{"id":"https://openalex.org/W4387298192","doi":"https://doi.org/10.1145/3607199.3607228","title":"CoZure: Context Free Grammar Co-Pilot Tool for Finding New Lateral Movements in Azure Active Directory","display_name":"CoZure: Context Free Grammar Co-Pilot Tool for Finding New Lateral Movements in Azure Active Directory","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387298192","doi":"https://doi.org/10.1145/3607199.3607228"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607228","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607228","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023062732","display_name":"Abdullahi Chowdhury","orcid":"https://orcid.org/0000-0001-7237-1642"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Abdullahi Chowdhury","raw_affiliation_strings":["School of Computer and Mathematical Sciences, The University of Adelaide, Australia"],"raw_orcid":"https://orcid.org/0000-0001-7237-1642","affiliations":[{"raw_affiliation_string":"School of Computer and Mathematical Sciences, The University of Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056718700","display_name":"Hung Nguyen","orcid":"https://orcid.org/0000-0003-1028-920X"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hung Nguyen","raw_affiliation_strings":["School of Computer and Mathematical Sciences, The University of Adelaide, Australia"],"raw_orcid":"https://orcid.org/0000-0003-1028-920X","affiliations":[{"raw_affiliation_string":"School of Computer and Mathematical Sciences, The University of Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.4314,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.69055445,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"426","last_page":"439"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8178136944770813},{"id":"https://openalex.org/keywords/directory","display_name":"Directory","score":0.782000720500946},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6252495050430298},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.5424386858940125},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.522678792476654},{"id":"https://openalex.org/keywords/context-free-grammar","display_name":"Context-free grammar","score":0.4992673397064209},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4500657320022583},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.4189167618751526},{"id":"https://openalex.org/keywords/grammar","display_name":"Grammar","score":0.4123743772506714},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3832201361656189},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3707834780216217},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.32587534189224243},{"id":"https://openalex.org/keywords/parsing","display_name":"Parsing","score":0.29632824659347534},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.17383909225463867},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14376184344291687}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8178136944770813},{"id":"https://openalex.org/C2777683733","wikidata":"https://www.wikidata.org/wiki/Q201456","display_name":"Directory","level":2,"score":0.782000720500946},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6252495050430298},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.5424386858940125},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.522678792476654},{"id":"https://openalex.org/C97212296","wikidata":"https://www.wikidata.org/wiki/Q338047","display_name":"Context-free grammar","level":3,"score":0.4992673397064209},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4500657320022583},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.4189167618751526},{"id":"https://openalex.org/C26022165","wikidata":"https://www.wikidata.org/wiki/Q8091","display_name":"Grammar","level":2,"score":0.4123743772506714},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3832201361656189},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3707834780216217},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.32587534189224243},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.29632824659347534},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.17383909225463867},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14376184344291687},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3607199.3607228","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607228","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2089385274","https://openalex.org/W2091806820","https://openalex.org/W2156526892","https://openalex.org/W2158934842","https://openalex.org/W2528131028","https://openalex.org/W2621177934","https://openalex.org/W2898605513","https://openalex.org/W2908019476","https://openalex.org/W3014524697","https://openalex.org/W3103250307","https://openalex.org/W3196466373","https://openalex.org/W4244367873","https://openalex.org/W4253103663"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W3203597304","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4248424560","https://openalex.org/W3023977444","https://openalex.org/W4210660460","https://openalex.org/W3119380829","https://openalex.org/W2959616428"],"abstract_inverted_index":{"Securing":[0],"cloud":[1,7],"environments":[2],"such":[3],"as":[4],"Microsoft":[5],"Azure":[6,35,66,71,89,216,240],"is":[8],"challenging":[9],"and":[10,111,151,185,205],"vulnerabilities":[11,29,52,61,110],"due":[12],"to":[13,27,49,57,99,116,142,160,234],"misconfigurations,":[14],"especially":[15],"with":[16],"user":[17],"roles":[18],"assignment,":[19],"are":[20,54,175],"common.":[21],"There":[22],"have":[23,221],"been":[24],"significant":[25],"efforts":[26],"find":[28,50,83,109,161],"that":[30,79,106,166,196,231],"enable":[31],"lateral":[32,75,85,119,172,194,228],"movements":[33,86,195],"in":[34,63,87,178,210,215,239],"AD":[36,90,181],"systems.":[37],"All":[38],"of":[39,128,164],"the":[40,102,157,189],"existing":[41,129,212],"works,":[42],"however,":[43],"either":[44],"follow":[45],"a":[46,64,125,134,144,179],"manual":[47],"process":[48],"new":[51,84,118,162,170,224,236],"or":[53],"only":[55],"able":[56],"discover":[58,117,193],"whether":[59],"known":[60],"exist":[62],"deployed":[65],"environment.":[67,91],"We":[68],"develop":[69],"an":[70,88],"Active":[72],"Directory":[73],"(AAD)":[74],"movement-discovery":[76],"tool,":[77,137],"CoZure,":[78,219],"can":[80],"help":[81],"researchers":[82,108],"CoZure":[92,122,191],"deploys":[93],"algorithms":[94],"from":[95,148],"Context-Free":[96],"Grammar":[97],"(CFG)":[98],"first":[100,123],"learn":[101],"ways":[103],"(grammar":[104],"rules)":[105],"security":[107],"then":[112,139,155,176],"extend":[113],"these":[114,149],"rules":[115],"movement":[120,229],"paths.":[121],"collects":[124],"large":[126],"set":[127],"AAD":[130],"environment":[131,182],"commands":[132,150,165],"using":[133],"specialized":[135],"scraping":[136],"it":[138],"uses":[140],"CFG":[141],"build":[143],"knowledge":[145,158],"base":[146],"dataset":[147],"previous":[152],"attacks.":[153],"Cozure":[154],"applies":[156],"learned":[159],"combinations":[163],"could":[167,232],"open":[168],"up":[169],"candidate":[171],"movements,":[173],"which":[174],"tested":[177],"real":[180],"for":[183],"validation":[184],"manually":[186],"checked":[187],"by":[188],"user.":[190],"helped":[192],"current":[197],"fuzzing":[198],"tools":[199],"(e.g.,":[200],"OneFuzz,":[201],"RESTler)":[202],"cannot":[203],"identify":[204],"also":[206],"shows":[207],"better":[208],"performance":[209],"finding":[211],"misconfiguration":[213],"issues":[214],"AD.":[217,241],"Using":[218],"we":[220],"discovered":[222],"two":[223],"(not":[225],"previously":[226],"known)":[227],"methods":[230],"lead":[233],"numerous":[235],"attacking":[237],"paths":[238]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}