VulChecker: Graph-based Vulnerability Localization in Source Code
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
UnGANable: Defending Against GAN-based Face Manipulation
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
Large Language Models are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
https://arxiv.org/pdf/2212.14834.pdf
https://arxiv.org/pdf/2212.14834.pdf
π2
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
MDSec
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
π1
Hacking AI: System and Cloud Takeover via MLflow Exploit
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
Protectai
Hacking AI: System Takeover in MLflow Strikes Again (And Again)
2 patch bypasses found for severe MLflow LFI/RFI vulnerability
All patched in MLflow version 2.2.3
Protect AIβs vulnerability scanning and exploit tools updated with bypasses
All patched in MLflow version 2.2.3
Protect AIβs vulnerability scanning and exploit tools updated with bypasses
π1π₯1
Forwarded from idapro (Not official)
IDA Rust Demangler, the project provides a script that demangles Rust function names and normalize it for IDA, making it easier to read and understand the code.
https://github.com/timetravelthree/IDARustDemangler
https://github.com/timetravelthree/IDARustDemangler
GitHub
GitHub - timetravelthree/IDARustDemangler: Rust Demangler & Normalizer plugin for IDA
Rust Demangler & Normalizer plugin for IDA. Contribute to timetravelthree/IDARustDemangler development by creating an account on GitHub.
π₯1
UTopia: From Unit Tests To Fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
BLOG | Samsung Research
UTopia: From Unit Tests To Fuzzing
When an N-Day turns into a 0day. (Part 1 of 2)
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
GitHub
vulnerability-write-ups/TP-Link/WR940N/112022/Part1.md at master Β· b1ack0wl/vulnerability-write-ups
This repo contains write ups of vulnerabilities I've found and exploits I've publicly developed. - b1ack0wl/vulnerability-write-ups
Introducing Socket AI β ChatGPT-Powered Threat Analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
π2
Dissecting redis CVE-2023-28425 with chatGPT as assistant
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
Lambda driver blog
Dissecting redis CVE-2023-28425 with chatGPT as assistant
Intro
π₯2
An awesome & curated list of binary code similarity papers
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
GitHub
GitHub - SystemSecurityStorm/Awesome-Binary-Similarity: An awesome & curated list of binary code similarity papers
An awesome & curated list of binary code similarity papers - SystemSecurityStorm/Awesome-Binary-Similarity
We put GPT-4 in Semgrep to point out false positives & fix code
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
Semgrep
We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also triedβ¦
π2π₯1
Root Cause Analysis of the in the wild JIT bug (CVE-2022-42856)
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
π1
VIDEZZO: Dependency-aware Virtual Device Fuzzing
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
Manage (and soon deploy) Android machines with pre-defined behaviors for CyberRange environments.
https://github.com/cybersecsi/robodroid
https://github.com/cybersecsi/robodroid
GitHub
GitHub - cybersecsi/robodroid: Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments.
Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments. - cybersecsi/robodroid