GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation
https://www.usenix.org/system/files/sec23summer_249-peng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_249-peng-prepub.pdf
π1
Reverse Engineering TikTok's VM Obfuscation (Part 2)
https://ibiyemiabiodun.com/projects/reversing-tiktok-pt2/
https://ibiyemiabiodun.com/projects/reversing-tiktok-pt2/
π₯1
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
Unit 42
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
π₯1
Bad things come in large packages: .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar/
https://sector7.computest.nl/post/2023-01-xar/
Sector 7
Bad things come in large packages: .pkg signature verification bypass on macOS
Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files). During a short review of the xar source code, we found a vulnerability (CVE-2022-42841) thatβ¦
kaijie-liu-malicious-code-classification-method-of.pdf
1.1 MB
Malicious Code Classification Method of Advanced Persistent Threat Based on Asm2Vec
π2π1
alrabaee-saed-a-survey-of-binary-code-fingerprinting.pdf
2.2 MB
A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and Features
Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing
https://arxiv.org/pdf/2301.09258.pdf
https://arxiv.org/pdf/2301.09258.pdf
Taking the next step: OSS-Fuzz in 2023
https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
Google Online Security Blog
Taking the next step: OSS-Fuzz in 2023
Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016 , Google's free OSS-Fuzz code testing service has helped get over 8800 vul...
π1π₯1
Active Directory: Using LDAP Queries for Stealthy Enumeration
https://snikt.net/blog/2023/01/25/active-directory-using-ldap-queries-for-stealthy-enumeration/
https://snikt.net/blog/2023/01/25/active-directory-using-ldap-queries-for-stealthy-enumeration/
snikt.net
Active Directory: Using LDAP Queries for Stealthy Enumeration -
Andreas Happe sometimes blogs about development, life or security.
π₯1
Behind the Scenes: How we are securing our new PDF stack
https://microsoftedge.github.io/edgevr/posts/How-we-are-securing-our-new-PDF-stack/
https://microsoftedge.github.io/edgevr/posts/How-we-are-securing-our-new-PDF-stack/
Microsoft Browser Vulnerability Research
Behind the Scenes: How we are securing our new PDF stack
As we recently published on the Microsoft Edge Dev blog, Adobe and Microsoft are enhancing the PDF experience and value users have come to expect in Microsoft Edge. Adobe brings an unrivalled breadth of experience in the PDF space, and we are looking forwardβ¦
π1
How To Fuzz JavaScript With Jest And Jazzer.Js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
Code-Intelligence
How to Fuzz JavaScript with Jest and Jazzer.js
Learn how to fuzz JavaScript using Jest. With the integration of the open-source fuzzing engine Jazzer.js, JavaScript fuzzing is as easy as unit testing.
Drone Security and
the Mysterious Case of DJIβs DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
the Mysterious Case of DJIβs DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
π1π₯1
POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf
VulChecker: Graph-based Vulnerability Localization in Source Code
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
UnGANable: Defending Against GAN-based Face Manipulation
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
Large Language Models are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
https://arxiv.org/pdf/2212.14834.pdf
https://arxiv.org/pdf/2212.14834.pdf
π2