Carlos Sarraute

Brief Bio

Carlos Sarraute has studied Mathematics in the University of Buenos Aires and is currently a PhD candidate at ITBA (Instituto Tecnologico de Buenos Aires). He works since 2000 in CoreLabs. His areas of research are security vulnerabilities, attack planning and modeling, security events visualization, cryptoanalysis, protocol design flaws (geometric attack to MySQL authentication, SSH timing analysis) and the use of neural networks to analize OS fingerprints.
He has given talks and courses about information security and cryptography in several universities in Argentina, and has spoken in the security conferences: PacSec (Tokyo), EUSecWest (London), SSTIC (Rennes), HITB (Kuala Lumpur), FRHACK (Besançon), H2HC (Sao Paulo), Hackito Ergo Sum (Paris). He was member of the program committee of Hackito Ergo Sum 2010.

Technical Papers and Publications

• Attack Planning in the Real World (view)
  • Authors: Jorge Lucángeli Obes, Carlos Sarraute and Gerardo Richarte
  • In: SecArt'2010 at AAAI 2010
  • Date published: 2010-07-12
  • Attachments: Slides, Paper
• Using AI Techniques to improve Pentesting Automation (view)
  • Authors: Carlos Sarraute
  • In: Hackito Ergo Sum (HES), Paris, France. April 8-10, 2010.
  • Date published: 2010-04-08
  • Attachments: Slides
• Probabilistic Attack Planning in Network + WebApps Scenarios (view)
  • Authors: Carlos Sarraute
  • In: H2HC Conference, Sao Paulo, Brazil. November 28/29, 2009.
  • Date published: 2009-11-28
  • Attachments: Slides
• New Algorithms for Attack Planning (view)
  • Authors: Carlos Sarraute
  • In: FRHACK Conference, Besançon, France. September 7/8, 2009.
  • Date published: 2009-09-07
  • Attachments: Slides
• Simulating Cyber-Attacks for Fun and Profit (view)
  • Authors: Ariel Futoransky, Fernando Miranda, Jose Orlicki and Carlos Sarraute
  • In: 2nd International Conference on Simulation Tools and Techniques (SIMUTools'09)
  • Date published: 2009-03-02
  • Attachments: Article
• Advances in Automated Attack Planning (view)
  • Authors: Carlos Sarraute and Alejandro Weil
  • In: PacSec Conference, Tokyo, Japan. November 12/13, 2008.
  • Date published: 2008-11-12
  • Attachments: Slides
• Using Neural Networks to improve classical Operating System Fingerprinting techniques (view)
  • Authors: Carlos Sarraute and Javier Burroni
  • In: Electronic Journal of SADIO, Vol. 8, No. 1, pp. 35–47 (2008)
  • Date published: 2008-03
  • Attachments: Article
• Simulation of Computer Network Attacks (view)
  • Authors: Carlos Sarraute, Fernando Miranda and Jose Orlicki
  • In: Argentine Symposium on Computing Technology (AST) 2007 - 36 JAIIO
  • Date published: 2007-08-30
  • Attachments: Article
• Binary Cryptography (view)
  • Authors: Carlos Sarraute
  • In: Jornadas de Criptografía y Códigos Autocorrectores, Mar del Plata, Argentina, November 20-24, 2006.
  • Date published: 2006-11-20
  • Attachments: Slides
• Outrepasser les limites des techniques classiques de Prise d'Empreintes grace aux Réseaux de Neurones (view)
  • Authors: Javier Burroni and Carlos Sarraute
  • In: Symposium sur la Sécurité des Technologies de l'Information et des Communications (SSTIC), Rennes, France, May 31-June 2, 2006
  • Date published: 2006-05-31
  • Attachments: Article
• Analyzing OS fingerprints using Neural Networks and Statistical Machinery (view)
  • Authors: Javier Burroni and Carlos Sarraute
  • In: EUSecWest, London, February 20/21, 2006
  • Date published: 2006-02-20
  • Attachments: Slides
• Foundations and Applications for Secure Triggers (view)
  • Authors: Ariel Futoransky, Emiliano Kargieman, Carlos Sarraute and Ariel Waissbein
  • In: ACM Transactions on Information and System Security (TISSEC), Volume 9, Issue 1 (February 2006), pp. 94--112. ISSN: 1094-9224.
  • Date published: 2006-02
  • Attachments: Article
• Using Neural Networks for remote OS Identification (view)
  • Authors: Javier Burroni and Carlos Sarraute
  • In: PacSec Conference, Tokyo, Japan, November 15/16, 2005.
  • Date published: 2005-11-15
  • Attachments: Slides
• Security in Free Software (view)
  • Authors: Carlos Sarraute and Ariel Futoransky
  • In: Second Free Software National Congress (USUARIA 2005), Buenos Aires, Argentina.
  • Date published: 2005-06-07
  • Attachments: Slides
• Building Computer Network Attacks (view)
  • Authors: Ariel Futoransky, Luciano Notarfrancesco, Gerardo Richarte and Carlos Sarraute
  • In: CoreLabs Technical Report (arXiv:1006.1916)
  • Date published: 2003-03-31
  • Attachments: Article
• Advanced Software Protection Now (view)
  • Authors: Diego Bendersky, Ariel Futoransky, Luciano Notarfrancesco, Carlos Sarraute and Ariel Waissbein.
  • In: CoreLabs Technical Report (arXiv:1006.2356)
  • Date published: 2003-01-27
  • Attachments: Article
• An Attack on MySQL's Login Protocol (view)
  • Authors: Ivan Arce, Agustín Azubel, Emiliano Kargieman, Gerardo Richarte, Carlos Sarraute and Ariel Waissbein
  • In: CoreLabs Technical Report (arXiv:1006.2411)
  • Date published: 2001-01-31
  • Attachments: Article

Advisories

• Vulnerabilities in PuTTY and PSCP (view)
  • Authors: Daniel De Luca, Laura Nuñez, Carlos Sarraute
  • Date published: 2004-08-04
• RealPlayer PNG deflate heap corruption vulnerability (view)
  • Authors: Juliano Rizzo, Agustin Azubel Friedman, Bruno Acselrad and Carlos Sarraute
  • Date published: 2003-03-28
• MySQL Authentication Vulnerability (view)
  • Authors: Ariel Waissbein, Emiliano Kargieman, Carlos Sarraute, Gerardo Richarte and Agustin Azubel
  • Date published: 2000-10-23

Related information

Projects

• Attack Planning | Attack Simulation | Bugweek | CORE TRUSS and Secure Triggers | CORETEX - programming competition | Protocol design flaws | Using neural networks for OS fingerprinting

Publications

• 2001-01-31. An Attack on MySQL's Login Protocol, Ivan Arce, Agustín Azubel, Emiliano Kargieman, Gerardo Richarte, Carlos Sarraute and Ariel Waissbein | 2003-01-27. Advanced Software Protection Now, Diego Bendersky, Ariel Futoransky, Luciano Notarfrancesco, Carlos Sarraute and Ariel Waissbein. | 2003-03-31. Building Computer Network Attacks, Ariel Futoransky, Luciano Notarfrancesco, Gerardo Richarte and Carlos Sarraute | 2005-06-07. Security in Free Software, Carlos Sarraute and Ariel Futoransky | 2005-11-15. Using Neural Networks for remote OS Identification, Javier Burroni and Carlos Sarraute | 2006-02-20. Analyzing OS fingerprints using Neural Networks and Statistical Machinery, Javier Burroni and Carlos Sarraute | 2006-02. Foundations and Applications for Secure Triggers, Ariel Futoransky, Emiliano Kargieman, Carlos Sarraute and Ariel Waissbein | 2006-05-31. Outrepasser les limites des techniques classiques de Prise d'Empreintes grace aux Réseaux de Neurones, Javier Burroni and Carlos Sarraute | 2006-11-20. Binary Cryptography, Carlos Sarraute | 2007-08-30. Simulation of Computer Network Attacks, Carlos Sarraute, Fernando Miranda and Jose Orlicki | 2008-03. Using Neural Networks to improve classical Operating System Fingerprinting techniques, Carlos Sarraute and Javier Burroni | 2008-11-12. Advances in Automated Attack Planning, Carlos Sarraute and Alejandro Weil | 2009-03-02. Simulating Cyber-Attacks for Fun and Profit, Ariel Futoransky, Fernando Miranda, Jose Orlicki and Carlos Sarraute | 2009-09-07. New Algorithms for Attack Planning, Carlos Sarraute | 2009-11-28. Probabilistic Attack Planning in Network + WebApps Scenarios, Carlos Sarraute | 2010-04-08. Using AI Techniques to improve Pentesting Automation, Carlos Sarraute | 2010-07-12. Attack Planning in the Real World, Jorge Lucángeli Obes, Carlos Sarraute and Gerardo Richarte

Advisories

• 2000-10-23. MySQL Authentication Vulnerability, Ariel Waissbein, Emiliano Kargieman, Carlos Sarraute, Gerardo Richarte and Agustin Azubel | 2003-03-28. RealPlayer PNG deflate heap corruption vulnerability, Juliano Rizzo, Agustin Azubel Friedman, Bruno Acselrad and Carlos Sarraute | 2004-08-04. Vulnerabilities in PuTTY and PSCP, Daniel De Luca, Laura Nuñez, Carlos Sarraute