Shows
ThinkstScapesThinkstScapes Research Roundup - Q2 - 2025ThinkstScapes Q2’25Networking is always trickyBeyond the Horizon: Uncovering Hosts and Services Behind Misconfigured FirewallsQing Deng, Juefei Pu, Zhaowei Tan, Zhiyun Qian, and Srikanth V. Krishnamurthy[Paper]0.0.0.0 Day: Exploiting Localhost APIs From The BrowserAvi Lumelsky and Gal Elbaz[Blog post] [Video]Local Mess: Covert Web-to-App Tracking via Localhost on AndroidAniketh Girish, Gunes Acar, Narseo Vallina-Rodriguez, Nipuna Weerasekara, and Tim Vlummens[Website]Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-LayerNiklas Ni...2025-08-0434 minThinkstScapesThinkstScapes Research Roundup - Q1 - 2025ThinkstScapes Q1’25Putting it into practiceHomomorphic Encryption across Apple featuresRehan Rishi, Haris Mughees, Fabian Boemer, Karl Tarbe, Nicholas Genise, Akshay Wadia, and Ruiyu Zhu[Code] [Paper] [Video]Beyond the Hook: A Technical Deep Dive into Modern Phishing MethodologiesAlexandre Nesic[Blog] How to Backdoor Large Language ModelsShrivu Shankar[Blog] [Code] Buccaneers of the Binary: Plundering Compiler Optimizations for Decompilation TreasureZion Leonahenahe Basque[Code] [Video]Software Screws Around, Reve...2025-04-3029 minThinkstScapesThinkstScapes Research Roundup - Q4 - 2024ThinkstScapes Q4’24Wins and losses in the Microsoft ecosystemPointer Problems - Why We’re Refactoring the Windows KernelJoe Bialek[Video]Defending off the landCasey Smith, Jacob Torrey, and Marco Slaviero[Slides] [Code]Unveiling the Power of Intune: Leveraging Intune for Breaking Into Your Cloud and On-PremiseYuya Chudo[Slides] [Code]From Simulation to Tenant TakeoverVaisha Bernard[Video]From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 112025-02-2037 minThinkstScapesThinkstScapes Research Roundup - Q3 - 2024Themes covered in this episodeEdge cases at scale still matterWorks from this theme exploit rarely-occurring issues, but with an internet-wide aperture to end up with impressive results. Look for: mechanising bit-squatting; static code analysis for vulnerabilities across all browser extensions, or across web ecosystems; and how Let’s Encrypt worries about revoking and reissuing 400M certificates in a week.Going above and beyondTalks and papers often use state-of-the-art tooling to measure/detect an interesting phenomenon. This theme highlights four works that could have followed that path, but also bu...2024-11-1136 minThinkstScapesThinkstScapes Research Roundup - Q2 - 2024AI/ML in securityInjecting into LLM-adjacent componentsJohann Rehberger[Blog 1] [Blog 2]Teams of LLM Agents can Exploit Zero-Day VulnerabilitiesRichard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang[Paper] Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models Sergei Glazunov and Mark Brand[Blog] LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and BenchmarksSaad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse Kivilcim Coskun, and Gianluca Str...2024-07-2931 minThinkstScapesThinkstScapes Research Roundup - Q1 - 2024Revealing more than anticipated, and preventing prying eyesPrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction SoundMan Zhou, Shuao Su, Qian Wang, Qi Li, Yuting Zhou, Xiaojing Ma, and Zhengxiong Li[Paper]ModelGuard: Information-Theoretic Defense Against Model Extraction AttacksMinxue Tang, Anna Dai, Louis DiValentin, Aolin Ding, Amin Hass, Neil Zhenqiang Gong, Yiran Chen, and Hai Li[Paper] [Code]RECORD: A RECeption-Only Region Determination Attack on LEO Satellite UsersEric Jedermann, Martin Strohmeier, Vincent Lenders, and Jens Schmitt2024-06-1425 minThinkstScapesThinkstScapes Research Roundup - Q4 - 2023LLMs ain't making life any easierAbusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMsTsung-Yin Hsieh, Ben Nassi, Vitaly Shmatikov, and Eugene Bagdasaryan[Slides] [Paper] [Code]Tree of Attacks: Jailbreaking Black-Box LLMs AutomaticallyAnay Mehrotra, Manolis Zampetakis, Paul Kassianik, Blaine Nelson, Hyrum Anderson, Yaron Singer, and Amin Karbasi[Paper] [Code]Avoiding the basilisk's fangs: State-of-the-art in AI LLM detectionJacob Torrey[Slides] [Code] [Video]Dystopian much: The Rise of the Influence MachinesNea Paw2024-02-2829 minThinkstScapesThinkstScapes Research Roundup - Q3 - 2023Cryptography still isn’t easycertmitm: automatic exploitation of TLS certificate validation vulnerabilitiesAapo Oksman[Slides] [Code] [Video]Escaping Phishermen Nets: Cryptographic Methods Unveiled in the Fight Against Reverse Proxy AttacksKsandros Apostoli[Blog]mTLS: When certificate authentication is done wrongMichael Stepankin[Slides] [Blog]Ultrablue: User-friendly Lightweight TPM Remote Attestation over BluetoothNicolas Bouchinet, Loïc Buckwell, and Gabriel Kerneis[Slides] [Code] [Video]HECO: Fully Homomorphic Encryption CompilerAlexander Viand, Pat...2023-11-1424 minThinkstScapesThinkstScapes Research Roundup - Q2 - 2023Privacy in the modern eraIPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level GeolocationErik Rye and Robert Beverly[Slides] [Paper] [Code]Device Tracking via Linux’s New TCP Source Port Selection AlgorithmMoshe Kol, Amit Klein, and Yossi Gilad[Code] [Paper]zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity InfrastructureMichael Rosenberg, Jacob White, Christina Garman, and Ian Miers[Paper] [Code]3 Years in China: A Tale of Building a REAL Full Speed Anti-Censorship RouterKaiJern La...2023-08-0531 minThinkstScapesThinkstScapes Research Roundup - Q1 - 2023Smashing Web3 transaction simulations for fun and profitTal Be'ery and Roi Vazan[Blog] [Video]Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt InjectionKai Greshake, Sahar Abdelnabi, Shailesh Mishra, Christoph Endres, Thorsten Holz, and Mario Fritz[Paper] [Code] [Demo Website]Using ZK Proofs to Fight DisinformationTrisha Datta and Dan Boneh[Slides] [Video] [Code] [Blog]Crypto Agility and Post-Quantum Cryptography @ GoogleStefan Kölbl, Anvita Pandit, Rafael Misoczki, and Sophie Schmieg[C...2023-05-2622 minThinkstScapesThinkstScapes Research Roundup - Q4 - 2022Hacking the Cloud with SAMLFelix Wilhelm[Slides] [Video]Announcing GUAC, a great pairing with SLSA (and SBOM)!Brandon Lum, Mihai Maruseac, Isaac Hepworth, Google Open Source Security Team[Blog] [Code] [Presentation]We sign code nowWilliam Woodruff[Blog] [Code] [Video]Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy MechanismsCsaba Fitzl and Wojciech Regula[Slides] Farming The Apple Orchards: Living Off The Land TechniquesCedric Owens and Chris R...2023-02-1719 minThinkstScapesThinkstScapes Research Roundup - Q3 - 2022Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things DevicesDilawer Ahmed, Anupam Das, and Fareed Zaffar[Code] [Paper]Watching the Watchers: Practical Video Identification Attack in LTE NetworksSangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae Kim[Website] [Paper] [Video]Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side ChannelHenrique Teles Maia, Chang Xiao, Dingzeyu Li, Eitan Grinspun, and Changxi Zheng[Slides] [Paper]LTrack: Stealthy Tracking...2022-11-0431 minThinkstScapesThinkstScapes Research Roundup - Q2 - 2022I am become loadbalancer, owner of your networkNate Warfield[Slides]Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhonesJiska Classen, Alexander Heinrich, Robert Reith, and Matthias Hollick[Slides] [Paper]AirTag of the Clones: Shenanigans with Liberated Item FindersThomas Roth, Fabian Freyer, Matthias Hollick, and Jiska Classen[Paper] [Code]Are Blockchains Decentralised?Evan Sultanik, Alexander Remie, Felipe Manzano, Trent Brunson, Sam Moelius, Eric Kilmer, Mike Myers, Talley Amir, and Sonya Schriner[Blog...2022-07-2929 minThinkstScapesThinkstScapes Research Roundup - Q1 - 2022Hyntrospect: a fuzzer for Hyper-V devicesDiane Dubois[Slides] [Paper] [Code] [Video]Put an io_uring on it: Exploiting the Linux KernelValentina Palmiotti[Blog]The AMD Branch (Mis)predictor: Where No CPU has Gone BeforePawel Wieczorkiewicz[Blog part 1] [Blog part 2]Dynamic Process IsolationMartin Schwarzl, Pietro Borrello, Andreas Kogler, Kenton Varda, Thomas Schuster, Daniel Gruss, and Michael Schwarz[Paper]Another Brick in the Wall: Uncovering SMM Vulnerabilities in HP FirmwareItai...2022-04-2534 minThinkstScapesThinkstScapes Research Roundup - Q4 - 2021Sponge Examples: Energy-Latency Attacks on Neural NetworksIlia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, and Ross Anderson[Slides] [Paper] [Video]How to Use Cheated Cryptography to Overload a ServerSzilárd Pfeiffer[Slides]Bestie: Very Practical Searchable Encryption with Forward and Backward SecurityTuanyang Chen, Peng Xu, Wei Wang, Yubo Zheng, Willy Susilo, and Hai Jin[Paper]Symgrate: A Symbol Recovery Service for ARM FirmwareTravis Goodspeed & EVM[Site] From Graph Queries to...2021-12-1625 minThinkstScapesThinkstScapes Research Roundup - Q3 - 2021IntroductionEpisode 1 - 2021/Q3Thinkst Trends and Takeaways is a show released in conjunction with ThinkstScapes, a written quarterly review of information security research published in both industry and academic venues. Thinkst Labs allocates time to tracking industry research so you don’t have to, specifically looking for novel and unusual work that is impactful--this is not simply a report on bugs or vulnerabilities. Work covered here will include both offensive and defensive topics, and we explore academic publications with the same gusto as industry work. Our target listeners are primarily security practitioners in organizations wh...2021-08-3021 min