February 3, 2020

160 words 1 min read

KRACK Simplified

KRACK Simplified

WiFi devices have been using a security protocol called WPA2 without any known issues for over a decade. But in October 2017, two security researchers from Univers …
Talk Title KRACK Simplified
Speakers Sundar Sankaran, Ruckus Networks, an Arris Company
Conference NANOG72
Conf Tag
Location Atlanta, GA
Date Feb 19 2018 - Feb 21 2018
URL Talk Page
Slides Talk Slides
Video Talk Video

WiFi devices have been using a security protocol called WPA2 without any known issues for over a decade. But in October 2017, two security researchers from University of Leuven in Belgium published a paper describing a vulnerability with this protocol. This vulnerability gets exposed during the Key Reinstallation. Hence, this is called Key Reinstallation Attack or KRACK for short. This talk provides a simplified overview of the client and access-point loopholes that are exploited by KRACK as well as the countermeasures to address these loopholes, and concludes with a realistic assessment of exposure to this attack.

vulnerability security exploit attack wifi paper
comments powered by Disqus
How CLEVER is your neural network? Robustness evaluation against adversarial examples

How CLEVER is your neural network? Robustness evaluation against adversarial examples

February 3, 2020

Neural networks are particularly vulnerable to adversarial inputs. Carefully designed perturbations can lead a well-trained model to misbehave, raising new concerns about safety-critical and security-critical applications. Pin-Yu Chen offers an overview of CLEVER, a comprehensive robustness measure that can be used to assess the robustness of any neural network classifiers.
The IoT botnet wars, Linux devices, and the absence of basic security hardening

The IoT botnet wars, Linux devices, and the absence of basic security hardening

December 24, 2019

Drew Moseley explores the malware infecting Linux IoT devices, including Mirai, Hajime, and BrickerBot, and the vulnerabilities they leverage to enslave or brick connected devices. Drew then walks you through specific vectors they used to exploit devices and covers some security hardening basic concepts and practices that would have largely protected against them.
Jumpstarting your DevSecOps pipeline with IAST and RASP (sponsored by Contrast Security)

Jumpstarting your DevSecOps pipeline with IAST and RASP (sponsored by Contrast Security)

December 21, 2019

Jeff Williams explains how to layer security tools on a CI/CD pipeline without disrupting it and demonstrates a fast, effective, scalable DevSecOps pipeline using free tools.
TL;DR NIST Container Security Standards

TL;DR NIST Container Security Standards

February 3, 2020

In September 2017, the National Institute of Standards and Technology issued a 63 page paper detailing their recommendations for container security. While its chock-full of recommendations all cloud …
Attack trees: Security modeling for Agile teams

Attack trees: Security modeling for Agile teams

February 1, 2020

Traditional security approaches to threat and risk management are highly optimized to work within a traditional software development lifecycle. Michael Brunton-Spall shares a new approach to reviewing systems along with real-life examples to help you prioritize where to focus security efforts and what sorts of security threats you should worry about.
Secure DevOps

Secure DevOps

January 18, 2020

DevOps allows fast automation of every part of a software's life cycle from a unit test to an entire NFV cloud deployment. If we boil down DevOps to its components, DevOps is no more then a chosen set …