Sign up to save your podcasts
Or
Share ThinkstScapes Research Roundup - Q2 - 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ThinkstScapes Research Roundup - Q2 - 2025
ThinkstScapes Q2’25
Networking is always trickyBeyond the Horizon: Uncovering Hosts and Services Behind Misconfigured FirewallsQing Deng, Juefei Pu, Zhaowei Tan, Zhiyun Qian, and Srikanth V. Krishnamurthy
[Paper]
0.0.0.0 Day: Exploiting Localhost APIs From The BrowserAvi Lumelsky and Gal Elbaz
[Blog post] [Video]
Local Mess: Covert Web-to-App Tracking via Localhost on AndroidAniketh Girish, Gunes Acar, Narseo Vallina-Rodriguez, Nipuna Weerasekara, and Tim Vlummens
[Website]
Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-LayerNiklas Niere, Felix Lange, Juraj Somorovsky, and Robert Merget
[Code] [Paper]
Language models large and smallThe road to Top 1: How XBOW did itNico Waisman
[Blog post]
AI and Secure Code GenerationDave Aitel and Dan Geer
[Blog post]
A look at CloudFlare’s AI-coded OAuth libraryNeil Madden
[Blog post]
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementationSean Heelan
[Blog post] [Code]
Enhancing Secret Detection in Cybersecurity with Small LMsDanny Lazarev and Erez Harush
[Blog post] [Video]
BAIT: Large Language Model Backdoor Scanning by Inverting Attack TargetGuangyu Shen, Siyuan Cheng, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, and Xiangyu Zhang
[Code] [Paper]
When parsing goes right, and when it goes wrong3DGen: AI-Assisted Generation of Provably Correct Binary Format ParsersSarah Fakhoury, Markus Kuppe, Shuvendu K. Lahiri, Tahina Ramananandro, and Nikhil Swamy
[Slides] [Paper]
GDBMiner: Mining Precise Input Grammars on (Almost) Any SystemMax Eisele, Johannes Hägele, Christopher Huth, and Andreas Zeller
[Paper] [Code]
Parser Differentials: When Interpretation Becomes a VulnerabilityJoernchen / Joern Schneeweisz
[Slides] [Video]
Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment DetectorsJiahe Zhang, Jianjun Chen, Qi Wang, Hangyu Zhang, Shengqiang Li, Chuhan Wang, Jianwei Zhuge, and Haixin Duan
[Slides] [Paper] [Code]
Nifty sundriesImpostor Syndrome: Hacking Apple MDMs Using Rogue Device EnrolmentsMarcell Molnár and Magdalena Oczadły
[Slides]
Your Cable, My Antenna: Eavesdropping Serial Communication via Backscatter SignalsLina Pu, Yu Luo, Song Han, and Junming Diao
[Paper]
GoSonar: Detecting Logical Vulnerabilities in Memory Safe Language Using Inductive Constraint ReasoningMd Sakib Anwar, Carter Yagemann, and Zhiqiang Lin
[Paper] [Code]
Show Me Your ID(E)!: How APTs Abuse IDEsTom Fakterman and Daniel Frank
[Slides] [Video]
Inviter Threat: Managing Security in a new Cloud Deployment ModelMeg Ashby
[Video]
Carrier Tokens—A Game-Changer Towards SMS OTP Free World!Kazi Wali Ullah
[Slides] [Code] [Video]
View all episodes
By Jacob Torrey, [email protected], haroon meer, marco slaviero
5
11 ratings
ThinkstScapes Q2’25
Networking is always trickyBeyond the Horizon: Uncovering Hosts and Services Behind Misconfigured FirewallsQing Deng, Juefei Pu, Zhaowei Tan, Zhiyun Qian, and Srikanth V. Krishnamurthy
[Paper]
0.0.0.0 Day: Exploiting Localhost APIs From The BrowserAvi Lumelsky and Gal Elbaz
[Blog post] [Video]
Local Mess: Covert Web-to-App Tracking via Localhost on AndroidAniketh Girish, Gunes Acar, Narseo Vallina-Rodriguez, Nipuna Weerasekara, and Tim Vlummens
[Website]
Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-LayerNiklas Niere, Felix Lange, Juraj Somorovsky, and Robert Merget
[Code] [Paper]
Language models large and smallThe road to Top 1: How XBOW did itNico Waisman
[Blog post]
AI and Secure Code GenerationDave Aitel and Dan Geer
[Blog post]
A look at CloudFlare’s AI-coded OAuth libraryNeil Madden
[Blog post]
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementationSean Heelan
[Blog post] [Code]
Enhancing Secret Detection in Cybersecurity with Small LMsDanny Lazarev and Erez Harush
[Blog post] [Video]
BAIT: Large Language Model Backdoor Scanning by Inverting Attack TargetGuangyu Shen, Siyuan Cheng, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, and Xiangyu Zhang
[Code] [Paper]
When parsing goes right, and when it goes wrong3DGen: AI-Assisted Generation of Provably Correct Binary Format ParsersSarah Fakhoury, Markus Kuppe, Shuvendu K. Lahiri, Tahina Ramananandro, and Nikhil Swamy
[Slides] [Paper]
GDBMiner: Mining Precise Input Grammars on (Almost) Any SystemMax Eisele, Johannes Hägele, Christopher Huth, and Andreas Zeller
[Paper] [Code]
Parser Differentials: When Interpretation Becomes a VulnerabilityJoernchen / Joern Schneeweisz
[Slides] [Video]
Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment DetectorsJiahe Zhang, Jianjun Chen, Qi Wang, Hangyu Zhang, Shengqiang Li, Chuhan Wang, Jianwei Zhuge, and Haixin Duan
[Slides] [Paper] [Code]
Nifty sundriesImpostor Syndrome: Hacking Apple MDMs Using Rogue Device EnrolmentsMarcell Molnár and Magdalena Oczadły
[Slides]
Your Cable, My Antenna: Eavesdropping Serial Communication via Backscatter SignalsLina Pu, Yu Luo, Song Han, and Junming Diao
[Paper]
GoSonar: Detecting Logical Vulnerabilities in Memory Safe Language Using Inductive Constraint ReasoningMd Sakib Anwar, Carter Yagemann, and Zhiqiang Lin
[Paper] [Code]
Show Me Your ID(E)!: How APTs Abuse IDEsTom Fakterman and Daniel Frank
[Slides] [Video]
Inviter Threat: Managing Security in a new Cloud Deployment ModelMeg Ashby
[Video]
Carrier Tokens—A Game-Changer Towards SMS OTP Free World!Kazi Wali Ullah
[Slides] [Code] [Video]
More shows like ThinkstScapes
View all
Risky Business
373 Listeners
Click Here
416 Listeners
Risky Bulletin
44 Listeners