ThinkstScapes Q1’25

Putting it into practice

Homomorphic Encryption across Apple features

Rehan Rishi, Haris Mughees, Fabian Boemer, Karl Tarbe, Nicholas Genise, Akshay Wadia, and Ruiyu Zhu

[Code] [Paper] [Video]

Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies

Alexandre Nesic

[Blog] 

How to Backdoor Large Language Models

Shrivu Shankar

[Blog] [Code] 

Buccaneers of the Binary: Plundering Compiler Optimizations for Decompilation Treasure

Zion Leonahenahe Basque

[Code] [Video]

Software Screws Around, Reverse Engineering Finds Out: How Independent, Adversarial Research Informs Government Regulation

Andy Sellars and Michael A. Specter

[Video] [Website]

Understanding things all the way down

PhantomLiDAR: Cross-modality Signal Injection Attacks against LiDAR

Zizhi Jin, Qinhong Jiang, Xuancun Lu, Chen Yan, Xiaoyu Ji, and Wenyuan Xu

[Paper] [Demo Videos]

Full-stack Reverse Engineering of the Original Microsoft Xbox

Markus Gaasedelen

[Video]

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China

Shencha Fan, Jackson Sippe, Sakamoto San, Jade Sheffey, David Fifield, Amir Houmansadr, Elson Wedwards, and Eric Wustrow

[Paper]

Scaling software (in)security

Low-Effort Denial of Service with Recursion

Alexis Challande and Brad Swain

[Paper] [Video]

Is this memory safety here in the room with us?

Thomas Dullien (Halvar Flake)

[Slides] [Video]

How to gain code execution on millions of people and hundreds of popular apps

Eva

[Blog]

Node is a loader

Tom Steele

[Blog]

Mixing up Public and Private Keys in OpenID Connect deployments

Hanno Böck

[Blog] [Code]

Nifty sundries

Will It Run? Fooling EDRs With Command Lines Using Empirical Data

Wietze Beukema

[Tool site] [Code] [Video]

Homoglyph-Based Attacks: Circumventing LLM Detectors

Aldan Creo

[Paper] [Code] [Video]

28 Months Later - The Ongoing Evolution of Russia's Cyber Operations

The Grugq

[Slides] [Podcast interview]

‘It's Not Paranoia If They're Really After You’: When Announcing Deception Technology Can Change Attacker Decisions

Andrew Reeves and Debi Ashenden

[Paper]

Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack

Ziqiang Wang, Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, Mengyuan Li, Ganqiu Du, Ke Xu, and Jianping Wu

[Paper] [Code]