ThinkstScapes Research Roundup - Q1 - 2023

Smashing Web3 transaction simulations for fun and profit

Tal Be'ery and Roi Vazan

[Blog] [Video]

Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection

Kai Greshake, Sahar Abdelnabi, Shailesh Mishra, Christoph Endres, Thorsten Holz, and Mario Fritz

[Paper] [Code] [Demo Website]

Using ZK Proofs to Fight Disinformation

Trisha Datta and Dan Boneh

[Slides] [Video] [Code] [Blog]

Crypto Agility and Post-Quantum Cryptography @ Google

Stefan Kölbl, Anvita Pandit, Rafael Misoczki, and Sophie Schmieg

[Code] [Video]

Server-side prototype pollution: Black-box detection without the DoS

Gareth Heyes

[Blog] [Slides] [Video]

Phantom of the Pipeline – Abusing Self-Hosted CI/CD Runners

Adnan Khan, Mason Davis, and Matt Jackoski

[Slides] [Code] [Blog]

Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues

Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef

[Slides] [Paper] [Video]

Let Me Unwind That For You: Exceptions to Backward-Edge Protection

Victor Duta, Fabian Freyer, Fabio Pagani, Marius Muench, and Cristiano Giuffrida

[Slides] [Paper] [Code]

Protect the System Call, Protect (Most of) the World with BASTION

Christopher Jelesnianski, Mohannad Ismail, Yeongjin Jang, Dan Williams, and Changwoo Min

[Paper]

Interoperability in End-to-End Encrypted Messaging

Esha Ghosh, Paul Grubbs, Julia Len, and Paul Rösler

[Slides] [Paper] [Video]

High Risk Users and Where to Find Them

Masha Sedova

[Paper] [Video]

Why I write my own security tooling

James Forshaw

[Code] [Video]

Polynonce: A tale of a novel ECDSA attack and Bitcoin tears

Marco Macchetti and Nils Amiet

[Blog] [Paper] [Code]

Finding 10x+ Performance Improvements in C++ with CodeQL

Sean Heelan

[Blog] [Code]

Bridging the gap in the static and dynamic analysis of binaries through decompiler tomfoolery!

Zion Basque

[Code] [Video]