Cain's Jawbone is a puzzle book written in 1936, detailing 6 murders in 100 pages. However, it is up to the reader to not only figure out who kills who, but also what order the events happen in. With multiple narrators- none explicitly named- it is a seemingly impossible task. In the 90 years since publishing, only 3 people have successfully solved it. A contest started in 2018 to see who could solve it by December of 2022- the winner receives a cash prize of $350. This thesis will detail my process of solving the book, as well as (part) of my proposed solution. In the spirit of fairness for the competition, I will not submit my proposed page order- but I will go into great detail of what I believe happens, as well as who murders who.
In this dissertation, I analyze the state of the anti-phishing ecosystem and show that phishers use evasion techniques, including cloaking, to bypass anti-phishing mitigations in hopes of maximizing the return-on-investment of their attacks. I develop three novel, scalable data-collection and analysis frameworks to pinpoint the ecosystem vulnerabilities that sophisticated phishing websites exploit. The frameworks, which operate on real-world data and are designed for continuous deployment by anti-phishing organizations, empirically measure the robustness of industry-standard anti-phishing blacklists (PhishFarm and PhishTime) and proactively detect and map phishing attacks prior to launch (Golden Hour). Using these frameworks, I conduct a longitudinal study of blacklist performance and the first large-scale end-to-end analysis of phishing attacks (from spamming through monetization). As a result, I thoroughly characterize modern phishing websites and identify desirable characteristics for enhanced anti-phishing systems, such as more reliable methods for the ecosystem to collectively detect phishing websites and meaningfully share the corresponding intelligence. In addition, findings from these studies led to actionable security recommendations that were implemented by key organizations within the ecosystem to help improve the security of Internet users worldwide.
Anthemy is a web app that I created so that Spotify users could connect with other uses and see their listening statistics. The app has a chat feature that matches concurrent users based on a variety of search criteria, as well as a statistics page that contains a breakdown of a user's top artists, songs, albums, and genres as well as a detailed breakdown of each of their liked playlists.