Stanford Empirical Security Research Group

Stratosphere: Finding Vulnerable Cloud Storage Buckets

Jack Cable, Drew Gregory, Liz Izhikevich, Zakir Durumeric
Pre-Print, April 2021

LZR: Identifying Unexpected Internet Services

Liz Izhikevich, Renata Teixeira, Zakir Durumeric
USENIX Security Symposium, August 2021

What’s in a Name? Exploring CA Certificate Control

Zane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, Michael Bailey
USENIX Security Symposium, August 2021

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

Kurt Thomas, Devdatta Akhawe, Michael Bailey, Elie Bursztein, Dan Boneh, Sunny Consolvo, Nicki Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, and Gianluca Stringhini
IEEE Symposium on Security and Privacy ("Oakland"), May 2021

On the Origin of Scanning: The Impact of Location on Internet-Wide Scans

Gerry Wan, Liz Izhikevich, David Adrian, Katsunari Yoshioka, Ralph Holz, Christian Rossow, Zakir Durumeric
ACM Internet Measurement Conference (IMC), October 2020

An Empirical Analysis of California Data Breaches

Richard Chen, Zakir Durumeric
Technical Report

Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web

Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-Lopez, J. Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, Brad Warren
ACM Conference on Computer and Communications Security (CCS), November 2019

All Things Considered: An Analysis of IoT Devices on Home Networks

Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, Zakir Durumeric
USENIX Security Symposium, August 2019

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green,
J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta,
Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
Communications of the ACM. January 2019.

Tracking Certificate Misissuance in the Wild

Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, Michael Bailey
IEEE Symposium on Security and Privacy ("Oakland"), May 2018

Scanning the Internet for Liveness

Shehar Bano, Philipp Richter, Mobin Javed, Srikanth Sundaresan, Zakir Durumeric, Steven Murdoch, Richard Mortier, Vern Paxson
SIGCOMM Computer Communication Review April 2018 (CCR)
IETF Applied Networking Research Prize (ANRP)

Target Generation for IPv6 Scanning

Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, Vern Paxson
ACM Internet Measurement Conference (IMC), November 2017

Understanding the Mirai Botnet

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou
USENIX Security Symposium (USENIX Security), August 2017

Security Challenges in an Increasingly Tangled Web

Deepak Kumar, Zane Ma, Zakir Durumeric, Ariana Mirian, Joshua Mason,
J. Alex Halderman, and Michael Bailey
World Wide Web Conference (WWW), April 2017

The Danger of USB Drives

Matthew Tischer, Zakir Durumeric, Elie Bursztein, and Michael Bailey
IEEE Security & Privacy (S&P Magazine). March 2017.

The Security Impact of HTTPS Interception

Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson
Network and Distributed System Security Symposium (NDSS), February 2017

An Internet-Wide View of ICS Devices

Ariana Mirian, Zane Ma, David Adrian, Matthew Tischer, Thasphon Chuenchujit, Tim Yardley,
Robin Berthier, Josh Mason, Zakir Durumeric, J. Alex Halderman and Michael Bailey
IEEE Conference on Privacy, Security and Trust (PST), December 2016

Measuring the Security Harm of TLS Crypto Shortcuts

Drew Springall, Zakir Durumeric, and J. Alex Halderman
ACM Internet Measurement Conference (IMC), November 2016

Towards a Complete View of the Certificate Ecosystem

Benjamin VanderSloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J. Alex Halderman
ACM Internet Measurement Conference (IMC), November 2016

You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications

Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson
USENIX Security Symposium (USENIX Security), August 2016

FTP: The Forgotten Cloud

Drew Springall, Zakir Durumeric, and J. Alex Halderman
IEEE/IFIP Conference on Dependable Systems and Networks (DSN), June 2016

Users Really Do Plug in USB Drives They Find

Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, and Michael Bailey
IEEE Symposium on Security & Privacy ("Oakland"), May 2016

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security

Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti, Nicholas Lidzborski, Elie Bursztein, Michael Bailey, and J. Alex Halderman
ACM Internet Measurement Conference (IMC), October 2015
IETF Applied Networking Research Prize (ANRP)

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
ACM Computer and Communications Security (CCS), October 2015
Best Paper Award

Censys: A Search Engine Backed by Internet-Wide Scanning

Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman
ACM Computer and Communications Security (CCS), October 2015

The Matter of Heartbleed

Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman
ACM Internet Measurement Conference (IMC), November 2014
Best Paper Award

Security Analysis of the Estonian Internet Voting System

Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine and J. Alex Halderman
ACM Computer and Communications Security (CCS), November 2014

An Internet-Wide View of Internet-Wide Scanning

Zakir Durumeric, Michael Bailey, and J. Alex Halderman
USENIX Security Symposium (USENIX Security), August 2014

Zippier ZMap: Internet-Wide Scanning at 10 Gbps

David Adrian, Zakir Durumeric, Gulshan Singh, and J. Alex Halderman
USENIX Workshop on Offensive Technologies (WOOT), August 2014

Outsmarting Proctors with Smartwatches: A Case Study on Wearable Computing Security

Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman
Financial Cryptography and Data Security (Financial Crypto), March 2014

On the Mismanagement and Maliciousness of Networks

Jing Zhang, Zakir Durumeric, Michael Bailey, Manish Karir, and Mingyan Liu
Network and Distributed System Security Symposium (NDSS), February 2014

Analysis of the HTTPS Certificate Ecosystem

Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman
ACM Internet Measurement Conference (IMC), October 2013

ZMap: Fast Internet-Wide Scanning and its Security Applications

Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
USENIX Security Symposium (USENIX Security), August 2013

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
USENIX Security Symposium (USENIX Security), August 2012
Best Paper Award

Research

People

Publications

Stratosphere: Finding Vulnerable Cloud Storage Buckets

LZR: Identifying Unexpected Internet Services

What’s in a Name? Exploring CA Certificate Control

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

On the Origin of Scanning: The Impact of Location on Internet-Wide Scans

An Empirical Analysis of California Data Breaches

Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web

All Things Considered: An Analysis of IoT Devices on Home Networks

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Tracking Certificate Misissuance in the Wild

Scanning the Internet for Liveness

Target Generation for IPv6 Scanning

Understanding the Mirai Botnet

Security Challenges in an Increasingly Tangled Web

The Danger of USB Drives

The Security Impact of HTTPS Interception

An Internet-Wide View of ICS Devices

Measuring the Security Harm of TLS Crypto Shortcuts

Towards a Complete View of the Certificate Ecosystem

You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications

FTP: The Forgotten Cloud

Users Really Do Plug in USB Drives They Find

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Censys: A Search Engine Backed by Internet-Wide Scanning

The Matter of Heartbleed

Security Analysis of the Estonian Internet Voting System

An Internet-Wide View of Internet-Wide Scanning

Zippier ZMap: Internet-Wide Scanning at 10 Gbps

Outsmarting Proctors with Smartwatches: A Case Study on Wearable Computing Security

On the Mismanagement and Maliciousness of Networks

Analysis of the HTTPS Certificate Ecosystem

ZMap: Fast Internet-Wide Scanning and its Security Applications

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices