Investigations into Decrypting Live Secure Traffic in Virtual Environments
McLaren, P. W. L. Investigations into Decrypting Live Secure Traffic in Virtual Environments. (Thesis)
Edinburgh Napier University. Retrieved from http://researchrepository.napier.ac.uk/Output/2386517
Malicious agents increasingly use encrypted tunnels to communicate with external servers. Communications may contain ransomware keys, stolen banking details, or other confiden...
Deriving ChaCha20 Key Streams From Targeted Memory Analysis
McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019)
Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, https://doi.org/10.1016/j.jisa.2019.102372
There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly r...
Decrypting Live SSH Traffic in Virtual Environments
Mclaren, P., Russell, G., Buchanan, W. J., & Tan, Z. (2019)
Decrypting Live SSH Traffic in Virtual Environments. Digital Investigation, 29, 109-117. https://doi.org/10.1016/j.diin.2019.03.010
Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts re...
Mining malware command and control traces
McLaren, P., Russell, G., & Buchanan, B. (2018)
Mining malware command and control traces. In Proceedings of the SAI Computing Conference 2017https://doi.org/10.1109/SAI.2017.8252185
Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, w...