Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
reading:by-topic [2024/01/21 06:14] romangolreading:by-topic [2024/03/03 10:49] (current) romangol
Line 1: Line 1:
 === 二进制代码分析 === === 二进制代码分析 ===
 +
 +=== 安全防护 ===
 +  * [G.O.S.S.I.P 阅读推荐 2024-01-29 TEESLICE](https://mp.weixin.qq.com/s/tfIkQSD075W5a0KXnhjlAw)
 +    * No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML @ IEEE S&P 2024
 +  * [G.O.S.S.I.P 阅读推荐 2024-01-26](https://mp.weixin.qq.com/s/-2WrQ8waFDY1diwN-9LU7w)
 +    * DOPE: DOmain Protection Enforcement with PKS @ ACSAC 2023
 +
  
 === Network Security === === Network Security ===
 +  * [G.O.S.S.I.P 阅读推荐 2024-02-23 5G-Spector](https://mp.weixin.qq.com/s/aw816mj1L9YwBPyWfHMOsw)
 +    * 5G-SPECTOR: An O-RAN Compliant Layer-3 Cellular Attack Detection Service @ NDSS 2024
  
 === Web Security === === Web Security ===
 +  * [G.O.S.S.I.P 阅读推荐 2024-02-26 寻觅文件劫持漏洞](https://mp.weixin.qq.com/s/BoKacA2iaBKwwQ-X1GgKfA)
 +    * File Hijacking Vulnerability: The Elephant in the Room @ NDSS 2024
 +  *[G.O.S.S.I.P 阅读推荐 2024-02-05 WebRR](https://mp.weixin.qq.com/s/bk2SABjkQYJFTZZwucoFtw)
 +    * WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web @ USENIX Security 2024 
 +  * [[https://mp.weixin.qq.com/s/XiINCa60NRcfZcfo7k9DFQ|G.O.S.S.I.P 阅读推荐 2023-11-27 Chrowned!]]
 +    * Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API @ Euro S&P 2023
 +  * [G.O.S.S.I.P 阅读推荐 2024-02-02 来自浏览器的勒索警告!](https://mp.weixin.qq.com/s/H1JFxJE-ir5tR2oG8qHB_w)
 +    * RøB: Ransomware over Modern Web Browsers @ USENIX Security 2023
 +
 +=== Mobile Security ===
 +  * [G.O.S.S.I.P 阅读推荐 2024-03-01 马奇诺防线总在龙年被攻破](https://mp.weixin.qq.com/s/NUS1lT2OSFSct7JvyBcPKQ)
 +    * Maginot Line: Assessing a New Cross-app Threat to PII-as-Factor Authentication in Chinese Mobile Apps @ NDSS 2024
  
 === 物联网安全 === === 物联网安全 ===
   * [[https://mp.weixin.qq.com/s/IOe2_orxCJunOALS6pkC7w|G.O.S.S.I.P 阅读推荐 2024-01-02 蓝牙安全的“千里江山图”]]   * [[https://mp.weixin.qq.com/s/IOe2_orxCJunOALS6pkC7w|G.O.S.S.I.P 阅读推荐 2024-01-02 蓝牙安全的“千里江山图”]]
 +    * SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth @ IEEE S&P 2024
   * [[https://mp.weixin.qq.com/s/bV0eQrkx63UxbstZDLhvEw|G.O.S.S.I.P 阅读推荐 2023-11-22 Your Firmware Has Arrived]]   * [[https://mp.weixin.qq.com/s/bV0eQrkx63UxbstZDLhvEw|G.O.S.S.I.P 阅读推荐 2023-11-22 Your Firmware Has Arrived]]
     * Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities @ USENIX Security 2024     * Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities @ USENIX Security 2024
 +  * [[https://mp.weixin.qq.com/s/45eD2RMC9-OBdbgT544kEQ|G.O.S.S.I.P 阅读推荐 2023-12-13 LED出卖了你(的key)]]
 +    * Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations @ CCS 2023
  
 === 现实世界的密码学安全问题 === === 现实世界的密码学安全问题 ===
 +  * [G.O.S.S.I.P 阅读推荐 2024-02-19 密码学误用检测工具的误用?](https://mp.weixin.qq.com/s/8GLPmsu5AmBh8-WzbHVxhg)
 +    * Towards Precise Reporting of Cryptographic Misuses @ NDSS 2024
   * [[https://mp.weixin.qq.com/s/EQFWz_JyM5RqbgMaGfqeOw|G.O.S.S.I.P 阅读推荐 2024-01-12 端到端加密APP的注入攻击]]   * [[https://mp.weixin.qq.com/s/EQFWz_JyM5RqbgMaGfqeOw|G.O.S.S.I.P 阅读推荐 2024-01-12 端到端加密APP的注入攻击]]
 +    * Injection Attacks Against End-to-End Encrypted Applications @ IEEE S&P 2024
 +  * [[https://mp.weixin.qq.com/s/k0vJBw4ATdAAYxcZnG0uNg|G.O.S.S.I.P 阅读推荐 2023-11-20 RSA公钥之殇]]
 +    * Passive SSH Key Compromise via Lattices @ CCS 2023
 +  * [G.O.S.S.I.P 阅读推荐 2024-01-15 大破量子危机](https://mp.weixin.qq.com/s/GkOIATGwuiZ7mkLra4XI7A)
 +    * ReSolveD: Shorter Signatures from Regular Syndrome Decoding and VOLE-in-the-Head @ PKC 2024
 +    * Revisiting the Constant-sum Winternitz One-time Signature with Applications to SPHINCS+ and XMSS @ CRYPTO 2023
 +
 +=== 供应链安全 ===
 +  * [G.O.S.S.I.P 阅读推荐 2024-02-21 危险的VS Code插件](https://mp.weixin.qq.com/s/5N8d-GhbOPSUhiIu540Fiw)
 +    * UntrustIDE: Exploiting Weaknesses in VS Code Extensions @ NDSS 2024
  
 === AI安全 === === AI安全 ===
 +  * [G.O.S.S.I.P 阅读推荐 2024-01-29 TEESLICE](https://mp.weixin.qq.com/s/tfIkQSD075W5a0KXnhjlAw)
 +    * No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML @ IEEE S&P 2024
 +  * [G.O.S.S.I.P 阅读推荐 2024-01-24 除你防护,夺你模型!](https://mp.weixin.qq.com/s/bkmsUm2kzGP7fnlc1FZkrQ)
 +    * DeMistify: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps @ ICSE 2024
 +  * [G.O.S.S.I.P 阅读推荐 2024-01-22 The Janus Interface](https://mp.weixin.qq.com/s/IC50TYPckXHuDPYj1RPf2w)
 +    * The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks
 +  * [G.O.S.S.I.P 阅读推荐 2024-01-17 Crafter](https://mp.weixin.qq.com/s/aMawuWmiyqFNxY3UgYHFHQ)
 +    * Crafter: Facial Feature Crafting against Inversion-based Identity Theft on Deep Models @ NDSS 2024
 +
  
Back to top