ThinkstScapes Research Roundup - Q4 - 2025

Networking beyond plug-and-play

GET /large file HTTP/1.1: Connection-Based TCP Amplification Attacks

Yepeng Pan, Lars Richter, and Christian Rossow

[Paper] [Code]

WAFFLED: Exploiting Parsing Discrepancies to Bypass Web Application Firewalls

Seyed Ali Akhavani, Bahruz Jabiyev, Ben Kallus, Cem Topcuoglu, Sergey Bratus, and Engin Kirda

[Paper] [Code]

Excuse me, what precise time is it?

Oliver Ettlin

[Video]

Cut To The QUIC: Slashing QUIC's Performance With A Hash DoS

Paul Bottinelli

[Slides] [Code]

High-impact security at the foundations

Understanding the Security Impact of CHERI on the Operating System Kernel

Zhaofeng Li, Jerry Zhang, Joshua Tlatelpa-Agustin, Xiangdong Chen, and Anton Burtsev

[Code] [Paper]

CUDA de Grâce: Owning AI Cloud Infrastructure with GPU Exploits

Valentina Palmiotti and Samuel Lovejoy

[Video]

Defeating KASLR by Doing Nothing at All

Seth Jenkins

[Blog post] [Code]

Build a Fake Phone, Find Real Bugs: Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU

Romain Malmain and Scott Bauer

[Code] [Video]

Rust in Android: move fast and fix things 

Jeff Vander Stoep

[Blog post] [Rust course]

Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots

Shipei Qu, Zikai Xu, and Xuangan Xiao

[Video]

Wins and losses with LLMs and security

Scaling agentic architectures for autonomous security testing and offensive operations

Jason Garman, Jake Coyne, and Aaron Brown

[Slides] [Code]

Forced Descent: Google Antigravity Persistent Code Execution Vulnerability

Aaron Portnoy

[Blog post]

Flaw And Order: Finding The Needle In The Haystack Of CodeQL Using LLMs

Simcha Kosman

[Slides] [Blog post] [Code]

Rescuing the Unpoisoned: Efficient Defense against Knowledge Corruption Attacks on RAG Systems

Kim Minseok, Lee Hankook, and Koo Hyungjoon

[Code] [Paper]

Whisper Leak: A novel side-channel attack on remote language models 

Jonathan Bar Or and Geoff McDonald

[Blog post] [Paper] [Code]

Nifty sundries

Format-Preserving Compression-Tolerating Authenticated Encryption for Images

Alexandra Boldyreva, Kaishuo Cheng, and Jehad Hussein

[Slides] [Paper]

Why Quantum Cryptanalysis is Bollocks

Peter Gutmann

[Video] [Slides]

Unmasking Organizations' Security Postures: Insights From Phishing-Resistant Authentication

Fei Liu

[Slides]

Those Who Do Not Learn from Advisories Are Doomed to Repeat Them

Louis Nyffenegger

[Video]