{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T16:43:44Z","timestamp":1772556224925,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T00:00:00Z","timestamp":1633478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["DGE-1656518"],"award-info":[{"award-number":["DGE-1656518"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,6]]},"DOI":"10.1145\/3471621.3473500","type":"proceedings-article","created":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T14:50:46Z","timestamp":1633618246000},"page":"399-411","source":"Crossref","is-referenced-by-count":10,"title":["Stratosphere: Finding Vulnerable Cloud Storage Buckets"],"prefix":"10.1145","author":[{"given":"Jack","family":"Cable","sequence":"first","affiliation":[{"name":"Stanford University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Drew","family":"Gregory","sequence":"additional","affiliation":[{"name":"Stanford University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liz","family":"Izhikevich","sequence":"additional","affiliation":[{"name":"Stanford University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zakir","family":"Durumeric","sequence":"additional","affiliation":[{"name":"Stanford University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,10,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2013. VirusTotal Passive DNS. https:\/\/blog.virustotal.com\/2013\/04\/virustotal-passive-dns-replication.html.  2013. VirusTotal Passive DNS. https:\/\/blog.virustotal.com\/2013\/04\/virustotal-passive-dns-replication.html."},{"key":"e_1_3_2_1_2_1","unstructured":"2016. Cisco Umbrella Popularity List. https:\/\/s3-us-west-1.amazonaws.com\/umbrella-static\/index.html.  2016. Cisco Umbrella Popularity List. https:\/\/s3-us-west-1.amazonaws.com\/umbrella-static\/index.html."},{"key":"e_1_3_2_1_3_1","volume-title":"Black Box","unstructured":"2017. Black Box , Red Disk : How Top Secret NSA and Army Data Leaked Online . https:\/\/www.upguard.com\/breaches\/cloud-leak-inscom. 2017. Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online. https:\/\/www.upguard.com\/breaches\/cloud-leak-inscom."},{"key":"e_1_3_2_1_4_1","unstructured":"2017. Data Breach Exposed Medical Records Including Blood Test Results of Over 100 Thousand Patients. https:\/\/gizmodo.com\/data-breach-exposed-medical-records-including-blood-te-1819322884.  2017. Data Breach Exposed Medical Records Including Blood Test Results of Over 100 Thousand Patients. https:\/\/gizmodo.com\/data-breach-exposed-medical-records-including-blood-te-1819322884."},{"key":"e_1_3_2_1_5_1","unstructured":"2017. The RNC Files: Inside the Largest US Voter Data Leak. https:\/\/www.upguard.com\/breaches\/the-rnc-files.  2017. The RNC Files: Inside the Largest US Voter Data Leak. https:\/\/www.upguard.com\/breaches\/the-rnc-files."},{"key":"e_1_3_2_1_6_1","unstructured":"2017. S3 Mining. https:\/\/github.com\/treebuilder\/s3-mining. Accessed: 2021-1-13.  2017. S3 Mining. https:\/\/github.com\/treebuilder\/s3-mining. Accessed: 2021-1-13."},{"key":"e_1_3_2_1_7_1","unstructured":"2018. Slurp\u2019s S3 String Formatting Permuations. https:\/\/github.com\/0xbharath\/slurp\/blob\/master\/permutations.json. Accessed: 2019-12-12.  2018. Slurp\u2019s S3 String Formatting Permuations. https:\/\/github.com\/0xbharath\/slurp\/blob\/master\/permutations.json. Accessed: 2019-12-12."},{"key":"e_1_3_2_1_8_1","unstructured":"2019. Amazon Macie. https:\/\/aws.amazon.com\/macie\/. Accessed: 2019-12-14.  2019. Amazon Macie. https:\/\/aws.amazon.com\/macie\/. Accessed: 2019-12-14."},{"key":"e_1_3_2_1_9_1","unstructured":"2019. Amazon S3 Block Public Access \u2013 Another Layer of Protection for Your Accounts and Buckets. https:\/\/aws.amazon.com\/blogs\/aws\/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets. Accessed: 2019-12-14.  2019. Amazon S3 Block Public Access \u2013 Another Layer of Protection for Your Accounts and Buckets. https:\/\/aws.amazon.com\/blogs\/aws\/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets. Accessed: 2019-12-14."},{"key":"e_1_3_2_1_10_1","unstructured":"2019. AWS Honeypots. https:\/\/docs.rapid7.com\/insightidr\/aws-honeypots\/.  2019. AWS Honeypots. https:\/\/docs.rapid7.com\/insightidr\/aws-honeypots\/."},{"key":"e_1_3_2_1_11_1","unstructured":"2020. Bucket Stream S3 Scanner. https:\/\/github.com\/eth0izzle\/bucket-stream. Accessed: 2021-02-03.  2020. Bucket Stream S3 Scanner. https:\/\/github.com\/eth0izzle\/bucket-stream. Accessed: 2021-02-03."},{"key":"e_1_3_2_1_12_1","unstructured":"2020. Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months. https:\/\/www.securitymagazine.com\/articles\/92533-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months.  2020. Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months. https:\/\/www.securitymagazine.com\/articles\/92533-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months."},{"key":"e_1_3_2_1_13_1","unstructured":"2020. SCOWL (And Friends). http:\/\/wordlist.aspell.net\/.  2020. SCOWL (And Friends). http:\/\/wordlist.aspell.net\/."},{"key":"e_1_3_2_1_14_1","unstructured":"2021. Actions - Amazon Simple Storage Service. https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/API_Operations.html.  2021. Actions - Amazon Simple Storage Service. https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/API_Operations.html."},{"key":"e_1_3_2_1_15_1","unstructured":"2021. Alibaba ACL. https:\/\/www.alibabacloud.com\/help\/doc-detail\/31843.html.  2021. Alibaba ACL. https:\/\/www.alibabacloud.com\/help\/doc-detail\/31843.html."},{"key":"e_1_3_2_1_16_1","unstructured":"2021. All About AWS S3 ETags. https:\/\/teppen.io\/2018\/06\/23\/aws_s3_etags\/what-is-an-s3-etag. Accessed: 2021-1-18.  2021. All About AWS S3 ETags. https:\/\/teppen.io\/2018\/06\/23\/aws_s3_etags\/what-is-an-s3-etag. Accessed: 2021-1-18."},{"key":"e_1_3_2_1_17_1","unstructured":"2021. Amazon GuardDuty. https:\/\/aws.amazon.com\/guardduty\/. Accessed: 2021-01-18.  2021. Amazon GuardDuty. https:\/\/aws.amazon.com\/guardduty\/. Accessed: 2021-01-18."},{"key":"e_1_3_2_1_18_1","unstructured":"2021. American Express EarlyBird. https:\/\/github.com\/americanexpress\/earlybird\/.  2021. American Express EarlyBird. https:\/\/github.com\/americanexpress\/earlybird\/."},{"key":"e_1_3_2_1_19_1","unstructured":"2021. Azure Cognitive Services. https:\/\/azure.microsoft.com\/en-us\/services\/cognitive-services\/.  2021. Azure Cognitive Services. https:\/\/azure.microsoft.com\/en-us\/services\/cognitive-services\/."},{"key":"e_1_3_2_1_20_1","unstructured":"2021. Celebrate 15 Years of Amazon S3 with Pi Week Livestream Events. https:\/\/aws.amazon.com\/blogs\/aws\/amazon-s3s-15th-birthday-it-is-still-day-1-after-5475-days-100-trillion-objects\/.  2021. Celebrate 15 Years of Amazon S3 with Pi Week Livestream Events. https:\/\/aws.amazon.com\/blogs\/aws\/amazon-s3s-15th-birthday-it-is-still-day-1-after-5475-days-100-trillion-objects\/."},{"key":"e_1_3_2_1_21_1","unstructured":"2021. Farsight Passive DNS FAQ. https:\/\/www.farsightsecurity.com\/technical\/passive-dns\/passive-dns-faq\/.  2021. Farsight Passive DNS FAQ. https:\/\/www.farsightsecurity.com\/technical\/passive-dns\/passive-dns-faq\/."},{"key":"e_1_3_2_1_22_1","unstructured":"2021. Google BigQuery Pubic Datatsets. https:\/\/cloud.google.com\/bigquery\/public-data.  2021. Google BigQuery Pubic Datatsets. https:\/\/cloud.google.com\/bigquery\/public-data."},{"key":"e_1_3_2_1_23_1","unstructured":"2021. IAM permissions for Cloud Storage. https:\/\/cloud.google.com\/storage\/docs\/access-control\/iam-permissions.  2021. IAM permissions for Cloud Storage. https:\/\/cloud.google.com\/storage\/docs\/access-control\/iam-permissions."},{"key":"e_1_3_2_1_24_1","unstructured":"2021. Intel Core i5-11300H Processor. https:\/\/www.intel.com\/content\/www\/us\/en\/products\/processors\/core\/i5-processors\/i5-11300h.html. Accessed: 2021-1-29.  2021. Intel Core i5-11300H Processor. https:\/\/www.intel.com\/content\/www\/us\/en\/products\/processors\/core\/i5-processors\/i5-11300h.html. Accessed: 2021-1-29."},{"key":"e_1_3_2_1_25_1","unstructured":"2021. Keras. https:\/\/keras.io\/.  2021. Keras. https:\/\/keras.io\/."},{"key":"e_1_3_2_1_26_1","unstructured":"2021. List of File Extensions. https:\/\/pastebin.com\/mg1FPzKS.  2021. List of File Extensions. https:\/\/pastebin.com\/mg1FPzKS."},{"key":"e_1_3_2_1_27_1","unstructured":"2021. List of Tech Terms. https:\/\/pastebin.com\/9k5StZP4.  2021. List of Tech Terms. https:\/\/pastebin.com\/9k5StZP4."},{"key":"e_1_3_2_1_28_1","unstructured":"2021. Public buckets by GrayHatWarfare. https:\/\/buckets.grayhatwarfare.com\/. Accessed: 2019-12-14.  2021. Public buckets by GrayHatWarfare. https:\/\/buckets.grayhatwarfare.com\/. Accessed: 2019-12-14."},{"key":"e_1_3_2_1_29_1","unstructured":"2021. Public Cloud Storage Search. https:\/\/github.com\/nightwatchcybersecurity\/public-cloud-storage-search. Accessed: 2021-01-17.  2021. Public Cloud Storage Search. https:\/\/github.com\/nightwatchcybersecurity\/public-cloud-storage-search. Accessed: 2021-01-17."},{"key":"e_1_3_2_1_30_1","unstructured":"2021. s3enum. https:\/\/github.com\/koenrh\/s3enum. Accessed: 2019-12-14.  2021. s3enum. https:\/\/github.com\/koenrh\/s3enum. Accessed: 2019-12-14."},{"key":"e_1_3_2_1_31_1","unstructured":"2021. S3Scanner. https:\/\/github.com\/sa7mon\/S3Scanner. Accessed: 2019-12-14.  2021. S3Scanner. https:\/\/github.com\/sa7mon\/S3Scanner. Accessed: 2019-12-14."},{"key":"e_1_3_2_1_32_1","unstructured":"2021. Zetalytics. https:\/\/zetalytics.com\/.  2021. Zetalytics. https:\/\/zetalytics.com\/."},{"key":"e_1_3_2_1_33_1","unstructured":"2021. ZGrab 2.0 - GitHub. https:\/\/github.com\/zmap\/zgrab2. Accessed: 2019-12-14.  2021. ZGrab 2.0 - GitHub. https:\/\/github.com\/zmap\/zgrab2. Accessed: 2019-12-14."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274736"},{"key":"e_1_3_2_1_35_1","unstructured":"Dani Deahl. 2017. Verizon partner data breach exposes millions of customer records. https:\/\/www.theverge.com\/2017\/7\/12\/15962520\/verizon-nice-systems-data-breach-exposes-millions-customer-records.  Dani Deahl. 2017. Verizon partner data breach exposes millions of customer records. https:\/\/www.theverge.com\/2017\/7\/12\/15962520\/verizon-nice-systems-data-breach-exposes-millions-customer-records."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-15618-7_10"},{"key":"e_1_3_2_1_37_1","volume-title":"An Internet-Wide View of Internet-Wide Scanning. In 23rd USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/durumeric","author":"Durumeric Zakir","year":"2014","unstructured":"Zakir Durumeric , Michael Bailey , and J.\u00a0 Alex Halderman . 2014 . An Internet-Wide View of Internet-Wide Scanning. In 23rd USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/durumeric Zakir Durumeric, Michael Bailey, and J.\u00a0Alex Halderman. 2014. An Internet-Wide View of Internet-Wide Scanning. In 23rd USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/durumeric"},{"key":"e_1_3_2_1_38_1","volume-title":"22nd USENIX Security Symposium.","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric , Eric Wustrow , and J\u00a0Alex Halderman . 2013 . ZMap: Fast Internet-wide scanning and its security applications . In 22nd USENIX Security Symposium. Zakir Durumeric, Eric Wustrow, and J\u00a0Alex Halderman. 2013. ZMap: Fast Internet-wide scanning and its security applications. In 22nd USENIX Security Symposium."},{"key":"e_1_3_2_1_39_1","unstructured":"Cameron Ero. 2018. The Bucket List: Experiences Operating S3 Honeypots. In BSidesSF.  Cameron Ero. 2018. The Bucket List: Experiences Operating S3 Honeypots. In BSidesSF."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987445"},{"key":"e_1_3_2_1_41_1","volume-title":"MASSCAN: Mass IP port scanner. https:\/\/github.com\/robertdavidgraham\/masscan.","author":"Graham Robert\u00a0David","year":"2014","unstructured":"Robert\u00a0David Graham . 2014 . MASSCAN: Mass IP port scanner. https:\/\/github.com\/robertdavidgraham\/masscan. Robert\u00a0David Graham. 2014. MASSCAN: Mass IP port scanner. https:\/\/github.com\/robertdavidgraham\/masscan."},{"key":"e_1_3_2_1_42_1","volume-title":"BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In 17th USENIX Security Symposium.","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Roberto Perdisci , Junjie Zhang , and Wenke Lee . 2008 . BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In 17th USENIX Security Symposium. Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. 2008. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In 17th USENIX Security Symposium."},{"key":"e_1_3_2_1_43_1","volume-title":"16th USENIX Security Symposium, Vol.\u00a07. 1\u201316","author":"Gu Guofei","year":"2007","unstructured":"Guofei Gu , Phillip\u00a0 A Porras , Vinod Yegneswaran , Martin\u00a0 W Fong , and Wenke Lee . 2007 . Bothunter: Detecting malware infection through ids-driven dialog correlation .. In 16th USENIX Security Symposium, Vol.\u00a07. 1\u201316 . Guofei Gu, Phillip\u00a0A Porras, Vinod Yegneswaran, Martin\u00a0W Fong, and Wenke Lee. 2007. Bothunter: Detecting malware infection through ids-driven dialog correlation.. In 16th USENIX Security Symposium, Vol.\u00a07. 1\u201316."},{"key":"e_1_3_2_1_44_1","unstructured":"G. Gu J. Zhang and W. Lee. 2008. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In NDSS.  G. Gu J. Zhang and W. Lee. 2008. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In NDSS."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987486"},{"key":"e_1_3_2_1_46_1","volume-title":"21st USENIX Security Symposium.","author":"Heninger Nadia","year":"2012","unstructured":"Nadia Heninger , Zakir Durumeric , Eric Wustrow , and J\u00a0Alex Halderman . 2012 . Mining your Ps and Qs: Detection of widespread weak keys in network devices . In 21st USENIX Security Symposium. Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J\u00a0Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In 21st USENIX Security Symposium."},{"key":"e_1_3_2_1_47_1","unstructured":"Elizabeth Izhikevich. 2018. Building and Breaking Burst-Parallel Systems. Master\u2019s thesis. UC San Diego.  Elizabeth Izhikevich. 2018. Building and Breaking Burst-Parallel Systems. Master\u2019s thesis. UC San Diego."},{"key":"e_1_3_2_1_48_1","volume-title":"Aggressive Network Self-Defense","author":"Kaminsky Dan","unstructured":"Dan Kaminsky . 2005. MD5 to be considered harmful someday . In Aggressive Network Self-Defense . Elsevier , 323\u2013337. Dan Kaminsky. 2005. MD5 to be considered harmful someday. In Aggressive Network Self-Defense. Elsevier, 323\u2013337."},{"key":"e_1_3_2_1_49_1","volume":"201","author":"Kelley G.","unstructured":"P.\u00a0 G. Kelley , S. Komanduri , M.\u00a0 L. Mazurek , R. Shay , T. Vidas , L. Bauer , N. Christin , L.\u00a0 F. Cranor , and J. Lopez. 201 2. Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms. In 2012 IEEE Symposium on Security and Privacy. 523\u2013537. P.\u00a0G. Kelley, S. Komanduri, M.\u00a0L. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L.\u00a0F. Cranor, and J. Lopez. 2012. Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms. In 2012 IEEE Symposium on Security and Privacy. 523\u2013537.","journal-title":"J. Lopez."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1281192.1281295"},{"key":"e_1_3_2_1_51_1","volume-title":"6Tree: Efficient dynamic discovery of active addresses in the IPv6 address space. Computer Networks","author":"Liu Zhizhu","year":"2019","unstructured":"Zhizhu Liu , Yinqiao Xiong , Xin Liu , Wei Xie , and Peidong Zhu . 2019. 6Tree: Efficient dynamic discovery of active addresses in the IPv6 address space. Computer Networks ( 2019 ). Zhizhu Liu, Yinqiao Xiong, Xin Liu, Wei Xie, and Peidong Zhu. 2019. 6Tree: Efficient dynamic discovery of active addresses in the IPv6 address space. Computer Networks (2019)."},{"key":"e_1_3_2_1_52_1","volume-title":"23rd USENIX Security Symposium.","author":"Marczak R","year":"2014","unstructured":"William\u00a0 R Marczak , John Scott-Railton , Morgan Marquis-Boire , and Vern Paxson . 2014 . When governments hack opponents: A look at actors and technology . In 23rd USENIX Security Symposium. William\u00a0R Marczak, John Scott-Railton, Morgan Marquis-Boire, and Vern Paxson. 2014. When governments hack opponents: A look at actors and technology. In 23rd USENIX Security Symposium."},{"key":"e_1_3_2_1_53_1","unstructured":"Mike McCabe. 2018. Creating S3 Honey Pots. https:\/\/medium.com\/@mccabe615\/creating-s3-honey-pots-26128a2aaea. Accessed: 2021-1-14.  Mike McCabe. 2018. Creating S3 Honey Pots. https:\/\/medium.com\/@mccabe615\/creating-s3-honey-pots-26128a2aaea. Accessed: 2021-1-14."},{"key":"e_1_3_2_1_54_1","volume-title":"25th USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/melicher","author":"Melicher William","year":"2016","unstructured":"William Melicher , Blase Ur , Sean\u00a0 M. Segreti , Saranga Komanduri , Lujo Bauer , Nicolas Christin , and Lorrie\u00a0Faith Cranor . 2016 . Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks . In 25th USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/melicher William Melicher, Blase Ur, Sean\u00a0M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2016. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks. In 25th USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/melicher"},{"key":"e_1_3_2_1_55_1","unstructured":"Ben Morris. 2016. More Keys Than the Janitor: Hacking Exposed AWS EBS Volumes. Danske Bank.  Ben Morris. 2016. More Keys Than the Janitor: Hacking Exposed AWS EBS Volumes. Danske Bank."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131405"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102168"},{"key":"e_1_3_2_1_58_1","volume-title":"USENIX Security Symposium.","author":"Oesch Sean","year":"2020","unstructured":"Sean Oesch and Scott Ruoti . 2020 . That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers . In USENIX Security Symposium. Sean Oesch and Scott Ruoti. 2020. That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers. In USENIX Security Symposium."},{"key":"e_1_3_2_1_59_1","volume-title":"Bro: A system for detecting network intruders in real-time. Computer networks 31, 23-24","author":"Paxson Vern","year":"1999","unstructured":"Vern Paxson . 1999 . Bro: A system for detecting network intruders in real-time. Computer networks 31, 23-24 (1999), 2435\u20132463. Vern Paxson. 1999. Bro: A system for detecting network intruders in real-time. Computer networks 31, 23-24 (1999), 2435\u20132463."},{"key":"e_1_3_2_1_60_1","unstructured":"Mathangi Ramesh. 2020. Tighten S3 permissions for your IAM users and roles using access history of S3 actions. https:\/\/aws.amazon.com\/blogs\/security\/tighten-s3-permissions-iam-users-and-roles-using-access-history-s3-actions\/.  Mathangi Ramesh. 2020. Tighten S3 permissions for your IAM users and roles using access history of S3 actions. https:\/\/aws.amazon.com\/blogs\/security\/tighten-s3-permissions-iam-users-and-roles-using-access-history-s3-actions\/."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653687"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.5555\/1039834.1039864"},{"key":"e_1_3_2_1_63_1","volume-title":"Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In NDSS.","author":"Rossow Christian","year":"2014","unstructured":"Christian Rossow . 2014 . Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In NDSS. Christian Rossow. 2014. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In NDSS."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046660.2046664"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.52"},{"key":"e_1_3_2_1_66_1","unstructured":"Mustafa Torun. 2017. How to Detect and Automatically Remediate Unintended Permissions in Amazon S3 Object ACLs with CloudWatch Events. https:\/\/aws.amazon.com\/blogs\/security\/how-to-detect-and-automatically-remediate-unintended-permissions-in-amazon-s3-object-acls-with-cloudwatch-events\/. Accessed: 2021-1-13.  Mustafa Torun. 2017. How to Detect and Automatically Remediate Unintended Permissions in Amazon S3 Object ACLs with CloudWatch Events. https:\/\/aws.amazon.com\/blogs\/security\/how-to-detect-and-automatically-remediate-unintended-permissions-in-amazon-s3-object-acls-with-cloudwatch-events\/. Accessed: 2021-1-13."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"crossref","unstructured":"Johanna Ullrich Peter Kieseberg Katharina Krombholz and Edgar Weippl. 2015. On Reconnaissance with IPv6: A Pattern-Based Scanning Approach. In Availability Reliability and Security (ARES).  Johanna Ullrich Peter Kieseberg Katharina Krombholz and Edgar Weippl. 2015. On Reconnaissance with IPv6: A Pattern-Based Scanning Approach. In Availability Reliability and Security (ARES).","DOI":"10.1109\/ARES.2015.48"},{"key":"e_1_3_2_1_68_1","unstructured":"Rajat\u00a0Ravinder Varuni and Rafael\u00a0Marcelino Koike. 2018. How to Use Bucket Policies and Apply Defense-in-Depth to Help Secure Your Amazon S3 Data. https:\/\/aws.amazon.com\/blogs\/security\/how-to-use-bucket-policies-and-apply-defense-in-depth-to-help-secure-your-amazon-s3-data\/. Accessed: 2021-1-13.  Rajat\u00a0Ravinder Varuni and Rafael\u00a0Marcelino Koike. 2018. How to Use Bucket Policies and Apply Defense-in-Depth to Help Secure Your Amazon S3 Data. https:\/\/aws.amazon.com\/blogs\/security\/how-to-use-bucket-policies-and-apply-defense-in-depth-to-help-secure-your-amazon-s3-data\/. Accessed: 2021-1-13."},{"key":"e_1_3_2_1_69_1","volume-title":"Twelfth Symposium on Usable Privacy and Security ({SOUPS}","author":"Wash Rick","year":"2016","unstructured":"Rick Wash , Emilee Rader , Ruthie Berman , and Zac Wellmer . 2016 . Understanding password choices: How frequently entered passwords are re-used across websites . In Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016). 175\u2013188. Rick Wash, Emilee Rader, Ruthie Berman, and Zac Wellmer. 2016. Understanding password choices: How frequently entered passwords are re-used across websites. In Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016). 175\u2013188."},{"key":"e_1_3_2_1_70_1","volume-title":"Password Cracking Using Probabilistic Context-Free Grammars. In 2009 30th IEEE Symposium on Security and Privacy. 391\u2013405","author":"Weir M.","year":"2009","unstructured":"M. Weir , S. Aggarwal , B. d. Medeiros , and B. Glodek . 2009 . Password Cracking Using Probabilistic Context-Free Grammars. In 2009 30th IEEE Symposium on Security and Privacy. 391\u2013405 . https:\/\/doi.org\/10.1109\/SP. 2009 .8 M. Weir, S. Aggarwal, B. d. Medeiros, and B. Glodek. 2009. Password Cracking Using Probabilistic Context-Free Grammars. In 2009 30th IEEE Symposium on Security and Privacy. 391\u2013405. https:\/\/doi.org\/10.1109\/SP.2009.8"},{"key":"e_1_3_2_1_71_1","volume-title":"25th USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/wheeler","author":"Wheeler Daniel\u00a0Lowe","year":"2016","unstructured":"Daniel\u00a0Lowe Wheeler . 2016 . zxcvbn: Low-Budget Password Strength Estimation . In 25th USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/wheeler Daniel\u00a0Lowe Wheeler. 2016. zxcvbn: Low-Budget Password Strength Estimation. In 25th USENIX Security Symposium. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/wheeler"},{"key":"e_1_3_2_1_72_1","unstructured":"Daniel\u00a0Lowe Wheeler. \n   There\u2019s a Hole in 1 951 Amazon S3 Buckets. https:\/\/blog.rapid7.com\/2013\/03\/27\/open-s3-buckets\/.  _willis_. 2013. There\u2019s a Hole in 1 951 Amazon S3 Buckets. https:\/\/blog.rapid7.com\/2013\/03\/27\/open-s3-buckets\/."}],"event":{"name":"RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses","location":"San Sebastian Spain","acronym":"RAID '21"},"container-title":["24th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3473500","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3473500","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3473500","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:49Z","timestamp":1750195489000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3473500"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,6]]},"references-count":72,"alternative-id":["10.1145\/3471621.3473500","10.1145\/3471621"],"URL":"https:\/\/doi.org\/10.1145\/3471621.3473500","relation":{},"subject":[],"published":{"date-parts":[[2021,10,6]]}}}