Detection of Intrusions and Malware, and Vulnerability Assessment

You've Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures.- The Full Gamut of an Attack: An Empirical Analysis of OAuth CSRF in the Wild.- Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs.- Digging Deeper: An Analysis of Domain Impersonation in the Lower DNS Hierarchy.- Help, my Signal has bad Device! - Breaking the Signal Messenger's Post-Compromise Security through a Malicious Device.- Refined Grey-Box Fuzzing with Sivo.- SCRUTINIZER: Detecting Code Reuse in Malware via Decompilation and Machine Learning.- SPECULARIZER: Uncovering Speculative Execution Attacks via Performance Tracing in Commodity Hardware.- Aion Attacks: Exposing Software Timer Problem in Trusted Execution Environment.- Third-Eye: Practical and Context-Aware Inference of Causal Relationship Violations in Commodity Kernels.- Find My Sloths: Automated Comparative Analysis of How Real Enterprise Computers Keep Up with the Software Update Races.- FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security.- Introspect Virtual Machines Like It Is the Linux Kernel!.- Calibration Done Right: Noiseless Flush+Flush Attacks.- Zero Footprint Opaque Predicates: Synthesizing Opaque Predicates From Naturally Occurring Invariants.- PetaDroid: Adaptive Android Malware Detection using Deep Learning.- Spotlight on Phishing: A Longitudinal Study on Phishing Awareness Trainings.- Extended Abstract: A First Large-scale Analysis on Usage of MTA-STS.- Centy: Scalable Server-side Web Integrity Verification System Based on Fuzzy Hashes.