ThinkstScapes ThinkstScapes Research Roundup - Q4 - 2023
Feb 28, 2024
29:58
LLMs ain't making life any easier
Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs
Tsung-Yin Hsieh, Ben Nassi, Vitaly Shmatikov, and Eugene Bagdasaryan
Tree of Attacks: Jailbreaking Black-Box LLMs Automatically
Anay Mehrotra, Manolis Zampetakis, Paul Kassianik, Blaine Nelson, Hyrum Anderson, Yaron Singer, and Amin Karbasi
Avoiding the basilisk's fangs: State-of-the-art in AI LLM detection
Jacob Torrey
Dystopian much: The Rise of the Influence Machines
Nea Paw
Problems in well-trodden areas
SMTP Smuggling – Spoofing E-mails Worldwide
Timo Longin
Blind CSS Exfiltration: Exfiltrate unknown web pages
Gareth Heyes
OLE object are still dangerous today – Exploiting Microsoft Office
wh1tc and Zhiniang Peng
[Slides] [Demo Videos]
The Nightmare of Apple’s OTA Update
Mickey Jin
Reflecting on our efforts
Evaluating the Security Posture of Real-World FIDO2 Deployments
Dhruv Kuchhal, Muhammad Saad, Adam Oest, and Frank Li
[Paper]
Talking about Pros and Cons
Jacob Torrey
NCC Group’s 2022 & 2023 Research Report
NCC Group
A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lessons Learned
Orange Tsai
Nifty sundries
Breaking "DRM" in Polish trains
MrTick, Redford, and q3k
[Video]
Detection and Blocking with BPF via YAML
Kevin Sheldrake
AntiFake: Using Adversarial Audio to Prevent Unauthorized Speech Synthesis
Zhiyuan Yu, Shixuan Zhai, and Ning Zhang
A Good Fishman Knows All the Angles: A Critical Evaluation of Google's Phishing Page Classifier
Changqing Miao, Jianan Feng, Wei You, Wenchang Shi, Jianjun Huang, and Bin Liang
Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates
Ori David
Operation Triangulation: What You Get When Attack iPhones of Researchers
Boris Larin, Leonid Bezvershenko, and Georgy Kucherin
Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping
Jingyang Hu, Hongbo Wang, Tianyue Zheng, Jingzhi Hu, Zhe Chen, Hongbo Jiang, and Jun Luo