Continuously fuzzing Python C extensions
https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/
https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/
The Trail of Bits Blog
Continuously fuzzing Python C extensions
Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in all programming languages. Fortunately for…
Generate and Pray: Using SALLMS to Evaluate the Security of LLM Generated Code
https://arxiv.org/pdf/2311.00889.pdf
https://arxiv.org/pdf/2311.00889.pdf
👍4
Пример реализации фаззинг-обвязки средствами LLM (Claude 3)
https://gist.github.com/moyix/02029770cb4f7afc2ae91a01b3929118
https://gist.github.com/moyix/02029770cb4f7afc2ae91a01b3929118
Gist
Claude 3 writes a fuzzer
Claude 3 writes a fuzzer. GitHub Gist: instantly share code, notes, and snippets.
Alaid TechThread
Пример реализации фаззинг-обвязки средствами LLM (Claude 3) https://gist.github.com/moyix/02029770cb4f7afc2ae91a01b3929118
Using LLMs to Generate Fuzz Generators
https://verse.systems/blog/post/2024-03-09-using-llms-to-generate-fuzz-generators/
https://verse.systems/blog/post/2024-03-09-using-llms-to-generate-fuzz-generators/
Toby's Blog
Using LLMs to Generate Fuzz Generators
LLMs seem surprisingly good at many things. So much so that not a week goes by without someone coming up with yet another use-case for this technology, often to solve tasks quickly that traditionally …
SyzBridge: Bridging the Gap in Exploitability
Assessment of Linux Kernel Bugs in the Linux
Ecosystem
https://www.ndss-symposium.org/wp-content/uploads/2024-926-paper.pdf
Assessment of Linux Kernel Bugs in the Linux
Ecosystem
https://www.ndss-symposium.org/wp-content/uploads/2024-926-paper.pdf
👍1
K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel
https://www.ndss-symposium.org/wp-content/uploads/2024-935-paper.pdf
https://www.ndss-symposium.org/wp-content/uploads/2024-935-paper.pdf
Т-Образование
Если вы знаете основы информационной безопасности, умеете искать уязвимости в системах и уважаете конфиденциальность — вам определенно может быть интересна эта стажировка 🔒 Три команды — AppSec, DevSecOps и Security Research — готовы взять стажеров на лето…
Результаты стажировки 2023 года одной из команд по теме Binary SCA и применению методов машинного обучения описали на Хабре:
Intro: https://habr.com/ru/companies/tinkoff/articles/795061/
Part 1: https://habr.com/ru/companies/tinkoff/articles/796919/
Part 2: https://habr.com/ru/companies/tinkoff/articles/801777/
Intro: https://habr.com/ru/companies/tinkoff/articles/795061/
Part 1: https://habr.com/ru/companies/tinkoff/articles/796919/
Part 2: https://habr.com/ru/companies/tinkoff/articles/801777/
Хабр
Что не увидит SCA
Всем привет! ? ? ? Мы стажеры — разработчики Тинькофф: Влад , Паша и Илья. В проекте по стажировкам в ИБ Summer of Code под руководством Ромы Лебедя мы реализовали анализатор бинарного кода на основе...
👍4🔥2
Why fuzzing over formal verification?
https://blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/
https://blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/
The Trail of Bits Blog
Why fuzzing over formal verification?
We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal verification?” And the answer is, “It’s complicated.” We use fuzzing for most of our audits but have used…
DJI Mavic 3 Drone Research
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-1-firmware-analysis
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-1-firmware-analysis
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis
Nozominetworks
DJI Mavic 3 Drone Research Part 1: Firmware Analysis
Nozomi Networks Labs recently conducted firmware analysis on a DJI Mavic 3 Series drone. Learn more about their findings.
Code Security Vulnerability Repair Using Reinforcement Learning with Large Language Models
https://arxiv.org/pdf/2401.07031.pdf
https://arxiv.org/pdf/2401.07031.pdf
Prompt Fuzzer: open-source tool to help you harden your GenAI applications
https://github.com/prompt-security/ps-fuzz
https://github.com/prompt-security/ps-fuzz
GitHub
GitHub - prompt-security/ps-fuzz: Make your GenAI Apps Safe & Secure Test & harden your system prompt
Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt - GitHub - prompt-security/ps-fuzz: Make your GenAI Apps Safe & Secure Test & harden your system prompt
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
Talos releases new macOS open-source fuzzer
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
Cisco Talos Blog
Talos releases new macOS open-source fuzzer
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.
SCAML_PHD2.pdf
19.4 MB
SCAML
Transformer-based code vectorization for robust recognition of software components and dependencies
#phdays #ml #ai
Transformer-based code vectorization for robust recognition of software components and dependencies
#phdays #ml #ai
👍9🔥1
scaml_lite_full.pdf
2.9 MB
1👍6
Introducing LLM-based harness synthesis for unfuzzed projects
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
OSS-Fuzz blog
Introducing LLM-based harness synthesis for unfuzzed projects
Introducing LLM-based harness generation for unfuzzed projects.
👍2
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
YouTube
OffensiveCon24 - Eugene Rodionov,Zi Fan Tan and Gulshan Singh
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Blogspot
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...
🔥2