Abstract: The disclosed computer-implemented method for recovering encrypted information may include (i) identifying an untrusted application that uses a known cryptographic function, (ii) hooking the known cryptographic function used by the untrusted application to execute decryption-facilitation code when the untrusted application attempts to encrypt data, where the decryption-facilitation code reduces the difficulty of later decrypting data encrypted by the untrusted application, (iii) detecting encrypted data produced by the untrusted application, and (iv) recovering unencrypted data from the encrypted data produced by the untrusted application using a decryption technique facilitated by having executed the decryption-facilitation code that reduced the difficulty of later decrypting the encrypted data encrypted by the untrusted application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed wireless router may include (i) an enclosure, (ii) an antenna, (iii) a printed circuit board assembly, (iv) a radiative heat sink disposed between the antenna and the printed circuit board assembly within the wireless router such that the radiative heat sink is configured to shield the antenna from spurious emissions generated by the printed circuit board assembly, and (v) a fan disposed at a center of the radiative heat sink such that the fan is configured to cool the wireless router by circulating air within the enclosure rather than pushing air through venting in the enclosure. Various other apparatuses, systems, and methods are also disclosed.

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: A computer-implemented method for providing security in smart buildings may include (1) detecting the presence of a user in a smart building, (2) determining that the user is unauthorized to access at least one resource in a smart building network within the smart building, (3) in response to determining that the user is unauthorized to access the resource in the smart building network, selecting an authentication policy that provides heightened security within the smart building network, and (4) increasing security within the smart building network to reflect the presence of the user by implementing the authentication policy within the smart building network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for performing application container introspection may include (1) identifying a request issued by an application launched from an application container, (2) determining that the request calls a function that facilitates transferring data between the application container and at least one external data source, and then in response to determining that the request calls the function, (3) directing the request to a function library that includes a custom version of the function that facilitates both (A) transferring, between the application container and the external data source, an encrypted version of the data that is unintelligible to an external application running outside the application container and (B) providing an unencrypted version of the data to the external application to enable the external application to inspect the data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for preventing vulnerable files from being opened may include (1) registering a security application as a universal file opener, (2) receiving, at the security application, a request to open a file, (3) identifying at least one other application on the computing device that is capable of opening the file, (4) determining, based on a security analysis, that there is a security risk in opening the file with the other application that is capable of opening the file, and (5) preventing the other application that is capable of opening the file from opening the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for runtime malware detection is described. In one embodiment, the method may include classifying a first file as clean and a second file as malware, performing a sample execution of the first and second files, identifying system processes called during sample executions of the first and second files, mapping each system process of the host operating system to a position on an image matrix, indicating each system process called during the sample execution of the first file in a first image matrix and each system process called during the sample execution of the second file in a second image matrix, and determining at runtime a probability an unknown file includes malware based at least in part on an analysis of the unknown file in relation to at least one of the first instance and the second instance of the generated image matrix.

Abstract: The content of each specific image file in a user's backup set (or other type of file set on an endpoint) is analyzed, for example during a backup of the endpoint. Each analyzed image file is categorized based on the results of analyzing its content. The analysis can be in the form identifying one or more objects graphically represented in given image files, and the categorization of image files can be based on these identified graphically represented object(s). Subsequently (for example during a subsequent backup of the endpoint), modifications made to specific ones of the image files in the file set are detected. In response to a quantification of the detected modifications exceeding a specific threshold level, it is adjudicated that a file corruption event has occurred on the endpoint, such as a cryptographic ransomware attack. In response to the adjudication, one or more security actions are taken.

Abstract: The disclosed computer-implemented method for determining the reputations of unknown files may include (1) identifying a file that was downloaded by the computing device from an external file host, (2) creating a node that represents the file in a dynamic file relationship graph, (3) connecting the node in the dynamic file relationship graph with at least one other node that represents an attribute of the external file host, and (4) labeling the node with a reputation score calculated based at least in part on a reputation score of the at least one other node that represents the attribute of the external file host. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems, apparatuses, methods, and computer readable mediums for utilizing smart components to monitor connected devices. In one embodiment, a system includes a computing device and a covering device which covers at least a portion of the computing device. The computing device includes one or more input/output (I/O) interfaces. The covering device may be a smart cover, a security screen protector, or other type of smart covering component. The covering device intercepts, via a first I/O interface, a signal generated by the computing device. The covering device analyzes the signal to determine if a security policy is being violated. The covering device performs a security action responsive to determining that a security policy is being violated. In one embodiment, the covering device covers a display of the computing device and the covering device utilizes photoresistor technology to read the display of the computing device on a pixel-by-pixel basis.

Abstract: A method for providing one or more dynamic modifications relating to an electronic device are described. In some embodiments, methods may include receiving a workspace framework, receiving one or more applications relating to the workspace framework, receiving user input, and modifying at least one of the workspace framework and the one or more applications based at least in part on receiving the user input.

Abstract: The disclosed computer-implemented method for protecting data affected by system changes may include (i) receiving, at an installation application, a request to perform a system change on an endpoint computing device, (ii) identifying, via the installation application, one or more data items currently installed on the endpoint computing device that will be modified when the system change is performed, (iii) using the installation application to protect the data items such that the system change becomes revertible, and (iv) after protecting the data items, using the installation application to perform the system change. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for mapping Internet Protocol addresses for an organization may include (1) receiving information for an organization from an organizational server, (2) extracting data from a plurality of server data sources associated with the information, (3) mapping the data from the plurality of sever data sources to the information, and (4) determining, based at least in part on the mapped data, a list of IP addresses identifying one or more relationships associated with the organization thereby facilitating performing a security posture analysis against a malicious attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automated classification of application network activity may include (1) building a lexicon dictionary that comprises lexical keywords, wherein network streams whose headers contain a given lexical keyword represent communications of an activity type that is associated with the given lexical keyword in the lexicon dictionary, (2) identifying, at a network vantage point, a network stream that represents a communication between an application and a server, (3) extracting, through a lexical analysis that utilizes the lexicon dictionary, a set of keywords from one or more header fields of the network stream, and (4) classifying the network stream based on activity types associated with each keyword in the set of keywords that were extracted from the header fields of the network stream. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for storing information about transmission control protocol connections may include (1) configuring a server with a transmission control protocol stack that is an alternative to a default transmission control protocol stack of an operating system of the server, (2) receiving, at the server, a request to establish a transmission control protocol connection with the server, (3) routing the request through the alternative transmission control protocol stack instead of the default transmission control protocol stack, and (4) storing, at the server via the alternative transmission control protocol stack, connection information about the transmission control protocol connection that excludes at least one item of information that would be stored by the default transmission control protocol stack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting anomalous behavior in shared data repositories may include (i) identifying a shared data repository that comprises files, (ii) monitoring access to the files for a predetermined time period in order to determine which files are accessed by each user, (iii) creating a graph of the access to the files, wherein each vertex represents a user and each edge that connects two vertices represents that one or more files were accessed by both users represented by the two vertices, (iv) deriving, from the graph, a set of communities, wherein each community represents a set of users that collaborated on one or more files during the predetermined time period, and (v) determining that a collaboration pattern of a user does not match a collaboration pattern for the user's community observed during the predetermined time period. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for automated classification of mobile applications (“apps”) battery consumption using simulation are disclosed. In one embodiment, a system for automated classification of mobile app battery consumption using simulation includes an app analyzer for performing an analysis of the app; and a classification engine for classifying the app into a battery consumption category based on the analysis performed using the app analyzer. In one embodiment, a process for automated classification of mobile app battery consumption using simulation includes receiving an app; performing an automated analysis of the app; and generating a battery consumption score for the app based on the automated analysis of the app.

Abstract: The disclosed computer-implemented method for analyzing emotional responses to online interactions may include (1) identifying an online interaction of a user, (2) detecting an emotional response of the user to the online interaction by monitoring one or more emotional indicators of the user during the online interaction and determining, based on an evaluation of the one or more emotional indicators, that the emotional response of the user is outside an expected range, and (3) performing a security action in response to determining that the user's emotional response is outside the expected range. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to security incident analysis systems, and more specifically to searching across multiple security incident analysis systems through a unified conversational agent. One example method generally includes receiving, from a client device, a natural language command requesting information about a security incident from a first incident analysis system. One or more keywords related to the security incident are extracted from the natural language command. The unified conversational agent executes a search against the first incident analysis system and one or more second incident analysis systems for the information about the security incident based on the extracted one or more keywords and transmits, to the client device, an indication of the information about the security incident aggregated from the executed search against the first incident analysis system and the one or more second incident analysis systems.

Abstract: The disclosed computer-implemented method for controlling auxiliary device access to computing devices based on device functionality descriptors may include (i) detecting a connection of an auxiliary device to a client computing device, (ii) receiving a set of functionality descriptors from the auxiliary device, each functionality descriptor of the set of functionality descriptors identifying a separate functionality of the auxiliary device, (iii) determining whether the set of functionality descriptors matches a set of reference descriptors, and (iv) performing a security action based on the determination of whether the set of functionality descriptors matches the set of reference descriptors. Various other methods, systems, and computer-readable media are also disclosed.