DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly
https://www.cs.ucr.edu/~heng/pubs/DeepDi.pdf
P.S. Интересно, но много фолсов
https://www.cs.ucr.edu/~heng/pubs/DeepDi.pdf
P.S. Интересно, но много фолсов
🔥1
How AI helps keeping Gmail inboxes malware free
https://elie.net/static/files/how-ai-helps-keeping-gmail-inboxes-malware-free/how-ai-helps-keeping-gmail-inboxes-malware-free-slides.pdf
https://elie.net/static/files/how-ai-helps-keeping-gmail-inboxes-malware-free/how-ai-helps-keeping-gmail-inboxes-malware-free-slides.pdf
👍1
Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
Virustotal
Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI
At the RSA Conference 2023 today, we are excited to unveil VirusTotal Code Insight, a cutting-edge feature that leverages artificial intelli...
🔥1
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
STAR Labs
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)
Introduction While analyzing CVE-2022-41082, also known as ProxyNotShell, we discovered this vulnerability which we have detailed in this blog. However, for a comprehensive understanding, we highly recommend reading the thorough analysis written by team ZDI.…
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component
https://www.trellix.com/en-us/about/newsroom/stories/research/the-art-of-information-disclosure.html
https://www.trellix.com/en-us/about/newsroom/stories/research/the-art-of-information-disclosure.html
Trellix
Uncovering CVE-2022-37985: A Unique Information Disclosure Vulnerability in Windows Graphics Component
Get a comprehensive understanding of CVE-2022-37985, a unique information disclosure vulnerability in Windows Graphics Component. Our blog post covers the technical details of the vulnerability, how it can be exploited, and advice on mitigating the risks.
eBPF Observability Tools Are Not Security Tools
https://www.brendangregg.com/blog/2023-04-28/ebpf-security-issues.html
https://www.brendangregg.com/blog/2023-04-28/ebpf-security-issues.html
Brendangregg
eBPF Observability Tools Are Not Security Tools
eBPF Observability Tools Are Not Have Security Tools
Using AI to find software vulnerabilities in XNU
https://www.inulledmyself.com/2023/05/using-ai-to-find-software.html
https://www.inulledmyself.com/2023/05/using-ai-to-find-software.html
Inulledmyself
Using AI to find software vulnerabilities in XNU
Note : This work took place in May-Aug of 2022. It just took me this long to finally finish writing this (Too busy playing with my SRD 😅) L...
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework
https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
Amazon
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework | Amazon Web Services
Today we are happy to announce Snapchange, a new open source fuzzing tool from the AWS Find and Fix (F2) open source security research team.
🔥1
PASTIS For The Win!
PASTIS is an open-source fuzzing framework that aims at combining various software testing techniques within the same workflow to perform collaborative fuzzing, also known as ensemble fuzzing. At the moment it supports Honggfuzz and AFL++ for grey-box fuzzers and TritonDSE for white-box fuzzers.
https://blog.quarkslab.com/pastis-for-the-win.html
PASTIS is an open-source fuzzing framework that aims at combining various software testing techniques within the same workflow to perform collaborative fuzzing, also known as ensemble fuzzing. At the moment it supports Honggfuzz and AFL++ for grey-box fuzzers and TritonDSE for white-box fuzzers.
https://blog.quarkslab.com/pastis-for-the-win.html
Quarkslab
PASTIS For The Win! - Quarkslab's blog
In this blog post we present PASTIS, a Python framework for ensemble fuzzing, developed at Quarkslab.
👍1🔥1
Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0
OffensiveCon 2023
https://github.com/star-sg/Presentations/blob/main/Offensivecon%202023/Unearthing%20Vulnerabilities%20in%20the%20Apple%20Ecosystem%20The%20Art%20of%20KidFuzzerV2.0.pdf
OffensiveCon 2023
https://github.com/star-sg/Presentations/blob/main/Offensivecon%202023/Unearthing%20Vulnerabilities%20in%20the%20Apple%20Ecosystem%20The%20Art%20of%20KidFuzzerV2.0.pdf
GitHub
Presentations/Offensivecon 2023/Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0.pdf at main · star-…
Contribute to star-sg/Presentations development by creating an account on GitHub.
🔥1
CustomProcessingUnit:
Reverse Engineering and Customization of Intel Microcode
https://pietroborrello.com/talk/custom-processing-unit-offensivecon/offensivecon_ucode.pdf
https://github.com/pietroborrello/CustomProcessingUnit
Reverse Engineering and Customization of Intel Microcode
https://pietroborrello.com/talk/custom-processing-unit-offensivecon/offensivecon_ucode.pdf
https://github.com/pietroborrello/CustomProcessingUnit
🔥3👍1👎1
s10515-022-00374-6.pdf
2 MB
BCGen: a comment generation method for bytecode
🔥1
OffensiveCon23 - Samuel Groß & Carl Smith - Advancements in JavaScript Engine Fuzzing
https://www.youtube.com/watch?v=Yd9m7e9-pG0
https://www.youtube.com/watch?v=Yd9m7e9-pG0
YouTube
OffensiveCon23 - Samuel Groß & Carl Smith - Advancements in JavaScript Engine Fuzzing
https://www.offensivecon.org/speakers/2023/samuel-gross-and-carl-smith.html
OffensiveCon23 - Stacksmashing- Inside Apple’s Lightning: JTAGging the iPhone for Fuzzing and Profit
https://www.youtube.com/watch?v=-nFWcKHIUN4
https://www.youtube.com/watch?v=-nFWcKHIUN4
YouTube
OffensiveCon23 - Stacksmashing- Inside Apple’s Lightning: JTAGging the iPhone for Fuzzing and Profit
https://www.offensivecon.org/speakers/2023/ghidraninja.html
Forwarded from Т-Образование
Если вы знаете основы информационной безопасности, умеете искать уязвимости в системах и уважаете конфиденциальность — вам определенно может быть интересна эта стажировка 🔒
Три команды — AppSec, DevSecOps и Security Research — готовы взять стажеров на лето на полный рабочий день с возможностью в дальнейшем перейти в штат. Работать можно удаленно или в одном из офисов в России, Беларуси или Казахстане по договоренности с командой.
Отбор будет в два этапа: онлайн-экзамен (плюс анкета) и интервью. Подробности о командах и задачах, ссылки на материалы для подготовки, а также форма для заявки — по ссылке: https://l.tinkoff.ru/information_security2023
Три команды — AppSec, DevSecOps и Security Research — готовы взять стажеров на лето на полный рабочий день с возможностью в дальнейшем перейти в штат. Работать можно удаленно или в одном из офисов в России, Беларуси или Казахстане по договоренности с командой.
Отбор будет в два этапа: онлайн-экзамен (плюс анкета) и интервью. Подробности о командах и задачах, ссылки на материалы для подготовки, а также форма для заявки — по ссылке: https://l.tinkoff.ru/information_security2023
👍3🔥2👎1
Fine-Grained Coverage-Based Fuzzing
https://binsec.github.io/assets/publications/slides/2023-tosem.pdf
https://binsec.github.io/assets/publications/slides/2023-tosem.pdf
👍1