In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (e-graphs) that are used to represent attack scenarios. Experiments carried out in a cluster computin...

Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use the information obtained from security events to construct an attack scenario and build an evidence graph. To achieve the accuracy and completeness of the evidence graph, we use Prolog inductive and abductive reasoning t...

Clock control sequence reconstruction is a key phase in the cryptanalysis of irregularly clocked Linear Feedback Shift Registers (LFSRs), which are widely used in spreadspectrum systems. The previously published reconstruction methods have been designed to work in the known plaintext attack scenario, i.e. without noise. However, the influence of noise on the effectiveness of the clock control s...

MIFARE Classic is the most widely used contactless smart card in the world. It implements a proprietary symmetric-key mutual authentication protocol with a dedicated reader and a proprietary stream cipher algorithm known as CRYPTO1, both of which have been reverse engineered. The existing attacks in various scenarios proposed in the literature demonstrate that MIFARE Classic does not offer the ...

Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection systems (IDS) and forensic analysis tools, the evidence can be a false positive or missing. Besides, the number of security events is so large that finding an attack pattern is like finding a needle i...

Near Field Communication’s card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly di↵erent threat vector. A mobile phone’s ...

BACKGROUND The new reality of biologic terrorism and warfare has ignited a debate about whether to reintroduce smallpox vaccination. METHODS We developed scenarios of smallpox attacks and built a stochastic model of outcomes under various control policies. We conducted a systematic literature review and estimated model parameters on the basis of European and North American outbreaks since Wor...

In this note we present the first attack with feasible complexity on the 13-round AES-256. The attack runs in the related-subkey scenario with four related keys, in 2 time, data, and memory.