Sommaire

  • Cet exposé a été présenté le 22 novembre 2024 (11:00 - 12:00).

Description

  • Orateur

    Elisa Chiapponi - Amadeus IT Group

In today's digital landscape, the battle between industry and automated bots is an ever-evolving challenge. Attackers are leveraging advanced techniques such as residential proxies, CAPTCHA farms, and AI-enhanced fingerprint rotations to evade detection and execute functional abuse attacks, including web scraping, denial of inventory, and SMS pumping.

This talk will explore ongoing efforts to detect and mitigate these automated threats in a real-world environment, focusing on new work-in-progress approaches. We will delve into new strategies to counter the rise of automated attacks, such as AI-driven detection models, reputation databases, and timing measurements. Additionally, we will discuss the usage of techniques like mirroring real websites to lure and mislead attackers, and the shift towards analyzing functional behavior rather than relying solely on fingerprinting. Throughout the talk, we will consider the challenges and limitations of implementing these solutions within a large-scale, real-world company, and invite discussion on how to overcome these obstacles.

Infos pratiques

Prochains exposés

  • What you never wanted to know about vulnerability databases

    • 21 novembre 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Room Métivier

    Orateur : Henrik Plate - Endor Labs

    Vulnerability databases play a crucial role in modern software security, serving as the backbone for Application Security (AppSec) and Software Composition Analysis (SCA) tools. However, the accuracy and reliability of these databases vary significantly, often leading to misinformed security decisions. This talk explores the challenges associated with vulnerability databases, including incomplete[…]

    • Risk Assessment

    • SoSysec

    • Vulnerability management

  • CHERIoT RTOS: An OS for Fine-Grained Memory-Safe Compartments on Low-Cost Embedded Devices

    • 21 novembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Métivier

    Orateur : Hugo Lefeuvre - The University of British Columbia

    Embedded systems do not benefit from strong memory protection, because they are designed to minimize cost. At the same time, there is increasing pressure to connect embedded devices to the internet, where their vulnerable nature makes them routinely subject to compromise. This fundamental tension leads to the current status-quo where exploitable devices put individuals and critical infrastructure[…]

    • SoSysec

    • Compartmentalization

    • Operating system and virtualization

    • Hardware/software co-design

    • Hardware architecture

Voir les exposés passés
Haut de page