Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
ThinkstScapes Research Roundup - Q2 - 2024
Manage episode 431282735 series 3290432
AI/ML in security
Injecting into LLM-adjacent components
Johann Rehberger
Teams of LLM Agents can Exploit Zero-Day Vulnerabilities
Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang
[Paper]
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Sergei Glazunov and Mark Brand
[Blog]
LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks
Saad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse Kivilcim Coskun, and Gianluca Stringhini
The Impact of Backdoor Poisoning Vulnerabilities on AI-Based Threat Detectors
Dmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli
Looking at the whole system
Systems Alchemy: The Transmutation of Hacking
Thaddeus grugq
[Video]
The Boom, the Bust, the Adjust and the Unknown
Maor Shwartz
[Slides]
Poisoning Web-Scale Training Datasets is Practical
Nicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum Anderson, Andreas Terzis, Kurt Thomas, and Florian Tramèr
[Paper]
Intercloud Identities: The Risks and Mitigations of Access Between Cloud Providers
Noam Dahan and Ari Eitan
[Video]
New modalities with which to inflict pain
GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression
Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy R. Vasquez, David Kohlbrenner, Hovav Shacham, and Christopher W. Fletcher
[Paper]
AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management
Jennifer Sheldon, Weidong Zhu, Adnan Abdullah, Sri Hrushikesh Varma Bhupathiraju, Takeshi Sugawara, Kevin Butler, Md Jahidul Islam, and Sara Rampazzi
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED Captured By Standard Video Cameras
Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, and Yuval Elovici
Old components showing the strain
Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks
Yuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu
Reliable Payload Transmission Past the Spoofed TCP Handshake
Yepeng Pan and Christian Rossow
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
David Klein and Martin Johns
Practical Exploitation of Registry Vulnerabilities in the Windows Kernel
Mateusz Jurczyk
Nifty sundries
An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape
Sifat Muhammad Abdullah, Aravind Cheruvu, Shravya Kanchi, Taejoong Chung, Peng Gao, Murtuza Jadliwala, and Bimal Viswanath
Tracking illicit phishermen in the deep blue Azure
Jacob Torrey
SEVeriFast: Minimizing the root of trust for fast startup of SEV microVMs
Benjamin Holmes, Jason Waterman, and Dan Williams
Certiception: The ADCS Honeypot We Always Wanted
Balthasar Martin and Niklas van Dornick
12 tập
Manage episode 431282735 series 3290432
AI/ML in security
Injecting into LLM-adjacent components
Johann Rehberger
Teams of LLM Agents can Exploit Zero-Day Vulnerabilities
Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang
[Paper]
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Sergei Glazunov and Mark Brand
[Blog]
LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks
Saad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse Kivilcim Coskun, and Gianluca Stringhini
The Impact of Backdoor Poisoning Vulnerabilities on AI-Based Threat Detectors
Dmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli
Looking at the whole system
Systems Alchemy: The Transmutation of Hacking
Thaddeus grugq
[Video]
The Boom, the Bust, the Adjust and the Unknown
Maor Shwartz
[Slides]
Poisoning Web-Scale Training Datasets is Practical
Nicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum Anderson, Andreas Terzis, Kurt Thomas, and Florian Tramèr
[Paper]
Intercloud Identities: The Risks and Mitigations of Access Between Cloud Providers
Noam Dahan and Ari Eitan
[Video]
New modalities with which to inflict pain
GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression
Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy R. Vasquez, David Kohlbrenner, Hovav Shacham, and Christopher W. Fletcher
[Paper]
AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource Management
Jennifer Sheldon, Weidong Zhu, Adnan Abdullah, Sri Hrushikesh Varma Bhupathiraju, Takeshi Sugawara, Kevin Butler, Md Jahidul Islam, and Sara Rampazzi
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED Captured By Standard Video Cameras
Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, and Yuval Elovici
Old components showing the strain
Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks
Yuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu
Reliable Payload Transmission Past the Spoofed TCP Handshake
Yepeng Pan and Christian Rossow
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
David Klein and Martin Johns
Practical Exploitation of Registry Vulnerabilities in the Windows Kernel
Mateusz Jurczyk
Nifty sundries
An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape
Sifat Muhammad Abdullah, Aravind Cheruvu, Shravya Kanchi, Taejoong Chung, Peng Gao, Murtuza Jadliwala, and Bimal Viswanath
Tracking illicit phishermen in the deep blue Azure
Jacob Torrey
SEVeriFast: Minimizing the root of trust for fast startup of SEV microVMs
Benjamin Holmes, Jason Waterman, and Dan Williams
Certiception: The ADCS Honeypot We Always Wanted
Balthasar Martin and Niklas van Dornick
12 tập
Tutti gli episodi
×Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.