Description

Q3’25 ThinkstScapes

Microsoft-induced security woes

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens

Dirk-jan Mollema

[Blog post]

Turning Microsoft's Login Page into our Phishing Infrastructure

Keanu Nys

[Slides] [Video]

You snooze you lose: RPC-Racer winning RPC endpoints against services

Ron Ben Yizhak

[Slides] [Code] [Video]

Internal Domain Name Collision 2.0

Philippe Caturegli

[Slides] [Video]

Logs are not always as they appear

Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP

Eliav Livneh

[Video]

I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDR

Olaf Hartong

[Slides] [Code]

From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion

Shu-Hao Tung

[Slides] [Paper] [Video]

Autobots roll out!

Automating software security with LLMs

Tyler Nighswander

[Site] [Code] [Video]

Agents Built From Alloys

Albert Ziegler

[Blog post] [Dataset]

AI Agents for Offsec with Zero False Positives

Brendan Dolan-Gavitt

[Slides]

Are CAPTCHAs Still Bot-hard? Generalized Visual CAPTCHA Solving with Agentic Vision Language Model

Xiwen Teoh, Yun Lin, Siqi Li, Ruofan Liu, Avi Sollomoni, Yaniv Harel, and Jin Song Dong

[Site] [Paper] [Code]

Good vibrations

Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors

Mohamad Habib Fakih, Rahul Dharmaji, Youssef Mahmoud, Halima Bouzidi, and Mohammad Abdullah Al Faruque

[Site] [Paper]

TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic Waves

Jianshuo Liu, Hong Li, Haining Wang, Mengjie Sun, Hui Wen, Jinfa Wang, and Limin Sun

[Paper]

Nifty sundries

Crescent library brings privacy to digital identity systems

Christian Paquin, Guru-Vamsi Policharla, and Greg Zaverucha

[Blog post] [Paper] [Code]

Journey to the center of the PSTN: How I became a phone company, and how you can too

Enzo Damato

[Slides] [Video]

Safe Harbor or Hostile Waters: Unveiling the Hidden Perils of the TorchScript Engine in PyTorch

Ji'an Zhou and Lishuo Song

[Slides]

Ghosts in the Machine Check – Conjuring Hardware Failures for Cross-ring Privilege Escalation

Christopher Domas

[Slides] [Code] [Video]

Machine Against the RAG: Jamming Retrieval-Augmented Generation with Blocker Documents

Avital Shafran, Roei Schuster, and Vitaly Shmatikov

[Paper] [Code]

Inverting the Xorshift128+ random number generator

Scott Contini

[Blog post] [Code]

ThinkstScapes Research Roundup - Q3 - 2025

Listen

Description

Q3’25 ThinkstScapes

Microsoft-induced security woes

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens

Turning Microsoft's Login Page into our Phishing Infrastructure

You snooze you lose: RPC-Racer winning RPC endpoints against services

Internal Domain Name Collision 2.0

Logs are not always as they appear

Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP

I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDR

From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion

Autobots roll out!

Automating software security with LLMs

Agents Built From Alloys

AI Agents for Offsec with Zero False Positives

Are CAPTCHAs Still Bot-hard? Generalized Visual CAPTCHA Solving with Agentic Vision Language Model

Good vibrations

Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors

TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic Waves

Nifty sundries

Crescent library brings privacy to digital identity systems

Journey to the center of the PSTN: How I became a phone company, and how you can too

Safe Harbor or Hostile Waters: Unveiling the Hidden Perils of the TorchScript Engine in PyTorch

Ghosts in the Machine Check – Conjuring Hardware Failures for Cross-ring Privilege Escalation

Machine Against the RAG: Jamming Retrieval-Augmented Generation with Blocker Documents

Inverting the Xorshift128+ random number generator

Want to check another podcast?