Artwork

コンテンツは Jacob Torrey, Haroon meer, and Marco slaviero によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Jacob Torrey, Haroon meer, and Marco slaviero またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!

ThinkstScapes Research Roundup - Q3 - 2021

21:33
 
シェア
 

Manage episode 314265153 series 3290432
コンテンツは Jacob Torrey, Haroon meer, and Marco slaviero によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Jacob Torrey, Haroon meer, and Marco slaviero またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal

Introduction

Episode 1 - 2021/Q3

Thinkst Trends and Takeaways is a show released in conjunction with ThinkstScapes, a written quarterly review of information security research published in both industry and academic venues. Thinkst Labs allocates time to tracking industry research so you don’t have to, specifically looking for novel and unusual work that is impactful--this is not simply a report on bugs or vulnerabilities. Work covered here will include both offensive and defensive topics, and we explore academic publications with the same gusto as industry work. Our target listeners are primarily security practitioners in organizations who are tasked with defending their turf, but offensive-minded folks will also be exposed to new ideas and research we’ve come across.

Full bibliography of referenced works:

Embedded security research

  • Precursor: Towards Evidence-Based Trust in Hardware
  • Kernel Pwning with eBPF: a Love Story
    • Valentina Palmiotti (@chompie1337)
    • [Paper]
  • InternalBlue / Frankenstein / Spectra
  • HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
    • Abraham Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer
    • [Slides] [Paper] [Video]
  • Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
    • Chen Cao, Le Guan, Jiang Ming, and Peng Liu
    • [Paper]
  • Remote Timing Attacks on TPMs, AKA TPM-Fail
  • Breaking VSM by Attacking SecureKernel
  • Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks

Exploiting 'Differences of opinion'

  • HTTP/2: The Sequel is Always Worse
  • Differential Fuzzing of x86-64 Instruction Decoders
  • EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
  • Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems
    • Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu
    • [Slides]
  • Interpretable Deep Learning Under Fire
  • Hiding Objects from Computer Vision by Exploiting Correlation Biases
    • Yin Minn Pa Pa, Paul Ziegler, and Masaki Kamizono
    • [Slides]
  • Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL and Wi-Fi
    • Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick
    • [Paper]

Defence

  • Entangled Watermarks as a Defense Against Model Extraction
    • Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
    • [Paper]
  • Hopper: Modeling and Detecting Lateral Movement
    • Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey Voelker, and David Wagner
    • [Paper]
  • Faking a Factory: Creating and Operating a Realistic Honeypot
  • Do You Speak My Language? Making Static Analysis Engines Understand Each Other
    • Ibrahim Mohamed and Manuel Fahndrich
    • [Slides]
  • Practical Defenses Against Adversarial Machine Learning

Nifty sundries

  • Remote Side-Channel Attacks on Anonymous Transactions
    • Florian Tramer, Dan Boneh, and Kenneth G. Paterson
    • [Paper]
  • An Observational Investigation of Reverse Engineers’ Processes
    • Daniel Votipka, Seth Rabin, Kristopher Micinski, Jeffrey Foster, and Michelle Mazurek
    • [Paper] [Video]
  • On the Feasibility of Automating Stock Market Manipulation
    • Carter Yagemann, Simon Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee
    • [Paper]
  • IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets
  • The Dark Age of Memory Corruption Mitigations in the Spectre Era
    • Andrea Mambretti and Alexandra Sandulescu
    • [Slides]
  • Everything Old is New Again: Binary Security of WebAssembly
  • ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!

brought to you by

Most companies find out way too late that they've been breached. Thinkst Canary changes this. Canaries deploy in under 4 minutes and require 0 ongoing admin overhead. They remain silent till they need to chirp, and then, you receive that single alert.

When.it.matters.

Find out why some of the smartest security teams in the world swear by Thinkst Canary https://canary.love

  continue reading

12 つのエピソード

Artwork
iconシェア
 
Manage episode 314265153 series 3290432
コンテンツは Jacob Torrey, Haroon meer, and Marco slaviero によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Jacob Torrey, Haroon meer, and Marco slaviero またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal

Introduction

Episode 1 - 2021/Q3

Thinkst Trends and Takeaways is a show released in conjunction with ThinkstScapes, a written quarterly review of information security research published in both industry and academic venues. Thinkst Labs allocates time to tracking industry research so you don’t have to, specifically looking for novel and unusual work that is impactful--this is not simply a report on bugs or vulnerabilities. Work covered here will include both offensive and defensive topics, and we explore academic publications with the same gusto as industry work. Our target listeners are primarily security practitioners in organizations who are tasked with defending their turf, but offensive-minded folks will also be exposed to new ideas and research we’ve come across.

Full bibliography of referenced works:

Embedded security research

  • Precursor: Towards Evidence-Based Trust in Hardware
  • Kernel Pwning with eBPF: a Love Story
    • Valentina Palmiotti (@chompie1337)
    • [Paper]
  • InternalBlue / Frankenstein / Spectra
  • HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
    • Abraham Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer
    • [Slides] [Paper] [Video]
  • Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
    • Chen Cao, Le Guan, Jiang Ming, and Peng Liu
    • [Paper]
  • Remote Timing Attacks on TPMs, AKA TPM-Fail
  • Breaking VSM by Attacking SecureKernel
  • Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks

Exploiting 'Differences of opinion'

  • HTTP/2: The Sequel is Always Worse
  • Differential Fuzzing of x86-64 Instruction Decoders
  • EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
  • Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems
    • Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu
    • [Slides]
  • Interpretable Deep Learning Under Fire
  • Hiding Objects from Computer Vision by Exploiting Correlation Biases
    • Yin Minn Pa Pa, Paul Ziegler, and Masaki Kamizono
    • [Slides]
  • Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL and Wi-Fi
    • Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick
    • [Paper]

Defence

  • Entangled Watermarks as a Defense Against Model Extraction
    • Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
    • [Paper]
  • Hopper: Modeling and Detecting Lateral Movement
    • Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey Voelker, and David Wagner
    • [Paper]
  • Faking a Factory: Creating and Operating a Realistic Honeypot
  • Do You Speak My Language? Making Static Analysis Engines Understand Each Other
    • Ibrahim Mohamed and Manuel Fahndrich
    • [Slides]
  • Practical Defenses Against Adversarial Machine Learning

Nifty sundries

  • Remote Side-Channel Attacks on Anonymous Transactions
    • Florian Tramer, Dan Boneh, and Kenneth G. Paterson
    • [Paper]
  • An Observational Investigation of Reverse Engineers’ Processes
    • Daniel Votipka, Seth Rabin, Kristopher Micinski, Jeffrey Foster, and Michelle Mazurek
    • [Paper] [Video]
  • On the Feasibility of Automating Stock Market Manipulation
    • Carter Yagemann, Simon Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee
    • [Paper]
  • IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets
  • The Dark Age of Memory Corruption Mitigations in the Spectre Era
    • Andrea Mambretti and Alexandra Sandulescu
    • [Slides]
  • Everything Old is New Again: Binary Security of WebAssembly
  • ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!

brought to you by

Most companies find out way too late that they've been breached. Thinkst Canary changes this. Canaries deploy in under 4 minutes and require 0 ongoing admin overhead. They remain silent till they need to chirp, and then, you receive that single alert.

When.it.matters.

Find out why some of the smartest security teams in the world swear by Thinkst Canary https://canary.love

  continue reading

12 つのエピソード

すべてのエピソード

×
 
Loading …

プレーヤーFMへようこそ!

Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。

 

クイックリファレンスガイド