Abstract: Embodiments described herein provide a process and method running on a computer for creating an augmented image. According to an embodiment, a graphical user interface gathers data that is programmatically analyzed to obtain photographic properties from a first image. Photographic properties are provided to a user for obtaining a second image containing a fiducial mark. The second image is programmatically analyzed to obtain photographic properties. The first image and the second image are programmatically analyzed and processed to produce an augmented image.

Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.

Abstract: Systems and methods for payload encoding and decoding are disclosed. Example instructions cause one or more processors to at least determine encoding data corresponding to a message to be encoded into audio data by an encoding device; generate a license file including the encoding data; and cause transmission of the license file to a decoding device to enable the decoding device to decode the message from the audio data based on the license file.

Abstract: A method for biometric authentication of a user of a mobile device, and a case for performing the method is provided. The method includes, by the case, coupling the mobile device to the case, receiving from the mobile device biometric data of the user of the mobile device that was captured by the mobile device, storing the biometric data, receiving a request from the mobile device for authenticating the user of the mobile device, the request including biometric data captured by the mobile device, comparing the biometric data stored in the case and the biometric data included in the request, and sending to the mobile device a response to the request for authenticating the user of the mobile device based on a result of the comparison, wherein the response to the request is for use by the mobile device to perform an operation based on the authentication of the user.

Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.

Abstract: An apparatus for security management of application information comprises a processor operable to receive the application information associated with a first entity and to receive entity device information for a first entity device associated with the first entity. The processor is operable to determine that a portion of data fields of the application information associated with the first entity corresponds to a portion of data fields of entity account data associated with a second entity and to determine that a portion of the entity device information associated with the first entity device corresponds to a portion of the entity device information associated with a second entity device that is associated with the second entity. The processor is further operable to determine that the first entity is associated with suspicious indicators, wherein suspicious indicators signal that there is suspicious activity associated with the first entity.

Abstract: In one embodiment, a method comprises: monitoring, by a first security agent executed within a network device, for real-time detection of a cyber threat in the network device, the network device configured for secure communications in a secure peer-to-peer data network, the monitoring including detecting a detected cyber threat; communicating by the first security agent with at least one notified agent about the detected cyber threat, the at least one notified agent one of a second security agent executed within the network device, or a corresponding first security agent in a second network device having a two-way trusted relationship with the network device in the secure peer-to-peer data network; and executing, by the first security agent, a corrective action to at least mitigate the cyber threat based on the communicating with the at least one notified agent of the detected cyber threat.

Abstract: Systems, methods, and computer products for providing fractional control of a domain name by a plurality of entities enable operations that may include: providing an executable program for storage on a blockchain, the executable program configured to store a representation of the domain name in association with a plurality of identifications that each correspond to an entity that has a fractional control of the domain name; indicating, to the program, that the domain name is available for fractional control; receiving a message that includes the representation of the domain name and indications of a plurality of blockchain addresses, which are stored by the program as the plurality of identifications; and storing, in a domain name registration database, a representation of a fractional control status of the domain name. Each fractional control of the domain name may enable an authorization or a refusal of a modification related to the domain name.

Abstract: A method for automated computer security policy generation and anomaly detection includes receiving first network traffic data via an input port. The first network traffic data includes multiple data packets. A representation of each of the data packets is stored in a first data store, to produce a set of training data. A set of communication protocols associated with the set of training data is detected, and the training data from the set of training data is restructured based on the set of communication protocols, to produce processed data. The processed data is stored as non-malicious data in a second data store. The first network traffic data is transmitted, in unmodified form, via an output port. Second network traffic data including multiple data packets is subsequently received, via the input port, and compared to the non-malicious data to detect an anomaly in the second network traffic data.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A method which is obtained specifically by output oriented coding, making possible the maximum selection of encryption parameters used for encryption by systems using OpenSSL, however without compromising the integrity of the encryption by autogenerating some Attributes thereby making possible row wise encryption in a database and encoding (if encoding is required) on the database side. The method has to satisfy the conditions/restrictions mentioned herein [0054]. This Invention is related to today's information technology and communicating methodology where encryptions and encodings are being used. The present invention can be described as software that enables a method of encryption acting as an Enhanced security feature or a technique which will enable users to manually or automatically select encryption parameters thereby encrypting and securing data.

Abstract: An approach for improving endpoint security. The approach requests security capabilities from endpoints of communications. The approach can analyze the differences between the security capabilities of the endpoints. The approach can negotiate a security capability supported by the endpoints of the communication. The approach can determine if the negotiation succeeded. If the negotiation failed, then the approach can create a report describing capabilities of the endpoints and suggesting changes to improve the endpoint security. The approach can send the report to the appropriate interested personnel.

Abstract: A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

Abstract: Systems, devices, media, and methods are presented for determining a level of abusive network behavior suspicion for groups of entities and for identifying suspicious entity groups. A suspiciousness metric is developed and used to evaluate a multi-view graph across multiple views where entities are associated with nodes of the graph and attributes of the entities are associated with levels of the graph.

Abstract: The present disclosure presents various systems and methods for implementing a physical unclonable function device. One such method comprises providing an integrated circuit having a plurality of set/reset flip flop logic circuits, wherein each of the set/reset flip flop logic circuits enters a metastable state for a particular input sequence. The method includes varying circuit parameters for each of the plurality of set/reset flip flop logic circuits to account for manufacturing variations in the set/reset flip flop logic circuits and enable generating a stable but random output in response to the particular input sequence. Thus, by applying the particular input sequence to the integrated circuit, a unique identifier for the integrated circuit can be derived from an output response of the plurality of set/reset flip flop logic circuits.

Abstract: Systems and methods are disclosed for simulating a phishing attack involving an email thread. An email thread of a plurality of email threads of an entity for use in a simulated phishing attack is identified. A simulation system generates a converted reply simulated phishing email to an email of the email thread. The converted reply simulated phishing email is generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread and is communicated to a target user's email account, the converted reply simulated phishing email.

Abstract: Systems and methods for identifying malicious cryptographic wallet addresses are disclosed. The systems and methods can receive a first plurality of tokens and an indication of a potentially malicious cryptographic wallet address from a requesting user. The system can identify a plurality of associated wallet addresses, and compare the associated wallet addresses to a stored list of malicious cryptographic wallet addresses. The system can determine a subset of the identified associated cryptographic wallet addresses that are malicious and assign a maliciousness rating to the potentially malicious cryptographic wallet address. The system can provide the maliciousness rating to the requesting user.

Abstract: Trampoline and return-oriented programming attacks employ a variety of techniques to maliciously execute instructions on a device in a manner different from a legitimate programmer's original intent. By instrumenting a device to detect deviations from predicted behavior, these exploits can be identified and mitigated.

Abstract: Disclosed below is a system and method for automated penetration testing for cloud. The system and method comprises extracting metadata from the cloud, using the metadata to identify parameters and targets for penetration testing, receiving inputs related to penetration testing from a user and generating a configuration file for penetration testing as a code. Further, it comprises performing penetration testing automatically and remotely, without pentesters, based on the generated configuration file.

Abstract: There is disclosed in one example a computing endpoint, including: a hardware platform including a processor and a memory; an operating system to run on the hardware platform; a web browser to run on the operating system, and including an extension framework; and a management extension to run in the extension framework, and to contextually manage availability of other extensions according to a URL reputation and extension reputation.