Extensie workshop 2FII
-----------------------------------
          
Increasing Protection against Internet Attacks 
through Contextual Feature Pairing
-----------------------------------

SPEAKER
-----------------------------------
STOLERU Ingrid
Universitatea Alexandru Ioan Cuza, Facultatea de Informatica
          
ABSTRACT
-----------------------------------
Cyberattacks have evolved from infecting computers 
using floppy disks or USB drives to the point 
where Internet, through malicious URLs or spear 
phishing, has become the main infection vector. 
In order for these attacks to succeed and avoid 
detection, an attacker must often change the 
location where the malicious content is hosted. 
The short life span of a malicious URL has forced 
many security vendors to search for different 
proactive methods for detection. 
Therefore, machine learning algorithms have become 
a powerful tool against this kind of attack vectors.
The presentation illustrates multiple approaches 
to combine features obtained from URL body and 
from its content in order to increase the 
detection rate for Internet attacks, taking into 
consideration the short life span of malicious 
URLs and the high importance of keeping the 
false positives rate to a minimum.
-----------------------------------
          
          
RuPyc - Ruby vs Python bytecode analysis
-----------------------------------

SPEAKER
-----------------------------------
AIOANEI Dragos
Universitatea Alexandru Ioan Cuza, Facultatea de Informatica
          
ABSTRACT
-----------------------------------
In the world of Cyberattacks, the threat 
landscape is constantly evolving, from the 
simplest attacks, using binary files and 
malicious URLs, to complex infection campaigns 
leveraging zero-day vulnerabilities and 
exploiting the very memory of the targeted 
user machines. As new technologies unfold and 
expand into the IT industry, so do the 
capabilities of threat actors mature and new 
means of infection are being developed to 
undermine the security of both common users 
and enterprises. To understand this threat 
landscape and develop new heuristics capable 
of detecting and blocking such malicious 
behavior, new tools must be built to both 
adequately intervene in the infection chain 
and correctly identify malignant components.
This talk presents a surface analysis on the 
capabilities of interpreted languages to aid 
threat actors in gaining a foothold on a users 
machine by means of bypassing security 
products through in-memory execution, rather 
than binary execution. More specifically,
it presents an investigation on how two of the 
most used interpreted languages, Python and 
Ruby, generate bytecode instructions, the 
similarities between them and a generic approach 
to identify their overall structure and actions 
to better aid security researchers and 
developers in countering malevolent actions.         
-----------------------------------