ThinkstScapes Research Roundup - Q3 - 2022
ThinkstScapes
English - November 04, 2022 19:57 - 31 minutes - 29.2 MBTechnology cyber-security cybersecurity hacking information security infosec Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices
Dilawer Ahmed, Anupam Das, and Fareed Zaffar
Watching the Watchers: Practical Video Identification Attack in LTE NetworksSangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae Kim
Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side ChannelHenrique Teles Maia, Chang Xiao, Dingzeyu Li, Eitan Grinspun, and Changxi Zheng
LTrack: Stealthy Tracking of Mobile Phones in LTEMartin Kotuliak, Simon Erni, Patrick Leu, Marc Röschlin, and Srdjan Čapkun
IRMA's Idemix core: Understanding the crypto behind selective, unlinkable attribute disclosureMaja Reissner and Sietse Ringers
CryptPad: a zero knowledge collaboration platformLudovic Dubost
drand: publicly verifiable randomness explainedYolan Romailler
A dead man’s full-yet-responsible-disclosure systemYolan Romailler
Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument SignaturesSimon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
My data in your signed codeAlex Ivkin
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature VerificationGolan Cohen
TLS-Anvil: Adapting Combinatorial Testing for TLS LibrariesMarcel Maehren, Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky, Jörg Schwenk
Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary ProgramsJayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, and Yan Shoshitaishvili
In Need of 'Pair' Review: Vulnerable Code Contributions by GitHub CopilotHammond Pearce, Benjamin Tan, Brendan Dolan-Gavitt, and Baleegh Ahmad
Catch Me If You Can: Deterministic Discovery of Race Conditions with FuzzingNed Williamson
Someone’s Been Messing With My Subnormals!Brendan Dolan-Gavitt
[Blog]
Attacking AAD by abusing the Sync API: The story behind $40K in bountiesNestori Syynimaa
Towards a Tectonic Traffic Shift? Investigating Apple’s New Relay NetworkPatrick Sattler , Juliane Aulbach , Johannes Zirngibl , Georg Carle
[Paper]
Hiding malware in Docker Desktop's secret virtual machineAlex Hope
Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IISOrange Tsai
Using Trātṛ to tame Adversarial SynchronizationYuvraj Patel, Chenhao Ye, Akshat Sinha, Abigail Matthews, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, and Michael M. Swift