ThinkstScapes Research Roundup - Q2 - 2024

AI/ML in security Injecting into LLM-adjacent components Johann Rehberger [ Blog 1 ] [ Blog 2 ] Teams of LLM Agents can Exploit Zero-Day Vulnerabilities Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang [ Paper ] Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models Sergei Glazunov and Mark Brand [ Blog ] LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks Saad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse Kivilcim Coskun, and Gianluca Stringhini [ Paper ] [ Code ] The Impact of Backdoor Poisoning Vulnerabilities on AI-Based Threat Detectors Dmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli [ Slides ] [ Paper ] [ Code ] Looking at the whole system Systems Alchemy: The Transmutation of Hacking Thaddeus grugq [ Video ] The Boom, the Bust, the Adjust and the Unknown Maor Shwartz [ Slides ] Poisoning Web-Scale Training Datasets is Practical Nicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum Anderson, Andreas Terzis, Kurt Thomas, and Florian Tramèr [ Paper ] Intercloud Identities: The Risks and Mitigations of Access Between Cloud Providers Noam Dahan and Ari Eitan [ Video ] New modalities with which to inflict pain GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy R. Vasquez, David Kohlbrenner, Hovav Shacham, and Christopher W. Fletcher [ Paper ] AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management Jennifer Sheldon, Weidong Zhu, Adnan Abdullah, Sri Hrushikesh Varma Bhupathiraju, Takeshi Sugawara, Kevin Butler, Md Jahidul Islam, and Sara Rampazzi [ Paper ] [ Video ] Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED Captured By Standard Video Cameras Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, and Yuval Elovici [ Site ] [ Paper ] [ Video ] Old components showing the strain Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks Yuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu [ Blog ] [ Paper ] Reliable Payload Transmission Past the Spoofed TCP Handshake Yepeng Pan and Christian Rossow [ Paper ] [ Code ] Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials David Klein and Martin Johns [ Paper ] [ Code ] Practical Exploitation of Registry Vulnerabilities in the Windows Kernel Mateusz Jurczyk [ Blog ] [ Video ] Nifty sundries An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape Sifat Muhammad Abdullah, Aravind Cheruvu, Shravya Kanchi, Taejoong Chung, Peng Gao, Murtuza Jadliwala, and Bimal Viswanath [ Code ] [ Paper ] Tracking illicit phishermen in the deep blue Azure Jacob Torrey [ Slides ] [ Code ] SEVeriFast: Minimizing the root of trust for fast startup of SEV microVMs Benjamin Holmes, Jason Waterman, and Dan Williams [ Paper ] [ Code ] Certiception: The ADCS Honeypot We Always Wanted Balthasar Martin and Niklas van Dornick [ Blog ] [ Code ] [ Slides ]

You can listen to ThinkstScapes Research Roundup - Q2 - 2024 online on Radio and Podcast. Open the player on this page to stream the available audio.

ThinkstScapes Research Roundup - Q2 - 2024 is an episode from ThinkstScapes by Jacob Torrey.

This episode is 00:31:36 long.

This episode was published on Jul 29, 2024.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from ThinkstScapes when more episodes are available from the podcast feed.