Sign up to save your podcasts
Or
Share ThinkstScapes Research Roundup - Q3 - 2024
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ThinkstScapes Research Roundup - Q3 - 2024
Themes covered in this episode
Edge cases at scale still matter
Works from this theme exploit rarely-occurring issues, but with an internet-wide aperture to end up with impressive results. Look for: mechanising bit-squatting; static code analysis for vulnerabilities across all browser extensions, or across web ecosystems; and how Let’s Encrypt worries about revoking and reissuing 400M certificates in a week.
Going above and beyond
Talks and papers often use state-of-the-art tooling to measure/detect an interesting phenomenon. This theme highlights four works that could have followed that path, but also built robust tooling/research data to help others push the state-of-the-art forward. Look for: large scale collection and remediation of dangling domains and static secret leaks, preventing memory-corruption vulnerabilities across the Android ecosystem, remote timing attack frameworks, and SSH testing at scale.
What goes on behind the curtain can be dangerous
Modern IT systems are composed of many layers. Usually the details at lower levels can be abstracted and safely put out of mind. This theme highlights work that shows that what happens in these oft-ignored places can have significant impacts. See: AWS-internal resources built on your behalf, BGP security weaknesses, stealthy hardware backdoors in access control systems spanning over 15 years, Wi-Fi management plane vulnerabilities, VPN-OS interactions, and a legacy file-system hack in Windows.
Nifty sundries
As always, we wanted to showcase work that didn’t fit into the major themes of this issue. We cover: bypassing voice authentication with only a picture of the victim’s face, racking up bills on locked credit cards, email parsing confusion, scanning IPv6, and a timing attack on remote web clients.
Edge cases at scale still matterFlipping Bits: Your Credentials Are Certainly MineJoohoi and STÖK
[Code] [Video]
Universal Code Execution by Chaining Messages in Browser ExtensionsEugene Lim
[Blog] [Video]
CVE Hunting Made EasyEddie Zhang
[Blog] [Code]
How To Revoke And Replace 400 Million Certificates Without Breaking The InternetAaron Gable
[Slides] [Video]
Going above and beyondSecrets and Shadows: Leveraging Big Data for Vulnerability Discovery at ScaleBill Demirkapi
[Blog]
Eliminating Memory Safety Vulnerabilities at the SourceJeff Vander Stoep and Alex Rebert
[Blog]
Listen to the Whispers: Web Timing Attacks that Actually WorkJames Kettle
[Slides] [Paper] [Code]
Secure Shells in ShamblesHD Moore and Rob King
[Slides] [Code] [Video]
What goes on behind the curtain can be dangerousBreaching AWS Accounts Through Shadow ResourcesYakir Kadkoda, Michael Katchinskiy, and Ofek Itach
[Slides] [Code]
Crashing the Party: Vulnerabilities in RPKI ValidationNiklas Vogel, Donika Mirdita, Haya Schulmann, and Michael Waidner
[Slides] [Paper]
MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoorsPhilippe Teuwen
[Blog] [Paper] [Code]
Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control ProtocolsXin'an Zhou, Zhiyun Qian, Juefei Pu, Qing Deng, Srikanth Krishnamurthy, and Keyu Man
[Slides] [Paper] [Code]
Attacking Connection Tracking Frameworks as used by Virtual Private NetworksBenjamin Mixon-Baca, Jeffrey Knockel, Diwen Xue, Deepak Kapur, Roya Ensafi, and Jed Crandall
[Paper]
MagicDot: A Hacker's Magic Show of Disappearing Dots and SpacesOr Yair
[Slides] [Blog] [Video] [Code]
Nifty sundriesCan I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face ImageNan Jiang, Bangjie Sun, Terence Sim, and Jun Han
[Paper] [Code]
In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free ShoppingRaja Hasnain Anwar, Syed Rafiul Hussain, and Muhammad Taqi Raza
[Slides] [Paper]
Splitting the Email Atom: Exploiting Parsers to Bypass Access ControlsGareth Heyes
[Slides] [Paper] [Code]
6Sense: Internet-Wide IPv6 Scanning and its Security ApplicationsGrant Williams, Mert Erdemir, Amanda Hsu, Shraddha Bhat, Abhishek Bhaskar, Frank Li, and Paul Pearce
[Slides] [Paper] [Code]
SnailLoad: Anyone on the Internet Can Learn What You're DoingDaniel Gruss and Stefan Gast
[Slides] [Paper]
ConclusionsWhile we started off 2024 with a modest amount of high-quality works, this has scaled up significantly. As conference publications increase, we do see a slight decline in the number of blogs; there does appear to be some inverse correlation between the two tallies.
We highlighted three themes for this quarter:
- Rare events that happen at internet-scale have big impacts.
- Going above and beyond in tooling development.
- Cross-layer gotchas.
We’re looking forward to seeing how the year closes out with our year in review and the final quarter of 2024.
View all episodes
By Jacob Torrey, [email protected], haroon meer, marco slaviero
5
11 ratings
Themes covered in this episode
Edge cases at scale still matter
Works from this theme exploit rarely-occurring issues, but with an internet-wide aperture to end up with impressive results. Look for: mechanising bit-squatting; static code analysis for vulnerabilities across all browser extensions, or across web ecosystems; and how Let’s Encrypt worries about revoking and reissuing 400M certificates in a week.
Going above and beyond
Talks and papers often use state-of-the-art tooling to measure/detect an interesting phenomenon. This theme highlights four works that could have followed that path, but also built robust tooling/research data to help others push the state-of-the-art forward. Look for: large scale collection and remediation of dangling domains and static secret leaks, preventing memory-corruption vulnerabilities across the Android ecosystem, remote timing attack frameworks, and SSH testing at scale.
What goes on behind the curtain can be dangerous
Modern IT systems are composed of many layers. Usually the details at lower levels can be abstracted and safely put out of mind. This theme highlights work that shows that what happens in these oft-ignored places can have significant impacts. See: AWS-internal resources built on your behalf, BGP security weaknesses, stealthy hardware backdoors in access control systems spanning over 15 years, Wi-Fi management plane vulnerabilities, VPN-OS interactions, and a legacy file-system hack in Windows.
Nifty sundries
As always, we wanted to showcase work that didn’t fit into the major themes of this issue. We cover: bypassing voice authentication with only a picture of the victim’s face, racking up bills on locked credit cards, email parsing confusion, scanning IPv6, and a timing attack on remote web clients.
Edge cases at scale still matterFlipping Bits: Your Credentials Are Certainly MineJoohoi and STÖK
[Code] [Video]
Universal Code Execution by Chaining Messages in Browser ExtensionsEugene Lim
[Blog] [Video]
CVE Hunting Made EasyEddie Zhang
[Blog] [Code]
How To Revoke And Replace 400 Million Certificates Without Breaking The InternetAaron Gable
[Slides] [Video]
Going above and beyondSecrets and Shadows: Leveraging Big Data for Vulnerability Discovery at ScaleBill Demirkapi
[Blog]
Eliminating Memory Safety Vulnerabilities at the SourceJeff Vander Stoep and Alex Rebert
[Blog]
Listen to the Whispers: Web Timing Attacks that Actually WorkJames Kettle
[Slides] [Paper] [Code]
Secure Shells in ShamblesHD Moore and Rob King
[Slides] [Code] [Video]
What goes on behind the curtain can be dangerousBreaching AWS Accounts Through Shadow ResourcesYakir Kadkoda, Michael Katchinskiy, and Ofek Itach
[Slides] [Code]
Crashing the Party: Vulnerabilities in RPKI ValidationNiklas Vogel, Donika Mirdita, Haya Schulmann, and Michael Waidner
[Slides] [Paper]
MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoorsPhilippe Teuwen
[Blog] [Paper] [Code]
Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control ProtocolsXin'an Zhou, Zhiyun Qian, Juefei Pu, Qing Deng, Srikanth Krishnamurthy, and Keyu Man
[Slides] [Paper] [Code]
Attacking Connection Tracking Frameworks as used by Virtual Private NetworksBenjamin Mixon-Baca, Jeffrey Knockel, Diwen Xue, Deepak Kapur, Roya Ensafi, and Jed Crandall
[Paper]
MagicDot: A Hacker's Magic Show of Disappearing Dots and SpacesOr Yair
[Slides] [Blog] [Video] [Code]
Nifty sundriesCan I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face ImageNan Jiang, Bangjie Sun, Terence Sim, and Jun Han
[Paper] [Code]
In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free ShoppingRaja Hasnain Anwar, Syed Rafiul Hussain, and Muhammad Taqi Raza
[Slides] [Paper]
Splitting the Email Atom: Exploiting Parsers to Bypass Access ControlsGareth Heyes
[Slides] [Paper] [Code]
6Sense: Internet-Wide IPv6 Scanning and its Security ApplicationsGrant Williams, Mert Erdemir, Amanda Hsu, Shraddha Bhat, Abhishek Bhaskar, Frank Li, and Paul Pearce
[Slides] [Paper] [Code]
SnailLoad: Anyone on the Internet Can Learn What You're DoingDaniel Gruss and Stefan Gast
[Slides] [Paper]
ConclusionsWhile we started off 2024 with a modest amount of high-quality works, this has scaled up significantly. As conference publications increase, we do see a slight decline in the number of blogs; there does appear to be some inverse correlation between the two tallies.
We highlighted three themes for this quarter:
- Rare events that happen at internet-scale have big impacts.
- Going above and beyond in tooling development.
- Cross-layer gotchas.
We’re looking forward to seeing how the year closes out with our year in review and the final quarter of 2024.
More shows like ThinkstScapes
View all
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Talk Python To Me
590 Listeners
ChinaTalk
269 Listeners
Darknet Diaries
7,879 Listeners
Behind the Bastards
15,277 Listeners
Risky Bulletin
43 Listeners