" @DianaInitiative, @BSidesLV, #BHUSA, #SquadCon, #usesec23 @usenixassociation , @defcon...#hackersummercamp is now truly over!"

Hobbit Voice: Yeah but what about 2nd Hacker Summer Camp?

@CCC #cccamp23, #wikimania '23 & #hackconXI by #MLH begin this week!

#DCG201 Guides: https://defcon201.medium.com

Brown Secure Systems Lab (https://gitlab.com/brown-ssl/) had a strong representation @usenixassociation sponsored events this year! Neophytos Christou presented IvySyn at USENIX Security Symposium (SEC) '23, while Di Jin talked about EPF at USENIX Annual Technical Conference (ATC) '23 earlier in July!

IvySyn fuzzes Deep Learning (DL) frameworks (TensorFlow, PyTorch) for memory-safety bugs and automatically synthesizes Python code snippets for triggering the respective vulnerabilities | https://www.usenix.org/.../usenixse.../presentation/christou | https://gitlab.com/brown-ssl/ivysyn

EPF (ab)uses the (e)BPF interpreter for bypassing various kernel hardening mechanisms in Linux -- we also introduce a set of lightweight defenses against EPF-style attacks | https://www.usenix.org/conference/atc23/presentation/jin | https://gitlab.com/brown-ssl/epf

#brownssl #ivysyn #epf #usenix #atc23 #usesec23

#BHUSA and #usesec23 have been a blast! Check out our work "Cookie Crumbles: Breaking and Fixing Web Session Integrity"!

🍪🧑‍🍳🍪

Paper https://www.usenix.org/conference/usenixsecurity23/presentation/squarcina
Slides https://minimalblue.com/data/papers/BHUSA23_cookie_crumbles-slides.pdf
Artifacts https://github.com/SecPriv/cookiecrumbles

With Pedro Adão, Lorenzo Veronese, and Matteo Maffei

#websecurity #webdev #usesec2023 #blackhat #blackhat2023 #cookies

Ever wondered how to explain differential privacy's guarantees to end users?

Today at the DP session at #usesec23 I'll present on explaining epsilon to people contributing data. Please join if you're here!

Joint work w/ @masmart, Rachel Cummings, Gabriel Kaptchuk, & Elissa M. Redmiles

https://www.usenix.org/conference/usenixsecurity23/presentation/nanayakkara

On my way to Las Vegas with @pedroadao to present at #BHUSA! If you are into Web (in)security and are curious about new 🍪 vulns, join our session "Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities" on August 9, 2:30pm!

https://blackhat.com/us-23/briefings/schedule/#cookie-crumbles-unveiling-web-session-integrity-vulnerabilities-32551

I will showcase a shorter version of this talk at USENIX Security #usesec23 after Black Hat. Kudos to the organizers for scheduling the sessions as far apart as possible! And thanks to our amazing coauthors Lorenzo Veronese and Matteo Maffei 🙏!

See you in Anaheim on August 11!

Hyped for #soups23 and #usesec23 🥳

As I couldn’t be there last year, I’m really looking forward to meet colleagues and friends for the first time since 2019. 😇

The program is amazing 🤩 have a look here:
https://www.usenix.org/conference/soups2023/technical-sessions