Т-Образование
Если вы знаете основы информационной безопасности, умеете искать уязвимости в системах и уважаете конфиденциальность — вам определенно может быть интересна эта стажировка 🔒 Три команды — AppSec, DevSecOps и Security Research — готовы взять стажеров на лето…
Результаты стажировки 2023 года одной из команд по теме Binary SCA и применению методов машинного обучения описали на Хабре:
Intro: https://habr.com/ru/companies/tinkoff/articles/795061/
Part 1: https://habr.com/ru/companies/tinkoff/articles/796919/
Part 2: https://habr.com/ru/companies/tinkoff/articles/801777/
Intro: https://habr.com/ru/companies/tinkoff/articles/795061/
Part 1: https://habr.com/ru/companies/tinkoff/articles/796919/
Part 2: https://habr.com/ru/companies/tinkoff/articles/801777/
Хабр
Что не увидит SCA
Всем привет! ? ? ? Мы стажеры — разработчики Тинькофф: Влад , Паша и Илья. В проекте по стажировкам в ИБ Summer of Code под руководством Ромы Лебедя мы реализовали анализатор бинарного кода на основе...
👍4🔥2
Why fuzzing over formal verification?
https://blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/
https://blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/
The Trail of Bits Blog
Why fuzzing over formal verification?
We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal verification?” And the answer is, “It’s complicated.” We use fuzzing for most of our audits but have used…
DJI Mavic 3 Drone Research
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-1-firmware-analysis
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-1-firmware-analysis
https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis
Nozominetworks
DJI Mavic 3 Drone Research Part 1: Firmware Analysis
Nozomi Networks Labs recently conducted firmware analysis on a DJI Mavic 3 Series drone. Learn more about their findings.
Code Security Vulnerability Repair Using Reinforcement Learning with Large Language Models
https://arxiv.org/pdf/2401.07031.pdf
https://arxiv.org/pdf/2401.07031.pdf
Prompt Fuzzer: open-source tool to help you harden your GenAI applications
https://github.com/prompt-security/ps-fuzz
https://github.com/prompt-security/ps-fuzz
GitHub
GitHub - prompt-security/ps-fuzz: Make your GenAI Apps Safe & Secure Test & harden your system prompt
Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt - GitHub - prompt-security/ps-fuzz: Make your GenAI Apps Safe & Secure Test & harden your system prompt
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
Talos releases new macOS open-source fuzzer
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
Cisco Talos Blog
Talos releases new macOS open-source fuzzer
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.
SCAML_PHD2.pdf
19.4 MB
SCAML
Transformer-based code vectorization for robust recognition of software components and dependencies
#phdays #ml #ai
Transformer-based code vectorization for robust recognition of software components and dependencies
#phdays #ml #ai
👍9🔥1
scaml_lite_full.pdf
2.9 MB
1👍6
Introducing LLM-based harness synthesis for unfuzzed projects
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
OSS-Fuzz blog
Introducing LLM-based harness synthesis for unfuzzed projects
Introducing LLM-based harness generation for unfuzzed projects.
👍2
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
YouTube
OffensiveCon24 - Eugene Rodionov,Zi Fan Tan and Gulshan Singh
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Blogspot
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...
🔥2
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
Google Online Security Blog
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering The US Defense Advanced Research Projects Agency, DARPA , rec...
👍2
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
https://www.mlsec.org/docs/2024c-asiaccs.pdf
https://www.mlsec.org/docs/2024c-asiaccs.pdf
Expand the reach of Fuzzing
https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
LLM-Assisted Static Analysis for Detecting Security Vulnerabilities
https://arxiv.org/pdf/2405.17238v1
https://arxiv.org/pdf/2405.17238v1
👍3
Code Structure-Aware through Line-level Semantic Learning for Code Vulnerability Detection
https://arxiv.org/pdf/2407.18877
https://arxiv.org/pdf/2407.18877
On Understanding and Forecasting Fuzzers Performance with Static Analysis
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software
https://arxiv.org/pdf/2408.02153
https://arxiv.org/pdf/2408.02153
Transferring Backdoors between Large Language Models by Knowledge Distillation
https://arxiv.org/pdf/2408.09878
https://arxiv.org/pdf/2408.09878
1