IntroductionEpisode 1 - 2021/Q3

Thinkst Trends and Takeaways is a show released in conjunction with ThinkstScapes, a written quarterly review of information security research published in both industry and academic venues. Thinkst Labs allocates time to tracking industry research so you don’t have to, specifically looking for novel and unusual work that is impactful--this is not simply a report on bugs or vulnerabilities. Work covered here will include both offensive and defensive topics, and we explore academic publications with the same gusto as industry work. Our target listeners are primarily security practitioners in organizations who are tasked with defending their turf, but offensive-minded folks will also be exposed to new ideas and research we’ve come across.

Full bibliography of referenced works:

Embedded security research

• Precursor: Towards Evidence-Based Trust in Hardware
  • Andrew ‘bunnie’ Huang
  • [Video]
• Kernel Pwning with eBPF: a Love Story
  • Valentina Palmiotti (@chompie1337)
  • [Paper]
• InternalBlue / Frankenstein / Spectra
  • Jan Ruge, Jiska Classen, Francesco Gringoli, and Matthias Hollick
  • [Slides] [Slides] [Video]
• HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
  • Abraham Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer
  • [Slides] [Paper] [Video]
• Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
  • Chen Cao, Le Guan, Jiang Ming, and Peng Liu
  • [Paper]
• Remote Timing Attacks on TPMs, AKA TPM-Fail
  • Daniel Moghimi
  • [Slides]
• Breaking VSM by Attacking SecureKernel
  • Saar Amar and Daniel King
  • [Slides]
• Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks
  • James Pavur
  • [Slides] [Video]

Exploiting 'Differences of opinion'

• HTTP/2: The Sequel is Always Worse
  • James Kettle
  • [Paper]
• Differential Fuzzing of x86-64 Instruction Decoders
  • William Woodruff, Niki Carroll, and Sebastiaan Peters
  • [Paper] [Video]
• EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
  • Ben Seri, Gregory Vichnepolsky, and Yevgeny Yusepovsky
  • [Slides] [Paper]
• Light Commands: Laser-Based Audio Injection on Voice-Controllable Systems
  • Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu
  • [Slides]
• Interpretable Deep Learning Under Fire
  • Xinyang Zhang, Ningfei Wang, Hua Shen, Shouling Ji, Xiapu Luo, and Ting Wang
  • [Slides] [Paper] [Video]
• Hiding Objects from Computer Vision by Exploiting Correlation Biases
  • Yin Minn Pa Pa, Paul Ziegler, and Masaki Kamizono
  • [Slides]
• Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL and Wi-Fi
  • Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick
  • [Paper]

Defence

• Entangled Watermarks as a Defense Against Model Extraction
  • Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
  • [Paper]
• Hopper: Modeling and Detecting Lateral Movement
  • Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey Voelker, and David Wagner
  • [Paper]
• Faking a Factory: Creating and Operating a Realistic Honeypot
  • Charles Perine
  • [Slides] [Paper] [Video]
• Do You Speak My Language? Making Static Analysis Engines Understand Each Other
  • Ibrahim Mohamed and Manuel Fahndrich
  • [Slides]
• Practical Defenses Against Adversarial Machine Learning
  • Ariel Herbert-Voss
  • [Video]

Nifty sundries

• Remote Side-Channel Attacks on Anonymous Transactions
  • Florian Tramer, Dan Boneh, and Kenneth G. Paterson
  • [Paper]
• An Observational Investigation of Reverse Engineers’ Processes
  • Daniel Votipka, Seth Rabin, Kristopher Micinski, Jeffrey Foster, and Michelle Mazurek
  • [Paper] [Video]
• On the Feasibility of Automating Stock Market Manipulation
  • Carter Yagemann, Simon Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee
  • [Paper]
• IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets
  • Tohid Shekari and Raheem Beyah
  • [Slides]
• The Dark Age of Memory Corruption Mitigations in the Spectre Era
  • Andrea Mambretti and Alexandra Sandulescu
  • [Slides]
• Everything Old is New Again: Binary Security of WebAssembly
  • Daniel Mehmann, Johannes Kinder, and Michael Pradel
  • [Slides] [Paper] [Video]
• ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!
  • Orange Tsai
  • [Slides]

brought to you by 

Most companies find out way too late that they've been breached. Thinkst Canary changes this. Canaries deploy in under 4 minutes and require 0 ongoing admin overhead. They remain silent till they need to chirp, and then, you receive that single alert.

When.it.matters.

Find out why some of the smartest security teams in the world swear by Thinkst Canary https://canary.love