Code Structure-Aware through Line-level Semantic Learning for Code Vulnerability Detection
https://arxiv.org/pdf/2407.18877
https://arxiv.org/pdf/2407.18877
On Understanding and Forecasting Fuzzers Performance with Static Analysis
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software
https://arxiv.org/pdf/2408.02153
https://arxiv.org/pdf/2408.02153
Transferring Backdoors between Large Language Models by Knowledge Distillation
https://arxiv.org/pdf/2408.09878
https://arxiv.org/pdf/2408.09878
1
Top Score on the Wrong Exam:
On Benchmarking in Machine Learning for Vulnerability Detection
https://arxiv.org/pdf/2408.12986
On Benchmarking in Machine Learning for Vulnerability Detection
https://arxiv.org/pdf/2408.12986
2
Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
🔥1
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
https://www.youtube.com/watch?v=tZmollb8NXk
https://www.youtube.com/watch?v=tZmollb8NXk
YouTube
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
Talk by Dillon Franke - June 26th, 2024 at TROOPERS24 IT security conference in Heidelberg, Germany hosted by @ERNW_ITSec
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
Introducing Java fuzz harness synthesis using LLMs
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.
Securing_the_Software_Commons_keynote_by_Abhishek_Arya.pdf
3 MB
Securing the software
commons
Standards, Automation, and AI for a Resilient Open Source Future
commons
Standards, Automation, and AI for a Resilient Open Source Future
Lessons from the buzz: What have we learned from fuzzing the eBPF verifier
https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf
https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf
Google & Arm - Raising The Bar on GPU Security
https://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
https://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Google Online Security Blog
Google & Arm - Raising The Bar on GPU Security
Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team;
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
Fuzzing for complex bugs across languages in JavaScript Engines
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
🔥1
Known Vulnerabilities of Open Source Projects: Where Are the Fixes?
https://ieeexplore.ieee.org/document/10381645
https://ieeexplore.ieee.org/document/10381645
👍1
Leveling Up Fuzzing: Finding more vulnerabilities with AI
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Google Online Security Blog
Leveling Up Fuzzing: Finding more vulnerabilities with AI
Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities...
The plugin provides a custom navigation interface within IDA. It examines execution paths from entry points, breaks down the binary into clusters of related functions, and highlights downstream behaviors and artifacts for quicker insights. XRefer can incorporate external data (e.g., API traces, capa results, user-defined xrefs) and provides path graphs for richer context. It integrates with Google's Gemini model to produce natural language descriptions of code relationships and behaviors. Additionally, XRefer can provide cluster based labels for functions, aiming to accelerate the manual static analysis process.
https://github.com/mandiant/xrefer
GitHub
GitHub - mandiant/xrefer: FLARE Team's Binary Navigator
FLARE Team's Binary Navigator. Contribute to mandiant/xrefer development by creating an account on GitHub.