DYNAMIC DATA EXFILTRATION OVER COMMON PROTOCOLS VIA SOCKET LAYER PROTOCOL CUSTOMIZATION

Obfuscated data exfiltration perpetrated by malicious actors presents a significant threat to organizations looking to protect sensitive data. Socket layer protocol customization presents the potential to enhance obfuscated data exfiltration by providing a protocol-agnostic means of embedding targeted data within application payloads of established socket connections. Fully evaluating and characterizing this technique will serve as an important step in the development of suitable mitigations. This thesis evaluated the performance of this method of data exfiltration through experimentation to determine its viability and identify its limitations. The evaluation assessed the effectiveness of exfiltration via socket layer customization with various application protocols and characterized its use to determine the most suitable protocols. Basic host-based and network-based security controls were introduced to test the exfiltration method’s ability to bypass typical security controls implemented to prevent data exfiltration. The experimentation results indicate that this exfiltration method is both viable and applicable across multiple application protocols. It proved flexible enough in its design and configuration to bypass basic host-based access controls and general network intrusion prevention system packet inspection. Deep packet inspection was identified as a potential solution; however, the required inspection and filtering granularity might make implementation infeasible.Office of Naval Research, Arlington, VA 22203-1995Outstanding ThesisPetty Officer First Class, United States NavyApproved for public release. Distribution is unlimited

Data Exfiltration via Flow Hijacking at the Socket Layer

The severity of data exfiltration attacks is well known, and operators have begun deploying elaborate host and network security controls to counter this threat. Consequently, malicious actors spare no efforts finding methods to obfuscate their attacks within common network traffic. In this paper, we expose a new type of application transparent, kernel level data exfiltration attacks. By embedding data into application messages while they are held in socket buffers outside of applications, the attacks have the flexibility to hijack flows of multiple distinct applications at a time. Furthermore, we assess the practical implications of the attacks using a testbed emulating a typical data exfiltration scenario. We first prototype required attack functionalities with existing Layer 4.5 application message customization software, and then perform flow hijacking experiments with respect to six common application protocols. The results confirm the flexibility of socket layer attacks and their ability to evade typical security controls

Insights into Autotrophic Activities and Carbon Flow in Iron-Rich Pelagic Aggregates (Iron Snow)

Pelagic aggregates function as biological carbon pumps for transporting fixed organic carbon to sediments. In iron-rich (ferruginous) lakes, photoferrotrophic and chemolithoautotrophic bacteria contribute to CO2 fixation by oxidizing reduced iron, leading to the formation of iron-rich pelagic aggregates (iron snow). The significance of iron oxidizers in carbon fixation, their general role in iron snow functioning and the flow of carbon within iron snow is still unclear. Here, we combined a two-year metatranscriptome analysis of iron snow collected from an acidic lake with protein-based stable isotope probing to determine general metabolic activities and to trace 13CO2 incorporation in iron snow over time under oxic and anoxic conditions. mRNA-derived metatranscriptome of iron snow identified four key players (Leptospirillum, Ferrovum, Acidithrix, Acidiphilium) with relative abundances (59.6–85.7%) encoding ecologically relevant pathways, including carbon fixation and polysaccharide biosynthesis. No transcriptional activity for carbon fixation from archaea or eukaryotes was detected. 13CO2 incorporation studies identified active chemolithoautotroph Ferrovum under both conditions. Only 1.0–5.3% relative 13C abundances were found in heterotrophic Acidiphilium and Acidocella under oxic conditions. These data show that iron oxidizers play an important role in CO2 fixation, but the majority of fixed C will be directly transported to the sediment without feeding heterotrophs in the water column in acidic ferruginous lakes

Associations of maternal and paternal blood pressure patterns and hypertensive disorders during pregnancy with childhood blood pressure

Background-Hypertensive disorders in pregnancy may affect the cardiovascular risk of offspring. We examined the associations of maternal blood pressure throughout pregnancy and hypertensive disorders in pregnancy with childhood blood pressure of offspring. Specific focus was on the comparison with paternal blood pressure effects, the identification of critical periods, and the role of birth outcomes and childhood body mass index in the observed associations. Methods and Results-This study was embedded in a population-based prospective cohort study among 5310 mothers and fathers and their children. We measured maternal blood pressure in each trimester of pregnancy and paternal blood pressure once. Information about hypertensive disorders in pregnancy was obtained from medical records. We measured childhood blood pressure at the median age of 6.0 years (95% range 5.7-8.0 years). Both maternal and paternal blood pressure were positively associated with childhood blood pressure (all P < 0.05), with similar effect estimates. Conditional regression analyses showed that early, mid-, and late-pregnancy maternal blood pressure levels were all independent and positively associated with childhood blood pressure, with the strongest effect estimates for early pregnancy. Compared with children of mothers without hypertensive disorders in pregnancy, children of mothers with hypertensive disorders in pregnancy had higher diastolic blood pressure by a standard deviation score of 0.13 (95% CI 0.05-0.21). The observed associations were not materially affected by birth outcomes and childhood body mass index. Conclusions-Both maternal and paternal blood pressure affects childhood blood pressure, independent of fetal and childhood growth measures, with the strongest effect of maternal blood pressure in early pregnancy

DNGR1-mediated deletion of A20/Tnfaip3 in dendritic cells alters T and B-cell homeostasis and promotes autoimmune liver pathology

Dendritic cells (DCs) are central regulators of tolerance versus immunity. The outcome depends amongst others on DC subset and activation status. Whereas CD11b+ type 2 conventional DCs (cDC2s) initiate proinflammatory helper T (Th)-cell responses, CD103+ cDC1s are crucial for regulatory T-cell (Treg) induction and CD8+ T-cell activation. DC activation is controlled by the transcription factor NF-κB. Ablation of A20/Tnfaip3, a critical regulator of NF-κB activation, in DCs leads to constitutive DC activation and development of systemic autoimmunity. We hypothesized that the activation status of cDCs controls the development of autoimmunity. To target cDCs, DNGR1(Clec9a)-cre-mediated excision of A20/Tnfaip3 was used through generation of Tnfaip3fl/flxClec9a+/cre (Tnfaip3DNGR1−KO) mice. Immune cell activation was evaluated at 31-weeks of age. We found that DNGR1-cre-mediated deletion of A20/Tnfaip3 resulted in liver pathology characterized by inflammatory infiltrates adjacent to the portal triads. Both cDC subsets as well as monocyte-derived DCs (moDCs) in Tnfaip3DNGR1−KO livers harbored an activated phenotype. Specifically, the costimulatory molecule CD40 in liver cDCs and moDCs was regulated by A20/Tnfaip3 expression. Livers from Tnfaip3DNGR1−KO mice had augmented prop

Accelerating slip rates on the Puente Hills blind thrust fault system beneath metropolitan Los Angeles, California, USA

Slip rates represent the average displacement across a fault over time and are essential to estimating earthquake recurrence for probabilistic seismic hazard assessments. We demonstrate that the slip rate on the western segment of the Puente Hills blind thrust fault system, which is beneath downtown Los Angeles, California (USA), has accelerated from ∼0.22 mm/yr in the late Pleistocene to ∼1.33 mm/yr in the Holocene. Our analysis is based on syntectonic strata derived from the Los Angeles River, which has continuously buried a fold scarp above the blind thrust. Slip on the fault beneath our field site began during the late-middle Pleistocene and progressively increased into the Holocene. This increase in rate implies that the magnitudes and/or the frequency of earthquakes on this fault segment have increased over time. This challenges the characteristic earthquake model and presents an evolving and potentially increasing seismic hazard to metropolitan Los Angeles

Expression and purification of tau protein and its frontotemporal dementia variants using a cleavable histidine tag

Recombinant tau protein is widely used to study the biochemical, cellular and pathological aspects of tauopathies, including Alzheimer's disease and frontotemporal dementia with Parkinsonism linked to chromosome 17 (FTPD-17). Pure tau in high yield is a requirement for in vitro evaluation of the protein's physiological and toxic functions. However, the preparation of recombinant tau is complicated by the protein's propensity to aggregate and form truncation products, necessitating the use of multiple, time-consuming purification methods. In this study, we investigated parameters that influence the expression of wild type and FTPD-17 pathogenic tau, in an attempt to identify ways to maximise expression yield. Here, we report on the influence of the choice of host strain, induction temperature, duration of induction, and media supplementation with glucose on tau expression in Escherichia coli. We also describe a straightforward process to purify the expressed tau proteins using immobilised metal affinity chromatography, with favourable yields over previous reports. An advantage of the described method is that it enables high yield production of functional oligomeric and monomeric tau, both of which can be used to study the biochemical, physiological and toxic properties of the protein

Double Umbilical Cord Blood Transplantation in High-Risk Hematological Patients: A Phase II Study Focusing on the Mechanism of Graft Predominance

Immunobiology of allogeneic stem cell transplantation and immunotherapy of hematological disease