ThinkstScapes

ThinkstScapes Research Roundup - Q3 - 2024

Nov 11, 2024

Dive into the fascinating world of information security vulnerabilities, exploring issues from dangling domains to static secrets. Discover how sophisticated voice spoofing undermines authentication systems and learn about the risks of email registration vulnerabilities and IPv6 challenges. The podcast also sheds light on potential pitfalls in cloud-native environments and BGP routing. Plus, get insights into the hidden dangers lurking in modern IT systems and advancements in network analysis, including the intriguing snail load technique.

36:48

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The podcast emphasizes the critical security risks posed by bit squatting, where domain name variations can lead to significant credential theft if not monitored effectively.

It highlights the importance of overlooked IT infrastructure aspects, such as BGP vulnerabilities and AWS resource naming, which can result in widespread security compromises.

Deep dives

Edge Cases at Scale: The Impact of Bit Squatting

Bit squatting is a technique where attackers register domains that are only one bit different from legitimate ones, waiting for memory faults in client requests. Researchers demonstrated this by acquiring 25 domains and managing to collect thousands of credentials over five months using their automation tools. They suggested several mitigation strategies, such as prompt registration of potentially abused domains and implementing stricter certificate pinning practices. This highlights how minor variations in domain names can yield significant security risks if not adequately monitored.

Intro

2min

Navigating Information Security Vulnerabilities

25min

Advancements in Authentication Manipulation and Security Vulnerabilities

4min

Email Registration Vulnerabilities and IPv6 Scanning Challenges

2min

Navigating New Frontiers: IPv6 and Internet Side Channels

3min

Themes covered in this episode

Edge cases at scale still matter

Works from this theme exploit rarely-occurring issues, but with an internet-wide aperture to end up with impressive results. Look for: mechanising bit-squatting; static code analysis for vulnerabilities across all browser extensions, or across web ecosystems; and how Let’s Encrypt worries about revoking and reissuing 400M certificates in a week.

Going above and beyond

Talks and papers often use state-of-the-art tooling to measure/detect an interesting phenomenon. This theme highlights four works that could have followed that path, but also built robust tooling/research data to help others push the state-of-the-art forward. Look for: large scale collection and remediation of dangling domains and static secret leaks, preventing memory-corruption vulnerabilities across the Android ecosystem, remote timing attack frameworks, and SSH testing at scale.

What goes on behind the curtain can be dangerous

Modern IT systems are composed of many layers. Usually the details at lower levels can be abstracted and safely put out of mind. This theme highlights work that shows that what happens in these oft-ignored places can have significant impacts. See: AWS-internal resources built on your behalf, BGP security weaknesses, stealthy hardware backdoors in access control systems spanning over 15 years, Wi-Fi management plane vulnerabilities, VPN-OS interactions, and a legacy file-system hack in Windows.

Nifty sundries

As always, we wanted to showcase work that didn’t fit into the major themes of this issue. We cover: bypassing voice authentication with only a picture of the victim’s face, racking up bills on locked credit cards, email parsing confusion, scanning IPv6, and a timing attack on remote web clients.

Edge cases at scale still matter

Flipping Bits: Your Credentials Are Certainly Mine

Joohoi and STÖK

[Code] [Video]

Universal Code Execution by Chaining Messages in Browser Extensions

Eugene Lim

[Blog] [Video]

CVE Hunting Made Easy

Eddie Zhang

[Blog] [Code]

How To Revoke And Replace 400 Million Certificates Without Breaking The Internet

Aaron Gable

[Slides] [Video]

Going above and beyond

Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale

Bill Demirkapi

[Blog]

Eliminating Memory Safety Vulnerabilities at the Source

Jeff Vander Stoep and Alex Rebert

[Blog]

Listen to the Whispers: Web Timing Attacks that Actually Work

James Kettle

[Slides] [Paper] [Code]

Secure Shells in Shambles

HD Moore and Rob King

[Slides] [Code] [Video]

What goes on behind the curtain can be dangerous

Breaching AWS Accounts Through Shadow Resources

Yakir Kadkoda, Michael Katchinskiy, and Ofek Itach

[Slides] [Code]

Crashing the Party: Vulnerabilities in RPKI Validation

Niklas Vogel, Donika Mirdita, Haya Schulmann, and Michael Waidner

[Slides] [Paper]

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

Philippe Teuwen

[Blog] [Paper] [Code]

Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control Protocols

Xin'an Zhou, Zhiyun Qian, Juefei Pu, Qing Deng, Srikanth Krishnamurthy, and Keyu Man

[Slides] [Paper] [Code]

Attacking Connection Tracking Frameworks as used by Virtual Private Networks

Benjamin Mixon-Baca, Jeffrey Knockel, Diwen Xue, Deepak Kapur, Roya Ensafi, and Jed Crandall

[Paper]

MagicDot: A Hacker's Magic Show of Disappearing Dots and Spaces

Or Yair

[Slides] [Blog] [Video] [Code]

Nifty sundries

Can I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face Image

Nan Jiang, Bangjie Sun, Terence Sim, and Jun Han

[Paper] [Code]

In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping

Raja Hasnain Anwar, Syed Rafiul Hussain, and Muhammad Taqi Raza

[Slides] [Paper]

Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls

Gareth Heyes

[Slides] [Paper] [Code]

6Sense: Internet-Wide IPv6 Scanning and its Security Applications

Grant Williams, Mert Erdemir, Amanda Hsu, Shraddha Bhat, Abhishek Bhaskar, Frank Li, and Paul Pearce

[Slides] [Paper] [Code]

SnailLoad: Anyone on the Internet Can Learn What You're Doing

Daniel Gruss and Stefan Gast

[Slides] [Paper]

Conclusions

While we started off 2024 with a modest amount of high-quality works, this has scaled up significantly. As conference publications increase, we do see a slight decline in the number of blogs; there does appear to be some inverse correlation between the two tallies.

We highlighted three themes for this quarter:

Rare events that happen at internet-scale have big impacts.
Going above and beyond in tooling development.
Cross-layer gotchas.

We’re looking forward to seeing how the year closes out with our year in review and the final quarter of 2024.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

ThinkstScapes

ThinkstScapes Research Roundup - Q3 - 2024

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Edge Cases at Scale: The Impact of Bit Squatting

Automation in Vulnerability Discovery

The Hidden Dangers of Modern IT Infrastructure

Innovative Attacks and Current Vulnerabilities

Themes covered in this episode

Edge cases at scale still matter

Flipping Bits: Your Credentials Are Certainly Mine

Universal Code Execution by Chaining Messages in Browser Extensions

CVE Hunting Made Easy

How To Revoke And Replace 400 Million Certificates Without Breaking The Internet

Going above and beyond

Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale

Eliminating Memory Safety Vulnerabilities at the Source

Listen to the Whispers: Web Timing Attacks that Actually Work

Secure Shells in Shambles

What goes on behind the curtain can be dangerous

Breaching AWS Accounts Through Shadow Resources

Crashing the Party: Vulnerabilities in RPKI Validation

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control Protocols

Attacking Connection Tracking Frameworks as used by Virtual Private Networks

MagicDot: A Hacker's Magic Show of Disappearing Dots and Spaces

Nifty sundries

Can I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face Image

In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping

Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls

6Sense: Internet-Wide IPv6 Scanning and its Security Applications

SnailLoad: Anyone on the Internet Can Learn What You're Doing

Conclusions

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights