Sign up to save your podcasts
Or
Share ThinkstScapes Research Roundup - Q3 - 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ThinkstScapes Research Roundup - Q3 - 2025
Q3’25 ThinkstScapesMicrosoft-induced security woesOne Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
Dirk-jan Mollema
[Blog post]
Turning Microsoft's Login Page into our Phishing InfrastructureKeanu Nys
[Slides] [Video]
You snooze you lose: RPC-Racer winning RPC endpoints against servicesRon Ben Yizhak
[Slides] [Code] [Video]
Internal Domain Name Collision 2.0Philippe Caturegli
[Slides] [Video]
Logs are not always as they appearSource IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCPEliav Livneh
[Video]
I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDROlaf Hartong
[Slides] [Code]
From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and EvasionShu-Hao Tung
[Slides] [Paper] [Video]
Autobots roll out!Automating software security with LLMsTyler Nighswander
[Site] [Code] [Video]
Agents Built From AlloysAlbert Ziegler
[Blog post] [Dataset]
AI Agents for Offsec with Zero False PositivesBrendan Dolan-Gavitt
[Slides]
Are CAPTCHAs Still Bot-hard? Generalized Visual CAPTCHA Solving with Agentic Vision Language ModelXiwen Teoh, Yun Lin, Siqi Li, Ruofan Liu, Avi Sollomoni, Yaniv Harel, and Jin Song Dong
[Site] [Paper] [Code]
Good vibrationsInvisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse SensorsMohamad Habib Fakih, Rahul Dharmaji, Youssef Mahmoud, Halima Bouzidi, and Mohammad Abdullah Al Faruque
[Site] [Paper]
TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic WavesJianshuo Liu, Hong Li, Haining Wang, Mengjie Sun, Hui Wen, Jinfa Wang, and Limin Sun
[Paper]
Nifty sundriesCrescent library brings privacy to digital identity systemsChristian Paquin, Guru-Vamsi Policharla, and Greg Zaverucha
[Blog post] [Paper] [Code]
Journey to the center of the PSTN: How I became a phone company, and how you can tooEnzo Damato
[Slides] [Video]
Safe Harbor or Hostile Waters: Unveiling the Hidden Perils of the TorchScript Engine in PyTorchJi'an Zhou and Lishuo Song
[Slides]
Ghosts in the Machine Check – Conjuring Hardware Failures for Cross-ring Privilege EscalationChristopher Domas
[Slides] [Code] [Video]
Machine Against the RAG: Jamming Retrieval-Augmented Generation with Blocker DocumentsAvital Shafran, Roei Schuster, and Vitaly Shmatikov
[Paper] [Code]
Inverting the Xorshift128+ random number generatorScott Contini
[Blog post] [Code]
View all episodes
By Jacob Torrey, [email protected], haroon meer, marco slaviero
5
11 ratings
Q3’25 ThinkstScapesMicrosoft-induced security woesOne Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
Dirk-jan Mollema
[Blog post]
Turning Microsoft's Login Page into our Phishing InfrastructureKeanu Nys
[Slides] [Video]
You snooze you lose: RPC-Racer winning RPC endpoints against servicesRon Ben Yizhak
[Slides] [Code] [Video]
Internal Domain Name Collision 2.0Philippe Caturegli
[Slides] [Video]
Logs are not always as they appearSource IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCPEliav Livneh
[Video]
I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDROlaf Hartong
[Slides] [Code]
From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and EvasionShu-Hao Tung
[Slides] [Paper] [Video]
Autobots roll out!Automating software security with LLMsTyler Nighswander
[Site] [Code] [Video]
Agents Built From AlloysAlbert Ziegler
[Blog post] [Dataset]
AI Agents for Offsec with Zero False PositivesBrendan Dolan-Gavitt
[Slides]
Are CAPTCHAs Still Bot-hard? Generalized Visual CAPTCHA Solving with Agentic Vision Language ModelXiwen Teoh, Yun Lin, Siqi Li, Ruofan Liu, Avi Sollomoni, Yaniv Harel, and Jin Song Dong
[Site] [Paper] [Code]
Good vibrationsInvisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse SensorsMohamad Habib Fakih, Rahul Dharmaji, Youssef Mahmoud, Halima Bouzidi, and Mohammad Abdullah Al Faruque
[Site] [Paper]
TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic WavesJianshuo Liu, Hong Li, Haining Wang, Mengjie Sun, Hui Wen, Jinfa Wang, and Limin Sun
[Paper]
Nifty sundriesCrescent library brings privacy to digital identity systemsChristian Paquin, Guru-Vamsi Policharla, and Greg Zaverucha
[Blog post] [Paper] [Code]
Journey to the center of the PSTN: How I became a phone company, and how you can tooEnzo Damato
[Slides] [Video]
Safe Harbor or Hostile Waters: Unveiling the Hidden Perils of the TorchScript Engine in PyTorchJi'an Zhou and Lishuo Song
[Slides]
Ghosts in the Machine Check – Conjuring Hardware Failures for Cross-ring Privilege EscalationChristopher Domas
[Slides] [Code] [Video]
Machine Against the RAG: Jamming Retrieval-Augmented Generation with Blocker DocumentsAvital Shafran, Roei Schuster, and Vitaly Shmatikov
[Paper] [Code]
Inverting the Xorshift128+ random number generatorScott Contini
[Blog post] [Code]
More shows like ThinkstScapes
View all
Risky Business
376 Listeners
Click Here
416 Listeners
Risky Bulletin
46 Listeners