How To Fuzz JavaScript With Jest And Jazzer.Js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
Code-Intelligence
How to Fuzz JavaScript with Jest and Jazzer.js
Learn how to fuzz JavaScript using Jest. With the integration of the open-source fuzzing engine Jazzer.js, JavaScript fuzzing is as easy as unit testing.
Drone Security and
the Mysterious Case of DJIβs DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
the Mysterious Case of DJIβs DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
π1π₯1
POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf
VulChecker: Graph-based Vulnerability Localization in Source Code
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
UnGANable: Defending Against GAN-based Face Manipulation
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
Large Language Models are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
https://arxiv.org/pdf/2212.14834.pdf
https://arxiv.org/pdf/2212.14834.pdf
π2
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
MDSec
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
π1
Hacking AI: System and Cloud Takeover via MLflow Exploit
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
Palo Alto Networks Blog
Network Security - Palo Alto Networks Blog
Secure your enterprise against tomorrow's threats, today. Protect users, applications and data anywhere with intelligent network security from Palo Alto Networks.
π1π₯1
Forwarded from idapro (Not official)
IDA Rust Demangler, the project provides a script that demangles Rust function names and normalize it for IDA, making it easier to read and understand the code.
https://github.com/timetravelthree/IDARustDemangler
https://github.com/timetravelthree/IDARustDemangler
GitHub
GitHub - timetravelthree/IDARustDemangler: Rust Demangler & Normalizer plugin for IDA
Rust Demangler & Normalizer plugin for IDA. Contribute to timetravelthree/IDARustDemangler development by creating an account on GitHub.
π₯1
UTopia: From Unit Tests To Fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
BLOG | Samsung Research
UTopia: From Unit Tests To Fuzzing
When an N-Day turns into a 0day. (Part 1 of 2)
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
GitHub
vulnerability-write-ups/TP-Link/WR940N/112022/Part1.md at master Β· b1ack0wl/vulnerability-write-ups
This repo contains write ups of vulnerabilities I've found and exploits I've publicly developed. - b1ack0wl/vulnerability-write-ups
Introducing Socket AI β ChatGPT-Powered Threat Analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
π2
Dissecting redis CVE-2023-28425 with chatGPT as assistant
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
Lambda driver blog
Dissecting redis CVE-2023-28425 with chatGPT as assistant
Intro
π₯2
An awesome & curated list of binary code similarity papers
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
GitHub
GitHub - SystemSecurityStorm/Awesome-Binary-Similarity: An awesome & curated list of binary code similarity papers
An awesome & curated list of binary code similarity papers - SystemSecurityStorm/Awesome-Binary-Similarity
We put GPT-4 in Semgrep to point out false positives & fix code
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
Semgrep
We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also triedβ¦
π2π₯1
Root Cause Analysis of the in the wild JIT bug (CVE-2022-42856)
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
π1
VIDEZZO: Dependency-aware Virtual Device Fuzzing
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo