Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks

Abstract. Drive-by download attacks are among the most common methods for spreading malware today. These attacks typically exploit memory corruption vul-nerabilities in web browsers and browser plug-ins to execute shellcode, and in consequence, gain control of a victim’s computer. Compromised machines are then used to carry out various malicious activities, such as joining botnets, send-ing spam emails, or participating in distributed denial of service attacks. To counter drive-by downloads, we propose a technique that relies on x86 instruc-tion emulation to identify JavaScript string buffers that contain shellcode. Our de-tection is integrated into the browser, and performed before control is transfered to the shellcode, thus, effectively thwarting the attack. The solution maintains fair performance by avoiding unnecessary invocations of the emulator, while ensur-ing that every buffer with potential shellcode is checked. We have implemented a prototype of our system, and evaluated it over thousands of malicious and le-gitimate web sites. Our results demonstrate that the system performs accurate detection with no false positives

WS01.05 Development of a musculoskeletal screening tool for children and young people with cystic fibrosis (Addenbrooke’s MST): initial findings

© 2023 European Cystic Fibrosis Society. Published by Elsevier B.V. This is an open access article distributed under the Creative Commons Attribution License, to view a copy of the license, see: https://creativecommons.org/licenses/by/4.0/Objectives: Development of the Addenbrooke’s Musculoskeletal Screening Tool (MST) for children and young people (CYP) with CF. It is recommended by the Association of Chartered Physiotherapists in CF that Musculoskeletal (MSK) screening is carried out in all children from 7 years of age. Currently there is no specific tool for CYP with CF, only the Adult Manchester MST is available in CF (Ashbrook, Taylor and Jones, 2011). Methods: A paediatric MST was constructed by reviewing the Manchester MSK Screening Tool, the pGALS and recent literature surrounding both paediatric and CF related MSK conditions. The tool was developed with support from paediatric CF specialist physiotherapists, paediatric MSK specialist physiotherapists and respiratory consultants. This tool was then used over a one year period on a total of 58 CYP. Results: The MST was well accepted by clinicians and CYP, taking up to 5 minutes to complete. There were 81.8% more positive MSK screens in the year using this Addenbrooke’s MST (20) compared to the previous year using the Manchester MST (11). There were also 6 more referrals, all deemed appropriate by MSK specialist physiotherapists. MSK advice was given to 83% more children in the year using AMST (11) compared to the year using MMST (6). Urinary incontinence appears to be under reported in this population when comparing to other studies with only two positive screens. Kyphosis (as diagnosed by plumb line) was particularly prevalent in this population (20%) and those with kyphosis had a significantly reduced FEV1% (p = 0.008) and FVC% (p = 0.034), as well as tighter pectoralis major (p = 0.002). Conclusion: A screening tool designed for CYP with CF is important in identifying specific conditions to this population. There is an increased number of appropriate referrals when using this tool and interesting initial evidence on the use of pectoralis major length as an outcome measure, however further research and validation is required.Peer reviewe

On Emulation-Based Network Intrusion Detection Systems

Emulation-based network intrusion detection systems have been devised to detect the presence of shellcode in network traffic by trying to execute (portions of) the network packet payloads in an in- strumented environment and checking the execution traces for signs of shellcode activity. Emulation-based network intrusion detection systems are regarded as a significant step forward with regards to traditional signature-based systems, as they allow detecting polymorphic (i.e., en- crypted) shellcode. In this paper we investigate and test the actual effec- tiveness of emulation-based detection and show that the detection can be circumvented by employing a wide range of evasion techniques, ex- ploiting weakness that are present at all three levels in the detection process. We draw the conclusion that current emulation-based systems have limitations that allow attackers to craft generic shellcode encoders able to circumvent their detection mechanisms

The effect of different cooling procedures on mechanical properties of denture base materials measured by instrumented indentation testing

Purpose: To evaluate the different cooling procedures on the mechanical properties of five heat-cured polymethyl methacrylate (PMMA) denture materials. Methods: 250 specimens were made equally from Meliodent (ME), Paladon 65 (PA), Probase Hot (PB), Stellon QC–20 (QC) and Vertex Rapid Simplified (VE) implementing five different cooling procedures (n = 10/procedure): A) removal from water bath, bench-cooling (10 min) and cooling under water (15 min), B) remain in water bath till room temperature, C) removal from water bath and cooling in water for 15 min, D) removal from water bath and bench cooling till room temperature and E) removal from water bath, bench cooling for 30 min and cooling under water for 15 min. The specimens were immersed in distilled water (15 days/37 ºC) and then subjected to Instrumented Indentation Testing for Martens Hardness (HM), indentation modulus (EIT) and elastic index (ηΙΤ). Results were statistically analyzed by two- and one-way Analysis of variance (ANOVA) plus Tukey post hoc tests (α = 0.05). Results: The highest values for HM were recorded for QC, PA, VE with B cooling procedure, PB with A and ME with E, for EΙΤ for QC, PB with A, for PA, VE with B and ME with E, and for ηIT for QC, PB with B, PB with E, ME with C and VE with D. Conclusions: The cooling procedures recommended for PB resulted in the lowest mechanical properties. A and B may be considered as universal short- and long-cooling procedures respectively providing the highest mechanical properties for the materials tested. © 2019 Japan Prosthodontic Societ

Whispers of Rebellion: Narrating Gabriel’s Conspiracy (Carter G. Woodson Institute Series)

An ambitious if ultimately unrealized plan to revolt that ended in the conviction and hanging of over two dozen men, Gabriel’s Conspiracy of 1800 sought nothing less than to capture the capital city of Richmond and end slavery in Virginia. Whispers of Rebellion draws on recent scholarship and extensive archival material to provide the clearest view yet of this fascinating chapter in the history of slavery—and to question much about the case that has been accepted as fact. In his examination of the slave Gabriel and his group of insurgents, Michael Nicholls focuses on the neighborhood of the Brook, north of Richmond, as the plot’s locus, revealing the area’s economic and familial ties, the geographic proximity of the key conspirators, and how their contacts allowed their plan to spread across three counties and into the cities of Richmond and Petersburg. Nicholls explores under-documented aspects of the conspiracy, such as the participants’ recruitment and motives, showing them to be less ideologically driven than previously supposed. The author also looks at the state’s swift and brutal response, and argues persuasively that, rather than the coalition between blacks and whites that has been described in other accounts, the participants were all slaves or free blacks, suffering under an oppressive white population and willing to die for their freedom.https://digitalcommons.usu.edu/usufaculty_monographs/1102/thumbnail.jp