ThinkstScapes Research Roundup - Q4 - 2022

Hacking the Cloud with SAML

Felix Wilhelm

[Slides] [Video]

Announcing GUAC, a great pairing with SLSA (and SBOM)!

Brandon Lum, Mihai Maruseac, Isaac Hepworth, Google Open Source Security Team

[Blog] [Code] [Presentation]

We sign code now

William Woodruff

[Blog] [Code] [Video]

Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy Mechanisms

Csaba Fitzl and Wojciech Regula

[Slides] 

Farming The Apple Orchards: Living Off The Land Techniques

Cedric Owens and Chris Ross

[Slides] [Video]

LOLBINed — Using Kaspersky Endpoint Security “KES” Installer to Execute Arbitrary Commands

Nasreddine Bencherchali

[Blog] 

POPKORN: Popping Windows Kernel Drivers At Scale

Rajat Gupta, Lukas Patrick Dresel, Noah Spahn, Giovanni Vigna, Christopher Kruegel, and Taesoo Kim

[Paper] [Code]

RC4 Is Still Considered Harmful

James Forshaw

[Blog]

Kerberos’ RC4-HMAC broken in practice: spoofing PACs with MD5 collisions

Tom Tervoort

[Paper] [Slides]

Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in MS-RPC service

Ophir Harpaz and Stiv Kupchik

[Slides] [Video]

Decentralized Identity Attack Surface

Shaked Reiner

[Blog part 1] [Blog part 2]

Drone Authentication via Acoustic Fingerprint

Yufeng Diao, Yichi Zhang, Guodong Zhao, and Mohamed Khamis

[Slides] [Paper]

On the Implications of Spoofing and Jamming Aviation Datalink Applications

Harshad Sathaye, Guevara Noubir, and Aanjhan Ranganathan

[Slides] [Paper]

{JS-ON: Security-OFF}: Abusing JSON-Based SQL Queries

Noam Moshe

[Slides] [SQLMap patch] [Blog]

Are There Wireless Hidden Cameras Spying on Me?

Jeongyoon Heo, Sangwon Gil, Youngman Jung, Jinmok Kim, Donguk Kim,

Woojin Park, Yongdae Kim, Kang G. Shin, and Choong-Hoon Lee

[Slides] [Paper]