The Polyjuice Potion -netflow correlation avoidance Workshop
The Polyjuice Potion: a workshop on netflow correlation avoidance workshop
This workshop will be given:
Day 1: Friday, 22-July-2022, 6:00pm - 7:00pm, Workshop C (D'Angelo 307)
NOTE: You do NOT need to register to take this workshop -- please show up early to ensure a seat at Workshop C (D'Angelo 307).
Abstract
This workshop covers modern netflow correlation and web traffic fingerprinting attacks and countermeasures in practice, with a focus on Tor, i2p, nym, and other publicly accessible anonymity tools. Most of the academic literature focuses on how to perform these types of attacks only in theory. In practice they are difficult to set up and require extensive collaboration between backbone-positioned adversaries. One would hope that these adversaries are careful, accountable, well-resourced, and not beholden to the interests of private corporations. I'll first describe the state of the art for these attacks, including: netflow correlation, web traffic fingerprinting, active traffic disruption, and throttling. I'll then detail an end-to-end pipeline for legally spinning up a C2 server with full non-attribution, enabled using publicly available infrastructure.
Presenter(s)
William Jones
Full Description
If you want to bring a laptop to check out some of the tools in the links, please do.
Registration -- NOT required
You do not need to register in advance to take this workshop -- just show up early to ensure a seat.:
Required Software
This talk is on the theory of how to generate adversarial traces on low bandwidth networks (i.e. tor)
What Participants Should Bring to the Workshop (if anything)
Bring your thinking caps
Links
any links go here