Misc Papers - Cybersader

# Cyber Deception & Psychology - [Examining the Efficacy of Decoy-based and Psychological Cyber Deception | USENIX](https://www.usenix.org/conference/usenixsecurity21/presentation/ferguson-walter) # Journals * [ACM TRANSACTIONS ON PRIVACY AND SECURITY Home](https://dl.acm.org/journal/tops) * [Cryptology ePrint Archive](https://eprint.iacr.org/) * [International Journal of Information Security | Home](https://www.springer.com/journal/10207) * [SECURITY AND PRIVACY - Wiley Online Library](https://onlinelibrary.wiley.com/journal/24756725) * [Journal of Cybersecurity | Oxford Academic](https://academic.oup.com/cybersecurity?login=false) * [COSE | Computers & Security | Journal | ScienceDirect.com by Elsevier](https://www.sciencedirect.com/journal/computers-and-security) # Misc * [honey account security deception windows active directory... - Google Scholar](https://scholar.google.com/scholar?start=10&q=honey+account+security+deception+windows+active+directory+password+spray&hl=en&as_sdt=0,15&as_ylo=2019) * [Proposing and Deployment of Attractive Azure AD Honeypot With Varying Security Measures To Evaluate Their Performance Against Real Attacks - University of Twente Student Theses](https://essay.utwente.nl/85992/) * [Home | IEEE Computer Society Digital Library](https://www.computer.org/csdl/home) # Misc 2 - survey active directory - https://scholar.google.com/scholar?start=0&q=survey+active+directory&hl=en&as_sdt=0,15&as_ylo=2022#d=gs_qabs&t=1700154019142&u=%23p%3DRFYADJp82Z0J - [Electronics | Free Full-Text | Active Directory Attacks—Steps, Types, and Signatures](https://www.mdpi.com/2079-9292/11/16/2629) - [Blind Spots of Security Monitoring in Enterprise Infrastructures: A Survey | IEEE Journals & Magazine | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9667540) - [Future Internet | Free Full-Text | Exploiting Misconfiguration Vulnerabilities in Microsoft’s Azure Active Directory for Privilege Escalation Attacks](https://www.mdpi.com/1999-5903/15/7/226) - [Emerging trends of privacy and security in cloud computing | AIP Conference Proceedings | AIP Publishing](https://pubs.aip.org/aip/acp/article-abstract/2760/1/020013/2894021/Emerging-trends-of-privacy-and-security-in-cloud?redirectedFrom=fulltext) - [A Literature Review of Challenges and Solutions in Cloud Security | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/10276732) - survey active directory password cracking spraying credential honey - [Infrastructure Penetration Testing](https://web.archive.org/web/20230310233435id_/http://ikee.lib.auth.gr/record/345496/files/GRI-2023-38338.pdf) - scholar.archive.org....eh - [An Overview on Emerging Security Threats in Big Data Clusters and their Defenses | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9936513?casa_token=paZ11EymmdEAAAAA:r7b0hpbYuDhcfbUurEbH5wnHOvfMaN56Od_JViYkOezMKXz1SRz55rQ08UcKu74bjqMAYE3nZ48) - [Comparative Analysis of USB and Network Based Password Cracking Tools | SpringerLink](https://link.springer.com/chapter/10.1007/978-3-031-16865-9_53) - [Critical Review of Design Considerations in Forming a Cloud Infrastructure for SMEs | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9765167) - [TaxIdMA: Towards a Taxonomy for Attacks related to Identities | Proceedings of the 17th International Conference on Availability, Reliability and Security](https://dl.acm.org/doi/abs/10.1145/3538969.3544430?casa_token=-nC2-_Ip0uEAAAAA:w11ybuTwxtbgFS6-HRoLATXu5ot_X1umz35ljSipkS5b9L1-8OSfTDJIRPU_zTJry37QpeckPEUfjg) - [Sustainability | Free Full-Text | Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods](https://www.mdpi.com/2071-1050/15/13/10471) - [A Comprehensive Study on Passwordless Authentication | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9760934?casa_token=-4PJ-xiVa2kAAAAA:1d1p-6gFSNqKdphY7X-Kcbl_KJK1jE7Q_6lRYRkZs_elIID9Xol_MUz68Gjlv47pIj6w3Apl53s) - [Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems](https://www.hindawi.com/journals/scn/2023/5573310/) - [Analysis Of Cyber Threat Detection And Emulation Using MITRE Attack Framework | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9923170?casa_token=p6_m0iIO9lwAAAAA:Ks_4Xon_DCOUV4c8SiC3FKVASGCCrmJocnrs1kKAaH1hMiZFlZh6ifTat3W-uIfgN6P8TaovQVM) - [Predictions of Cybersecurity Experts on Future Cyber-Attacks and Related Cybersecurity Measures](https://www.researchgate.net/profile/Ahmad-Al-Hawamleh/publication/370401571_Predictions_of_Cybersecurity_Experts_on_Future_Cyber-Attacks_and_Related_Cybersecurity_Measures/links/644dc9f5809a5350213a1cd0/Predictions-of-Cybersecurity-Experts-on-Future-Cyber-Attacks-and-Related-Cybersecurity-Measures.pdf) - [Defending Against Identity Threats using Adaptive Authentication | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/10126295) - Kerberos & Users in AD - [[2301.00044] Detecting Forged Kerberos Tickets in an Active Directory Environment](https://arxiv.org/abs/2301.00044) # Unrelated? - SIEM and AD - [Systematic review of SIEM technology: SIEM-SC birth | International Journal of Information Security](https://link.springer.com/article/10.1007/s10207-022-00657-9) # Passwords & Wordlists - [[2309.03384] Measuring Website Password Creation Policies At Scale](https://arxiv.org/abs/2309.03384) - [Future Internet | Free Full-Text | A Systematic Survey of Multi-Factor Authentication for Cloud Infrastructure](https://www.mdpi.com/1999-5903/15/4/146) - [[1908.05901] Evaluating User Perception of Multi-Factor Authentication: A Systematic Review](https://arxiv.org/abs/1908.05901) - [Araña: Discovering and Characterizing Password Guessing Attacks in Practice | USENIX](https://www.usenix.org/conference/usenixsecurity23/presentation/islam) - [[2309.03384] Measuring Website Password Creation Policies At Scale](https://arxiv.org/abs/2309.03384) - [Security and Scalability of E-Commerce Website by OWASP threats. | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/10111955) - [A Cognitive Deception Model for Generating Fake Documents to Curb Data Exfiltration in Networks During Cyber-Attacks | IEEE Journals & Magazine | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9755446) - [Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users | USENIX](https://www.usenix.org/conference/usenixsecurity19/presentation/wang-ding) - [An Empirical Analysis on the Usability and Security of Passwords | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9191658) - ['Passwords Keep Me Safe' – Understanding What Children Think about Passwords | USENIX](https://www.usenix.org/conference/usenixsecurity21/presentation/theofanos) - [A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords | USENIX](https://www.usenix.org/conference/usenixsecurity23/presentation/nisenoff-retrospective) - [Password Guessing Based on Semantic Analysis and Neural Networks | SpringerLink](https://link.springer.com/chapter/10.1007/978-981-13-5913-2_6) - [Advances in Password Recovery Using Generative Deep Learning Techniques | SpringerLink](https://link.springer.com/chapter/10.1007/978-3-030-86365-4_2) - [Modeling Password Guessability via Variational Auto-Encoder | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9437859) - [No Single Silver Bullet: Measuring the Accuracy of Password Strength Meters | USENIX](https://www.usenix.org/conference/usenixsecurity23/presentation/wang-ding-silver-bullet) # Password Reuse - [A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords](https://www.usenix.org/system/files/usenixsecurity23-nisenoff-retrospective.pdf) # Password Creation - [[2309.03384] Measuring Website Password Creation Policies At Scale](https://arxiv.org/abs/2309.03384) # Password Spray - searches: - password spray site:usenix.org - password spray time series anomaly detection - password spray time series anomaly detection UEBA behavior user - password spray UEBA behavior user - [[MFKDF) for Fast, Flexible, Secure, & Practical Key Management | USENIX](MFKDF)%20for%20Fast,%20Flexible,%20Secure,%20&%20Practical%20Key%20Management) - However, the recent surge in **password**-based attacks like credential stuffing and **password** **spraying** has highlighted the critical weakness of **passwords** as a sole authentication factor. - [Gossamer: Securely Measuring Password-based Logins | USENIX](https://www.usenix.org/conference/usenixsecurity22/presentation/sanusi-bohuk) - December 22nd, 2020, a total of 12 unique IPs belonging to Digital Ocean Cloud \[1\] carried out a high volume **password** **spraying** attack by targeting 76 K unique users with 169 K - [Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication | Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security](https://dl.acm.org/doi/abs/10.1145/3460120.3484791) - In this paper, we revisit the security impact of typo-tolerant password authentication. We observe that the existing security analysis of such systems considers only password spraying attacks. - [Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service | ACM Transactions on Privacy and Security](https://dl.acm.org/doi/full/10.1145/3546069) - We expect that users with a high number of failed login attempts are likely being targeted in credential stuffing or password spraying attacks. - [A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords | USENIX](https://www.usenix.org/conference/usenixsecurity23/presentation/nisenoff-retrospective) - Credential-guessing attacks often exploit passwords that were reused across a user's online accounts. To learn how organizations can better protect users, we retrospectively analyzed our university's vulnerability to credential-guessing attacks across twenty years. Given a list of university usernames, we searched for matches in both data breaches from hundreds of websites and a dozen large compilations of breaches. After cracking hashed passwords and tweaking guesses, we successfully guessed passwords for 32.0% of accounts matched to a university email address in a data breach, as well as 6.5% of accounts where the username (but not necessarily the domain) matched. Many of these accounts remained vulnerable for years after the breached data was leaked, and passwords found verbatim in breaches were nearly four times as likely to have been exploited (i.e., suspicious account activity was observed) than tweaked guesses. Over 70 different data breaches and various username-matching strategies bootstrapped correct guesses. In surveys of 40 users whose passwords we guessed, many users were unaware of the risks to their university account or that their credentials had been breached. This analysis of password reuse at our university provides pragmatic advice for organizations to protect accounts. - # UEBA - ["My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software | USENIX](https://www.usenix.org/conference/usenixsecurity23/presentation/stegman) - The user and entity behavioural analytics (UEBA) may reveal the origins of data breaches in addition to reporting illegal or malicious actions undertaken by employees. However, it has a dilemma just like with entity resolution - [[2111.11475] Threat Modeling and Security Analysis of Containers: A Survey](https://arxiv.org/abs/2111.11475) - By exploiting vulnerability V1 listed in section 3.2, the attacker can gain access to a developer’s credential in the GitHub repo at DS-1 and to embed malware into the code. Some techniques to "steal" credentials are through spearphishing email, password-spraying, brute force, scraping published credentials in repositories - [Locking the door: tackling credential abuse - ScienceDirect](https://www.sciencedirect.com/science/article/abs/pii/S1353485821000301) - “Beyond that, organisations need to consider the use of user entity behaviour analytics (UEBA), which will allow them to see if a legitimate user profile is behaving in a suspicious way and investigate potential compromise quicker,” says Ben Freeney at Fujitsu. - [laue_etal2022-siem_arch_anomaly_detection.pdf](https://serwiss.bib.hs-hannover.de/frontdoor/deliver/index/docId/2321/file/laue_etal2022-siem_arch_anomaly_detection.pdf) - User and Entity Behavior Analysis (UEBA): creates models of normal behavior for individual users or components such as IP addresses, servers, and applications using statistical analysis or learning methods to detect deviations from the normal state. According to the Gartner analysis, machine learning methods (supervised/unsupervised ML) are increasingly used in addition to rulebased and statistical approaches for UEBA. For example, machine learning approaches select metrics for individual event data fields (e.g., authentication processes, activities in applications), whose temporal development and correlation are considered. Such techniques are used in several products including IBM QRadar UBA App, Exabeam SIEM, LogRhythm UEBA, ArcSight UBA, DarkTrace Enterprise. According to UEBA methods are crucial for Security Operation Centers (SOC). They produce fewer alarms when compare to event-based analysis. This is particularly important for SMEs where the number of SOC personnel is extremely small or even outsourced (therefore, fewer alarm rate results in reducing SOC costs for SMEs). Detailed information about UEBA and their importance can be found in. - [User Behavior Profiling using Ensemble Approach for Insider Threat Detection | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/8778466) - Can't access paper - [Designing Security User Profiles via Anomaly Detection for User Authentication | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9297252) - Can't access paper