ThinkstScapes Research Roundup - Q2 - 2022

I am become loadbalancer, owner of your network

Nate Warfield

[Slides]

Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones

Jiska Classen, Alexander Heinrich, Robert Reith, and Matthias Hollick

[Slides] [Paper]

AirTag of the Clones: Shenanigans with Liberated Item Finders

Thomas Roth, Fabian Freyer, Matthias Hollick, and Jiska Classen

[Paper] [Code]

Are Blockchains Decentralised?

Evan Sultanik, Alexander Remie, Felipe Manzano, Trent Brunson, Sam Moelius, Eric Kilmer, Mike Myers, Talley Amir, and Sonya Schriner

[Blog] [Paper] [Audio]

What Log4j teaches us about the Software Supply Chain

Stephen Magill

[Slides] [Video]

Kani Rust Verifier

Daniel Schwartz-Narbonne and Zyad Hassan

[Slides] [Video] [Code]

Cross-Language Attacks

Samuel Mergendahl, Nathan Burow, and Hamed Okhravi

[Paper]

Software Updates Strategies: A Quantitative Evaluation Against Advanced Persistent Threats

Giorgio Di Tizio, Michele Armellini, and Fabio Massacci

[Paper] [Data]

AMD Secure Processor for Confidential Computing Security Review

Cfir Cohen, James Forshaw, Jann Horn, and Mark Brand

[Blog] [Paper]

Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem

Matt Graebar

[Slides]

A Kernel Hacker Meets Fuchsia OS

Alexander Popov

[Blog] [Video]

Adaptive Multi-objective Optimization in Gray-box Fuzzing

Gen Zhang, Pengfei Wang, Tai Yue, Xiangdong Kong, Shan Huang, Xu Zhou, and Kai Lu

[Paper]

Cooper Knows the Shortest Stave: Finding 134 Bugs in the Binding Code of Scripting Languages with Cooperative Mutation

Xu Peng, Yanhao Wang, Hong Hu, and Purui Su

[Slides] [Paper] [Code]

Bypassing CSP with dangling iframes

Gareth Heyes

[Blog] 

Bypassing Dangling Markup Injection Mitigation Bypass in Chrome

SeungJu Oh

 [Bug report] [Blog]

Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web

Avinash Sudhodanan and Andrew Paverd

[Blog] [Paper]