Using AI to find software vulnerabilities in XNU
https://www.inulledmyself.com/2023/05/using-ai-to-find-software.html
https://www.inulledmyself.com/2023/05/using-ai-to-find-software.html
Inulledmyself
Using AI to find software vulnerabilities in XNU
Note : This work took place in May-Aug of 2022. It just took me this long to finally finish writing this (Too busy playing with my SRD 😅) L...
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework
https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
Amazon
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework | Amazon Web Services
Today we are happy to announce Snapchange, a new open source fuzzing tool from the AWS Find and Fix (F2) open source security research team.
🔥1
PASTIS For The Win!
PASTIS is an open-source fuzzing framework that aims at combining various software testing techniques within the same workflow to perform collaborative fuzzing, also known as ensemble fuzzing. At the moment it supports Honggfuzz and AFL++ for grey-box fuzzers and TritonDSE for white-box fuzzers.
https://blog.quarkslab.com/pastis-for-the-win.html
PASTIS is an open-source fuzzing framework that aims at combining various software testing techniques within the same workflow to perform collaborative fuzzing, also known as ensemble fuzzing. At the moment it supports Honggfuzz and AFL++ for grey-box fuzzers and TritonDSE for white-box fuzzers.
https://blog.quarkslab.com/pastis-for-the-win.html
Quarkslab
PASTIS For The Win! - Quarkslab's blog
In this blog post we present PASTIS, a Python framework for ensemble fuzzing, developed at Quarkslab.
👍1🔥1
Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0
OffensiveCon 2023
https://github.com/star-sg/Presentations/blob/main/Offensivecon%202023/Unearthing%20Vulnerabilities%20in%20the%20Apple%20Ecosystem%20The%20Art%20of%20KidFuzzerV2.0.pdf
OffensiveCon 2023
https://github.com/star-sg/Presentations/blob/main/Offensivecon%202023/Unearthing%20Vulnerabilities%20in%20the%20Apple%20Ecosystem%20The%20Art%20of%20KidFuzzerV2.0.pdf
GitHub
Presentations/Offensivecon 2023/Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0.pdf at main · star-…
Contribute to star-sg/Presentations development by creating an account on GitHub.
🔥1
CustomProcessingUnit:
Reverse Engineering and Customization of Intel Microcode
https://pietroborrello.com/talk/custom-processing-unit-offensivecon/offensivecon_ucode.pdf
https://github.com/pietroborrello/CustomProcessingUnit
Reverse Engineering and Customization of Intel Microcode
https://pietroborrello.com/talk/custom-processing-unit-offensivecon/offensivecon_ucode.pdf
https://github.com/pietroborrello/CustomProcessingUnit
🔥3👍1👎1
s10515-022-00374-6.pdf
2 MB
BCGen: a comment generation method for bytecode
🔥1
OffensiveCon23 - Samuel Groß & Carl Smith - Advancements in JavaScript Engine Fuzzing
https://www.youtube.com/watch?v=Yd9m7e9-pG0
https://www.youtube.com/watch?v=Yd9m7e9-pG0
YouTube
OffensiveCon23 - Samuel Groß & Carl Smith - Advancements in JavaScript Engine Fuzzing
https://www.offensivecon.org/speakers/2023/samuel-gross-and-carl-smith.html
OffensiveCon23 - Stacksmashing- Inside Apple’s Lightning: JTAGging the iPhone for Fuzzing and Profit
https://www.youtube.com/watch?v=-nFWcKHIUN4
https://www.youtube.com/watch?v=-nFWcKHIUN4
YouTube
OffensiveCon23 - Stacksmashing- Inside Apple’s Lightning: JTAGging the iPhone for Fuzzing and Profit
https://www.offensivecon.org/speakers/2023/ghidraninja.html
Forwarded from Т-Образование
Если вы знаете основы информационной безопасности, умеете искать уязвимости в системах и уважаете конфиденциальность — вам определенно может быть интересна эта стажировка 🔒
Три команды — AppSec, DevSecOps и Security Research — готовы взять стажеров на лето на полный рабочий день с возможностью в дальнейшем перейти в штат. Работать можно удаленно или в одном из офисов в России, Беларуси или Казахстане по договоренности с командой.
Отбор будет в два этапа: онлайн-экзамен (плюс анкета) и интервью. Подробности о командах и задачах, ссылки на материалы для подготовки, а также форма для заявки — по ссылке: https://l.tinkoff.ru/information_security2023
Три команды — AppSec, DevSecOps и Security Research — готовы взять стажеров на лето на полный рабочий день с возможностью в дальнейшем перейти в штат. Работать можно удаленно или в одном из офисов в России, Беларуси или Казахстане по договоренности с командой.
Отбор будет в два этапа: онлайн-экзамен (плюс анкета) и интервью. Подробности о командах и задачах, ссылки на материалы для подготовки, а также форма для заявки — по ссылке: https://l.tinkoff.ru/information_security2023
👍3🔥2👎1
Fine-Grained Coverage-Based Fuzzing
https://binsec.github.io/assets/publications/slides/2023-tosem.pdf
https://binsec.github.io/assets/publications/slides/2023-tosem.pdf
👍1
2301.11586.pdf
1.1 MB
Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques
maier_dominik.pdf
3.4 MB
AUTOMATED SECURITY TESTING OF UNEXPLORED TARGETS THROUGH FEEDBACK-GUIDED FUZZING
👍2
RUST BINARY ANALYSIS, FEATURE BY FEATURE
https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
Check Point Research
Rust Binary Analysis, Feature by Feature - Check Point Research
Problem Statement You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s…
Advanced binary fuzzing using AFL++-QEMU and libprotobuf
https://airbus-seclab.github.io/AFLplusplus-blogpost/
https://airbus-seclab.github.io/AFLplusplus-blogpost/
GraphBinMatch: Graph-based Similarity Learning for Cross-Language Binary and Source Code Matching
https://arxiv.org/pdf/2304.04658.pdf
https://arxiv.org/pdf/2304.04658.pdf
👍1