Talos releases new macOS open-source fuzzer
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
Cisco Talos Blog
Talos releases new macOS open-source fuzzer
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.
SCAML_PHD2.pdf
19.4 MB
SCAML
Transformer-based code vectorization for robust recognition of software components and dependencies
#phdays #ml #ai
Transformer-based code vectorization for robust recognition of software components and dependencies
#phdays #ml #ai
👍9🔥1
scaml_lite_full.pdf
2.9 MB
1👍6
Introducing LLM-based harness synthesis for unfuzzed projects
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
OSS-Fuzz blog
Introducing LLM-based harness synthesis for unfuzzed projects
Introducing LLM-based harness generation for unfuzzed projects.
👍2
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
YouTube
OffensiveCon24 - Eugene Rodionov,Zi Fan Tan and Gulshan Singh
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Blogspot
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...
🔥2
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
Google Online Security Blog
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering The US Defense Advanced Research Projects Agency, DARPA , rec...
👍2
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
https://www.mlsec.org/docs/2024c-asiaccs.pdf
https://www.mlsec.org/docs/2024c-asiaccs.pdf
Expand the reach of Fuzzing
https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
LLM-Assisted Static Analysis for Detecting Security Vulnerabilities
https://arxiv.org/pdf/2405.17238v1
https://arxiv.org/pdf/2405.17238v1
👍3
Code Structure-Aware through Line-level Semantic Learning for Code Vulnerability Detection
https://arxiv.org/pdf/2407.18877
https://arxiv.org/pdf/2407.18877
On Understanding and Forecasting Fuzzers Performance with Static Analysis
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software
https://arxiv.org/pdf/2408.02153
https://arxiv.org/pdf/2408.02153
Transferring Backdoors between Large Language Models by Knowledge Distillation
https://arxiv.org/pdf/2408.09878
https://arxiv.org/pdf/2408.09878
1
Top Score on the Wrong Exam:
On Benchmarking in Machine Learning for Vulnerability Detection
https://arxiv.org/pdf/2408.12986
On Benchmarking in Machine Learning for Vulnerability Detection
https://arxiv.org/pdf/2408.12986
2
Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
🔥1
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
https://www.youtube.com/watch?v=tZmollb8NXk
https://www.youtube.com/watch?v=tZmollb8NXk
YouTube
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
Talk by Dillon Franke - June 26th, 2024 at TROOPERS24 IT security conference in Heidelberg, Germany hosted by @ERNW_ITSec
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
Introducing Java fuzz harness synthesis using LLMs
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.