NEWS

Security B-Sides 2017 Athens

CENSUS participated in the "Security B-Sides 2017 Athens" conference with a presentation by Ioannis Stais on the automated discovery of expressions that bypass Web Application Firewalls and Filters, using learning automata. The presentation was entitled "LightBulb Framework: Shedding Light on the Dark Side of WAFs and Filters" and followed Stais' and Argyros' previous research on the subject (see BlackHat Europe in 2016 presentation). The Security B-Sides presentation introduced an Extension for the Burp Suite web proxy application that allows for easier integration of the expression discovery technique to the standard toolbox of web application penetration testers.

The Digital Gate program

CENSUS as part of its strategy to promote young entrepreneurship and to support innovative ideas on e-services has joined the Athens International Airport, the Athens University of Economics and Business and the Athens Center for Entrepreneurship and Innovation in the DIGITAL GATE program. DIGITAL GATE includes actions that aim at showcasing novel business ideas that will aid airport passengers, will upgrade the AIA airport's services but will also benefit the greater airport community.

Hack In The Box 2017 Amsterdam

CENSUS researcher George Chatzisofroniou presented a novel WiFi attack technique named 'Lure10' at the CommSec track of the Hack In the Box 2017 conference in Amsterdam. The technique allows the automatic association of a Windows device to an attacker-controlled WiFi access point. The attacker may then mount a series of Man-in-the-Middle attacks to the victim device.

INFILTRATE 2017

CENSUS researchers Vasilis Tsaousoglou and Patroklos Argyroudis delivered the "The Shadow over Android: Heap Exploitation Assistance for Android's libc Allocator" technical talk at the 2017 INFILTRATE (Miami, Florida) conference. The abstract of the talk follows: