Elie Bursztein

Based on sucessfull attacks on 13 of the most popular captchas schemes we show how to attack text-based captchas and provide guidelines on how to design secure ones.

We show how using a generic approach, based on advance audio processing and machine learning algorithm, our captcha breaker "Decaptcha" is able to break all the popular audio CAPTCHA schemes, including Microsoft and Yahoo.

We present how to by pass offline the 4 layer of Windows encryption that protect web credentials and instant messengers credentials. We explain how to extract the sensitive data stored by the four major web browsers and the most popular instant messengers softwares such as Skype and Live messenger.

We audited the security of more than 30 embedded devices web interfaces and found more than 50 vulnerabilities. To help developers, we have developed WebDroid the first framework specifically dedicated to build secure embedded WebApp.

We show how to perform memory based attack against real-strategy games using our tool Kartograph to create map-hack. To defend against theses attacks we develop secure protocols for distributing game state among players so that each client only has the data he is allowed to see.

We demonstrate how to steal a WiFi network WPA key and location by attacking the router web interface. Then we show how to bypass SSL warning on Internet Explorer and Firefox to perform HTTPS cache injection attacks. Finally we show how to perform various advanced click-jacking attacks on browser and phones (tapjacking)

We show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recovers all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.

We perform a mass-scale user study on how people react to the 21 most popular captcha schemes (13 images, 8 audios). This study reveals that even the most popular captchas scheme are often difficult for humans, with audio captchas being particularly problematic.

This paper show how Decpatcha is able to break eBay captchas with 75% accuracy. We show that using a custom breaker (75%) greatly out-perform state of are speech recognition system (1%)