ThinkstScapes ThinkstScapes Research Roundup - Q3 - 2023
Nov 14, 2023
24:59
Cryptography still isn’t easy
certmitm: automatic exploitation of TLS certificate validation vulnerabilities
Aapo Oksman
Escaping Phishermen Nets: Cryptographic Methods Unveiled in the Fight Against Reverse Proxy Attacks
Ksandros Apostoli
[Blog]
mTLS: When certificate authentication is done wrong
Michael Stepankin
Ultrablue: User-friendly Lightweight TPM Remote Attestation over Bluetooth
Nicolas Bouchinet, Loïc Buckwell, and Gabriel Kerneis
HECO: Fully Homomorphic Encryption Compiler
Alexander Viand, Patrick Jattke, Miro Haller, and Anwar Hithnawi
[Continued] attack of the side-channels
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings
Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper, and Aanjhan Ranganathan
Downfall: Exploiting Speculative Data Gathering
Daniel Moghimi
Your Clocks Have Ears – Timing-Based Browser-Based Local Network Port Scanner
Dongsung Kim
Composition is hard in the cloud
Using Cloudflare to bypass Cloudflare
Florian Schweitzer and Stefan Proksch
[Blog]
The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree
Asaf Greenholts
All You Need is Guest
Michael Bargury
Nifty sundries
Contactless Overflow: Critical contactless vulnerabilities in NFC readers used in point of sales and ATMs
Josep Pi Rodriguez
Defender-Pretender: When Windows Defender Updates Become a Security Risk
Omer Attias and Tomer Bar
Fuzz target generation using LLMs
Dongge Liu, Jonathan Metzman, and Oliver Chang
Route to Bugs: Analyzing the Security of BGP Message Parsing
Daniel dos Santos, Simon Guiot, Stanislav Dashevskyi, Amine Amri, and Oussama Kerro
It was harder to sniff Bluetooth through my mask during the pandemic…
Xeno Kovah