Jacob Torrey, research@thinkst.com, haroon meer, marco slaviero
ThinkstScapes
The ThinkstScapes podcast aims to distill and disseminate the cybersecurity research published worldwide. Our researchers track and review hundreds and thousands of talks (so you don't have to) and then bring this to you in small, digestible chunks.
Author
Jacob Torrey, research@thinkst.com, haroon meer, marco slaviero
Category
Podcast website
Latest episode
May 29, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
ThinkstScapes Research Roundup - Q1 - 2026 29.05.2026 27:52
Pushing browsers to the limit Abusing Modern Browser Features for Phishing Alexander Hurbean [ Blog post ] [ Video ] Committing CSS Crimes for fun and profit Lyra Rebane [ Slides ] [ Blog post ] [ Video ] Improving the Trustworthiness of Javascript on the Web Ezzudin Alkotob, Giulio Berra, Benjamin Beurdouche, Richard Hansen, Daniel Huigens, Dennis Jackson, Cory Francis Myers, and Michael Rosenb...
ThinkstScapes Research Roundup - Q4 - 2025 12.02.2026 33:24
Networking beyond plug-and-play GET /large file HTTP/1.1: Connection-Based TCP Amplification Attacks Yepeng Pan, Lars Richter, and Christian Rossow [ Paper ] [ Code ] WAFFLED: Exploiting Parsing Discrepancies to Bypass Web Application Firewalls Seyed Ali Akhavani, Bahruz Jabiyev, Ben Kallus, Cem Topcuoglu, Sergey Bratus, and Engin Kirda [ Paper ] [ Code ] Excuse me, what precise time is it? Oliver...
ThinkstScapes Research Roundup - Q3 - 2025 11.11.2025 38:15
Q3’25 ThinkstScapes Microsoft-induced security woes One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens Dirk-jan Mollema [ Blog post ] Turning Microsoft's Login Page into our Phishing Infrastructure Keanu Nys [ Slides ] [ Video ] You snooze you lose: RPC-Racer winning RPC endpoints against services Ron Ben Yizhak [ Slides ] [ Code ] [ Video ] Internal Doma...
ThinkstScapes Research Roundup - Q2 - 2025 04.08.2025 34:47
ThinkstScapes Q2’25 Networking is always tricky Beyond the Horizon: Uncovering Hosts and Services Behind Misconfigured Firewalls Qing Deng, Juefei Pu, Zhaowei Tan, Zhiyun Qian, and Srikanth V. Krishnamurthy [ Paper ] 0.0.0.0 Day: Exploiting Localhost APIs From The Browser Avi Lumelsky and Gal Elbaz [ Blog post ] [ Video ] Local Mess: Covert Web-to-App Tracking via Localhost on Android Aniketh Giri...
ThinkstScapes Research Roundup - Q1 - 2025 30.04.2025 29:56
ThinkstScapes Q1’25 Putting it into practice Homomorphic Encryption across Apple features Rehan Rishi, Haris Mughees, Fabian Boemer, Karl Tarbe, Nicholas Genise, Akshay Wadia, and Ruiyu Zhu [ Code ] [ Paper ] [ Video ] Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies Alexandre Nesic [ Blog ] How to Backdoor Large Language Models Shrivu Shankar [ Blog ] [ Code ] Buccaneer...
ThinkstScapes Research Roundup - Q4 - 2024 20.02.2025 37:58
ThinkstScapes Q4’24 Wins and losses in the Microsoft ecosystem Pointer Problems - Why We’re Refactoring the Windows Kernel Joe Bialek [ Video ] Defending off the land Casey Smith, Jacob Torrey, and Marco Slaviero [ Slides ] [ Code ] Unveiling the Power of Intune: Leveraging Intune for Breaking Into Your Cloud and On-Premise Yuya Chudo [ Slides ] [ Code ] From Simulation to Tenant Takeover Vaisha B...
ThinkstScapes Research Roundup - Q3 - 2024 11.11.2024 36:48
Themes covered in this episode Edge cases at scale still matter Works from this theme exploit rarely-occurring issues, but with an internet-wide aperture to end up with impressive results. Look for: mechanising bit-squatting; static code analysis for vulnerabilities across all browser extensions, or across web ecosystems; and how Let’s Encrypt worries about revoking and reissuing 400M certificates...
ThinkstScapes Research Roundup - Q2 - 2024 29.07.2024 31:36
AI/ML in security Injecting into LLM-adjacent components Johann Rehberger [ Blog 1 ] [ Blog 2 ] Teams of LLM Agents can Exploit Zero-Day Vulnerabilities Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang [ Paper ] Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models Sergei Glazunov and Mark Brand [ Blog ] LLMs Cannot Reliably Identify and Reason A...
ThinkstScapes Research Roundup - Q1 - 2024 14.06.2024 25:09
Revealing more than anticipated, and preventing prying eyes PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound Man Zhou, Shuao Su, Qian Wang, Qi Li, Yuting Zhou, Xiaojing Ma, and Zhengxiong Li [ Paper ] ModelGuard: Information-Theoretic Defense Against Model Extraction Attacks Minxue Tang, Anna Dai, Louis DiValentin, Aolin Ding, Amin Hass, Neil...
ThinkstScapes Research Roundup - Q4 - 2023 28.02.2024 29:58
LLMs ain't making life any easier Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs Tsung-Yin Hsieh, Ben Nassi, Vitaly Shmatikov, and Eugene Bagdasaryan [ Slides ] [ Paper ] [ Code ] Tree of Attacks: Jailbreaking Black-Box LLMs Automatically Anay Mehrotra, Manolis Zampetakis, Paul Kassianik, Blaine Nelson, Hyrum Anderson, Yaron Singer, and Amin Karbasi [ Paper ] [ Co...
ThinkstScapes Research Roundup - Q3 - 2023 14.11.2023 24:59
Cryptography still isn’t easy certmitm: automatic exploitation of TLS certificate validation vulnerabilities Aapo Oksman [ Slides ] [ Code ] [ Video ] Escaping Phishermen Nets: Cryptographic Methods Unveiled in the Fight Against Reverse Proxy Attacks Ksandros Apostoli [ Blog ] mTLS: When certificate authentication is done wrong Michael Stepankin [ Slides ] [ Blog ] Ultrablue: User-friendly Lightwe...
ThinkstScapes Research Roundup - Q2 - 2023 05.08.2023 31:06
Privacy in the modern era IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation Erik Rye and Robert Beverly [ Slides ] [ Paper ] [ Code ] Device Tracking via Linux’s New TCP Source Port Selection Algorithm Moshe Kol, Amit Klein, and Yossi Gilad [ Code ] [ Paper ] zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure Michael Rosenberg, J...
ThinkstScapes Research Roundup - Q1 - 2023 26.05.2023 22:05
Smashing Web3 transaction simulations for fun and profit Tal Be'ery and Roi Vazan [ Blog ] [ Video ] Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection Kai Greshake, Sahar Abdelnabi, Shailesh Mishra, Christoph Endres, Thorsten Holz, and Mario Fritz [ Paper ] [ Code ] [ Demo Website ] Using ZK Proofs to Fight Disinformation Trisha Datta...
ThinkstScapes Research Roundup - Q4 - 2022 17.02.2023 19:52
Hacking the Cloud with SAML Felix Wilhelm [ Slides ] [ Video ] Announcing GUAC, a great pairing with SLSA (and SBOM)! Brandon Lum, Mihai Maruseac, Isaac Hepworth, Google Open Source Security Team [ Blog ] [ Code ] [ Presentation ] We sign code now William Woodruff [ Blog ] [ Code ] [ Video ] Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy Mechanisms Csaba Fitzl and Wojciech Re...
ThinkstScapes Research Roundup - Q3 - 2022 04.11.2022 31:51
Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices Dilawer Ahmed, Anupam Das, and Fareed Zaffar [ Code ] [ Paper ] Watching the Watchers: Practical Video Identification Attack in LTE Networks Sangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae Kim [ Website ] [ Paper ] [ Video ] Can one hear the shape of a neural networ...
ThinkstScapes Research Roundup - Q2 - 2022 29.07.2022 29:57
I am become loadbalancer, owner of your network Nate Warfield [ Slides ] Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones Jiska Classen, Alexander Heinrich, Robert Reith, and Matthias Hollick [ Slides ] [ Paper ] AirTag of the Clones: Shenanigans with Liberated Item Finders Thomas Roth, Fabian Freyer, Matthias Hollick, and Jiska Classen [ Paper ] [ Code ] Are Blockchains...
ThinkstScapes Research Roundup - Q1 - 2022 25.04.2022 34:35
Hyntrospect: a fuzzer for Hyper-V devices Diane Dubois [ Slides ] [ Paper ] [ Code ] [ Video ] Put an io_uring on it: Exploiting the Linux Kernel Valentina Palmiotti [ Blog ] The AMD Branch (Mis)predictor: Where No CPU has Gone Before Pawel Wieczorkiewicz [ Blog part 1 ] [ Blog part 2 ] Dynamic Process Isolation Martin Schwarzl, Pietro Borrello, Andreas Kogler, Kenton Varda, Thomas Schuster, Danie...
ThinkstScapes Research Roundup - Q4 - 2021 16.12.2021 25:28
Sponge Examples: Energy-Latency Attacks on Neural Networks Ilia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, and Ross Anderson [ Slides ] [ Paper ] [ Video ] How to Use Cheated Cryptography to Overload a Server Szilárd Pfeiffer [ Slides ] Bestie: Very Practical Searchable Encryption with Forward and Backward Security Tuanyang Chen, Peng Xu, Wei Wang, Yubo Zheng, Willy Sus...
ThinkstScapes Research Roundup - Q3 - 2021 30.08.2021 21:33
Introduction Episode 1 - 2021/Q3 Thinkst Trends and Takeaways is a show released in conjunction with ThinkstScapes , a written quarterly review of information security research published in both industry and academic venues. Thinkst Labs allocates time to tracking industry research so you don’t have to, specifically looking for novel and unusual work that is impactful--this is not simply a report...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.