Hacking AI: System and Cloud Takeover via MLflow Exploit
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
Protectai
Hacking AI: System Takeover in MLflow Strikes Again (And Again)
2 patch bypasses found for severe MLflow LFI/RFI vulnerability
All patched in MLflow version 2.2.3
Protect AIβs vulnerability scanning and exploit tools updated with bypasses
All patched in MLflow version 2.2.3
Protect AIβs vulnerability scanning and exploit tools updated with bypasses
π1π₯1
Forwarded from idapro (Not official)
IDA Rust Demangler, the project provides a script that demangles Rust function names and normalize it for IDA, making it easier to read and understand the code.
https://github.com/timetravelthree/IDARustDemangler
https://github.com/timetravelthree/IDARustDemangler
GitHub
GitHub - timetravelthree/IDARustDemangler: Rust Demangler & Normalizer plugin for IDA
Rust Demangler & Normalizer plugin for IDA. Contribute to timetravelthree/IDARustDemangler development by creating an account on GitHub.
π₯1
UTopia: From Unit Tests To Fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
BLOG | Samsung Research
UTopia: From Unit Tests To Fuzzing
When an N-Day turns into a 0day. (Part 1 of 2)
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
GitHub
vulnerability-write-ups/TP-Link/WR940N/112022/Part1.md at master Β· b1ack0wl/vulnerability-write-ups
This repo contains write ups of vulnerabilities I've found and exploits I've publicly developed. - b1ack0wl/vulnerability-write-ups
Introducing Socket AI β ChatGPT-Powered Threat Analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
π2
Dissecting redis CVE-2023-28425 with chatGPT as assistant
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
Lambda driver blog
Dissecting redis CVE-2023-28425 with chatGPT as assistant
Intro
π₯2
An awesome & curated list of binary code similarity papers
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
GitHub
GitHub - SystemSecurityStorm/Awesome-Binary-Similarity: An awesome & curated list of binary code similarity papers
An awesome & curated list of binary code similarity papers - SystemSecurityStorm/Awesome-Binary-Similarity
We put GPT-4 in Semgrep to point out false positives & fix code
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
Semgrep
We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also triedβ¦
π2π₯1
Root Cause Analysis of the in the wild JIT bug (CVE-2022-42856)
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
π1
VIDEZZO: Dependency-aware Virtual Device Fuzzing
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
Manage (and soon deploy) Android machines with pre-defined behaviors for CyberRange environments.
https://github.com/cybersecsi/robodroid
https://github.com/cybersecsi/robodroid
GitHub
GitHub - cybersecsi/robodroid: Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments.
Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments. - cybersecsi/robodroid
Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB
https://blog.christophetd.fr/dll-unlinking/
https://blog.christophetd.fr/dll-unlinking/
Christophe Tafani-Dereeper
Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB - Christophe Tafani-Dereeper
In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You mayβ¦
Mobile Exploitation, the past, present, and future.pdf
8 MB
Mobile Exploitation - The past, present, and the future
π₯3