, timely, high-quality reviews, and constructive interactions:
docs.google.com/forms/d/e/1FAI…

We are super excited to announce Suman Jana as the keynote of #ACSAC2022 🙌 He will talk about Automated Data-driven Binary Analysis for Security. You can check out his bio and an abstract of the talk in the conference program: openconf.org/acsac2022/modu…

📣 The full program of #ACSAC2022 is now live on the website: openconf.org/acsac2022/modu…

Final Call for Papers to #Financial #Cryptography and #Data #Security 2023, May 1-5 in Bol, on Brač island, Croatia.

Submission deadline is 19 October AoE (hard)

Send us your papers!

fc23.ifca.ai/cfp.html

The deadline to submit your poster or work-in-progress is one month out on November 7. You can find all the info and submission instructions in the call on the #ACSAC2022 website: acsac.org/2022/submissio…

The Web is going MAD again! Join us for the 5th #MADWeb workshop NDSS Symposium 2023!
Please consider submitting your awesome Web Security & Privacy research (deadline: Dec 9 AoE), and help us spread the words!
CFP: madweb.work
Zubair Shafiq

📣 Just one week left to submit your artifact to the #ACSAC2022 Cybersecurity Artifacts Competition and Impact Award. Time to get everything in order to submit! acsac.org/2022/submissio…

Hello hackers! Wanted to try pwncollege but never got past the expectation of x86 Assembly knowledge? Now you can! We just launched a new Assembly Crash Course lecture series to complement last year's Assembly Refresher challenges! Check it out: dojo.pwn.college/cse466/challen…

This is a very important initiative for our community. The awards selection committee will include experienced members from academia, industry and gov funding agencies (to be announced soon).

Please consider submitting your previously published artifacts!

'Thank you for volunteering to serve on this committee'

Brian Kondracki and I will be at USENIX next week. If you are interested in bots, fingerprinting, and deception, we are looking forward to chatting with you. The paper and data that CTPoT gathered are available here: uninvited-guests.github.io

Finally, the Log4j vulnerability was discovered during our measurement period. We received *60* times more probes on the IP addresses of our servers, compared to our CTPoT domain names. This confirms that, at the moment, CT is used more among defenders, than attackers.

The malicious bots that focused on endpoints appearing to run something vulnerable (e.g. phpmyadmin, private, postgresql) were fewer, but they were also much more likely to pivot to other network protocols and attempt to brute-force them.

TLS fingerprinting saved the day once again. The vast majority of clients were claiming to be real browsers but were, in fact, programming libraries and well-known scanning tools.

The majority of these likely anti-phishing bots sent only a single request for document root to CTPoT before going away. In terms of geolocation, countries like Germany, the UK, and the Netherlands were only responsible for traffic focusing on our impersonating domains.

Remember, all these clients are asking for endpoints that they could only know because they are looking at CT logs. But what are these bots looking for? Here’s what we know. Most bots only visited domains that included trademarks, likely operated by antiphishing groups.

Over a span of 10 weeks, CTPoT requested 4.6K TLS certificates from Let’s Encrypt, causing an equal number of announcements in CT logs. Through these announcements, we attracted 1.5M requests from 31K unique IP addresses.