UTopia: From Unit Tests To Fuzzing

This repo contains write ups of vulnerabilities I've found and exploits I've publicly developed. - b1ack0wl/vulnerability-write-ups

Intro

An awesome & curated list of binary code similarity papers - SystemSecurityStorm/Awesome-Binary-Similarity

Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also tried…

Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments. - cybersecsi/robodroid

Analyzing an arm64 mach-O version of LockBit

Fuzzle: Making a Puzzle for Fuzzers (ASE'22). Contribute to SoftSec-KAIST/Fuzzle development by creating an account on GitHub.

A standard-format Red Team Capability Maturity Model to guide and report on team maturity.

Most EDRs generally use a combination of user space and kernel space components, or the kernel components often form the basis for implementing user space protection mechanisms. A good example of this is the interaction between callback routines and user…

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You may…