Artwork

Content provided by Jacob Torrey, Haroon meer, and Marco slaviero. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jacob Torrey, Haroon meer, and Marco slaviero or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

ThinkstScapes Research Roundup - Q3 - 2023

24:59
 
Share
 

Manage episode 383791155 series 3290432
Content provided by Jacob Torrey, Haroon meer, and Marco slaviero. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jacob Torrey, Haroon meer, and Marco slaviero or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Cryptography still isn’t easy

certmitm: automatic exploitation of TLS certificate validation vulnerabilities

Aapo Oksman

[Slides] [Code] [Video]

Escaping Phishermen Nets: Cryptographic Methods Unveiled in the Fight Against Reverse Proxy Attacks

Ksandros Apostoli

[Blog]

mTLS: When certificate authentication is done wrong

Michael Stepankin

[Slides] [Blog]

Ultrablue: User-friendly Lightweight TPM Remote Attestation over Bluetooth

Nicolas Bouchinet, Loïc Buckwell, and Gabriel Kerneis

[Slides] [Code] [Video]

HECO: Fully Homomorphic Encryption Compiler

Alexander Viand, Patrick Jattke, Miro Haller, and Anwar Hithnawi

[Slides] [Paper] [Code]

[Continued] attack of the side-channels

Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings

Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, and Aanjhan Ranganathan

[Paper] [Code]

Downfall: Exploiting Speculative Data Gathering

Daniel Moghimi

[Code] [Paper]

Your Clocks Have Ears – Timing-Based Browser-Based Local Network Port Scanner

Dongsung Kim

[Slides] [Demo] [Video]

Composition is hard in the cloud

Using Cloudflare to bypass Cloudflare

Florian Schweitzer and Stefan Proksch

[Blog]

The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree

Asaf Greenholts

[Slides] [Blog] [Video]

All You Need is Guest

Michael Bargury

[Slides] [Code]

Nifty sundries

Contactless Overflow: Critical contactless vulnerabilities in NFC readers used in point of sales and ATMs

Josep Pi Rodriguez

[Slides] [Video]

Defender-Pretender: When Windows Defender Updates Become a Security Risk

Omer Attias and Tomer Bar

[Slides] [Code]

Fuzz target generation using LLMs

Dongge Liu, Jonathan Metzman, and Oliver Chang

[Results] [Report] [Blog]

Route to Bugs: Analyzing the Security of BGP Message Parsing

Daniel dos Santos, Simon Guiot, Stanislav Dashevskyi, Amine Amri, and Oussama Kerro

[Slides] [Code]

It was harder to sniff Bluetooth through my mask during the pandemic…

Xeno Kovah

[Slides] [Data]

  continue reading

12 episodes

Artwork
iconShare
 
Manage episode 383791155 series 3290432
Content provided by Jacob Torrey, Haroon meer, and Marco slaviero. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jacob Torrey, Haroon meer, and Marco slaviero or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Cryptography still isn’t easy

certmitm: automatic exploitation of TLS certificate validation vulnerabilities

Aapo Oksman

[Slides] [Code] [Video]

Escaping Phishermen Nets: Cryptographic Methods Unveiled in the Fight Against Reverse Proxy Attacks

Ksandros Apostoli

[Blog]

mTLS: When certificate authentication is done wrong

Michael Stepankin

[Slides] [Blog]

Ultrablue: User-friendly Lightweight TPM Remote Attestation over Bluetooth

Nicolas Bouchinet, Loïc Buckwell, and Gabriel Kerneis

[Slides] [Code] [Video]

HECO: Fully Homomorphic Encryption Compiler

Alexander Viand, Patrick Jattke, Miro Haller, and Anwar Hithnawi

[Slides] [Paper] [Code]

[Continued] attack of the side-channels

Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings

Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, and Aanjhan Ranganathan

[Paper] [Code]

Downfall: Exploiting Speculative Data Gathering

Daniel Moghimi

[Code] [Paper]

Your Clocks Have Ears – Timing-Based Browser-Based Local Network Port Scanner

Dongsung Kim

[Slides] [Demo] [Video]

Composition is hard in the cloud

Using Cloudflare to bypass Cloudflare

Florian Schweitzer and Stefan Proksch

[Blog]

The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree

Asaf Greenholts

[Slides] [Blog] [Video]

All You Need is Guest

Michael Bargury

[Slides] [Code]

Nifty sundries

Contactless Overflow: Critical contactless vulnerabilities in NFC readers used in point of sales and ATMs

Josep Pi Rodriguez

[Slides] [Video]

Defender-Pretender: When Windows Defender Updates Become a Security Risk

Omer Attias and Tomer Bar

[Slides] [Code]

Fuzz target generation using LLMs

Dongge Liu, Jonathan Metzman, and Oliver Chang

[Results] [Report] [Blog]

Route to Bugs: Analyzing the Security of BGP Message Parsing

Daniel dos Santos, Simon Guiot, Stanislav Dashevskyi, Amine Amri, and Oussama Kerro

[Slides] [Code]

It was harder to sniff Bluetooth through my mask during the pandemic…

Xeno Kovah

[Slides] [Data]

  continue reading

12 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide