Player FMアプリでオフラインにしPlayer FMう!
ThinkstScapes Research Roundup - Q3 - 2021
Manage episode 314265153 series 3290432
Introduction
Episode 1 - 2021/Q3
Thinkst Trends and Takeaways is a show released in conjunction with ThinkstScapes, a written quarterly review of information security research published in both industry and academic venues. Thinkst Labs allocates time to tracking industry research so you don’t have to, specifically looking for novel and unusual work that is impactful--this is not simply a report on bugs or vulnerabilities. Work covered here will include both offensive and defensive topics, and we explore academic publications with the same gusto as industry work. Our target listeners are primarily security practitioners in organizations who are tasked with defending their turf, but offensive-minded folks will also be exposed to new ideas and research we’ve come across.
Full bibliography of referenced works:
Embedded security research
- Precursor: Towards Evidence-Based Trust in Hardware
- Andrew ‘bunnie’ Huang
- [Video]
- Kernel Pwning with eBPF: a Love Story
- Valentina Palmiotti (@chompie1337)
- [Paper]
- InternalBlue / Frankenstein / Spectra
- HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
- Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
- Chen Cao, Le Guan, Jiang Ming, and Peng Liu
- [Paper]
- Remote Timing Attacks on TPMs, AKA TPM-Fail
- Daniel Moghimi
- [Slides]
- Breaking VSM by Attacking SecureKernel
- Saar Amar and Daniel King
- [Slides]
- Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks
Exploiting 'Differences of opinion'
- HTTP/2: The Sequel is Always Worse
- James Kettle
- [Paper]
- Differential Fuzzing of x86-64 Instruction Decoders
- EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
- Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems
- Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu
- [Slides]
- Interpretable Deep Learning Under Fire
- Hiding Objects from Computer Vision by Exploiting Correlation Biases
- Yin Minn Pa Pa, Paul Ziegler, and Masaki Kamizono
- [Slides]
- Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL and Wi-Fi
- Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick
- [Paper]
Defence
- Entangled Watermarks as a Defense Against Model Extraction
- Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
- [Paper]
- Hopper: Modeling and Detecting Lateral Movement
- Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey Voelker, and David Wagner
- [Paper]
- Faking a Factory: Creating and Operating a Realistic Honeypot
- Do You Speak My Language? Making Static Analysis Engines Understand Each Other
- Ibrahim Mohamed and Manuel Fahndrich
- [Slides]
- Practical Defenses Against Adversarial Machine Learning
- Ariel Herbert-Voss
- [Video]
Nifty sundries
- Remote Side-Channel Attacks on Anonymous Transactions
- Florian Tramer, Dan Boneh, and Kenneth G. Paterson
- [Paper]
- An Observational Investigation of Reverse Engineers’ Processes
- On the Feasibility of Automating Stock Market Manipulation
- Carter Yagemann, Simon Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee
- [Paper]
- IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets
- Tohid Shekari and Raheem Beyah
- [Slides]
- The Dark Age of Memory Corruption Mitigations in the Spectre Era
- Andrea Mambretti and Alexandra Sandulescu
- [Slides]
- Everything Old is New Again: Binary Security of WebAssembly
- ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!
- Orange Tsai
- [Slides]
brought to you by
Most companies find out way too late that they've been breached. Thinkst Canary changes this. Canaries deploy in under 4 minutes and require 0 ongoing admin overhead. They remain silent till they need to chirp, and then, you receive that single alert.
When.it.matters.
Find out why some of the smartest security teams in the world swear by Thinkst Canary https://canary.love
12 つのエピソード
Manage episode 314265153 series 3290432
Introduction
Episode 1 - 2021/Q3
Thinkst Trends and Takeaways is a show released in conjunction with ThinkstScapes, a written quarterly review of information security research published in both industry and academic venues. Thinkst Labs allocates time to tracking industry research so you don’t have to, specifically looking for novel and unusual work that is impactful--this is not simply a report on bugs or vulnerabilities. Work covered here will include both offensive and defensive topics, and we explore academic publications with the same gusto as industry work. Our target listeners are primarily security practitioners in organizations who are tasked with defending their turf, but offensive-minded folks will also be exposed to new ideas and research we’ve come across.
Full bibliography of referenced works:
Embedded security research
- Precursor: Towards Evidence-Based Trust in Hardware
- Andrew ‘bunnie’ Huang
- [Video]
- Kernel Pwning with eBPF: a Love Story
- Valentina Palmiotti (@chompie1337)
- [Paper]
- InternalBlue / Frankenstein / Spectra
- HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
- Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
- Chen Cao, Le Guan, Jiang Ming, and Peng Liu
- [Paper]
- Remote Timing Attacks on TPMs, AKA TPM-Fail
- Daniel Moghimi
- [Slides]
- Breaking VSM by Attacking SecureKernel
- Saar Amar and Daniel King
- [Slides]
- Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks
Exploiting 'Differences of opinion'
- HTTP/2: The Sequel is Always Worse
- James Kettle
- [Paper]
- Differential Fuzzing of x86-64 Instruction Decoders
- EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
- Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems
- Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu
- [Slides]
- Interpretable Deep Learning Under Fire
- Hiding Objects from Computer Vision by Exploiting Correlation Biases
- Yin Minn Pa Pa, Paul Ziegler, and Masaki Kamizono
- [Slides]
- Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL and Wi-Fi
- Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick
- [Paper]
Defence
- Entangled Watermarks as a Defense Against Model Extraction
- Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
- [Paper]
- Hopper: Modeling and Detecting Lateral Movement
- Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey Voelker, and David Wagner
- [Paper]
- Faking a Factory: Creating and Operating a Realistic Honeypot
- Do You Speak My Language? Making Static Analysis Engines Understand Each Other
- Ibrahim Mohamed and Manuel Fahndrich
- [Slides]
- Practical Defenses Against Adversarial Machine Learning
- Ariel Herbert-Voss
- [Video]
Nifty sundries
- Remote Side-Channel Attacks on Anonymous Transactions
- Florian Tramer, Dan Boneh, and Kenneth G. Paterson
- [Paper]
- An Observational Investigation of Reverse Engineers’ Processes
- On the Feasibility of Automating Stock Market Manipulation
- Carter Yagemann, Simon Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee
- [Paper]
- IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets
- Tohid Shekari and Raheem Beyah
- [Slides]
- The Dark Age of Memory Corruption Mitigations in the Spectre Era
- Andrea Mambretti and Alexandra Sandulescu
- [Slides]
- Everything Old is New Again: Binary Security of WebAssembly
- ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!
- Orange Tsai
- [Slides]
brought to you by
Most companies find out way too late that they've been breached. Thinkst Canary changes this. Canaries deploy in under 4 minutes and require 0 ongoing admin overhead. They remain silent till they need to chirp, and then, you receive that single alert.
When.it.matters.
Find out why some of the smartest security teams in the world swear by Thinkst Canary https://canary.love
12 つのエピソード
すべてのエピソード
×プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。