TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
https://www.youtube.com/watch?v=tZmollb8NXk
https://www.youtube.com/watch?v=tZmollb8NXk
YouTube
TROOPERS24: Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
Talk by Dillon Franke - June 26th, 2024 at TROOPERS24 IT security conference in Heidelberg, Germany hosted by @ERNW_ITSec
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
#TROOPERS24 #ITsecurity
https://troopers.de/troopers24/talks/lb9pjt
More impressions:
https://twitter.com/WEareTROOPERS
https://t…
Introducing Java fuzz harness synthesis using LLMs
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.
Securing_the_Software_Commons_keynote_by_Abhishek_Arya.pdf
3 MB
Securing the software
commons
Standards, Automation, and AI for a Resilient Open Source Future
commons
Standards, Automation, and AI for a Resilient Open Source Future
Lessons from the buzz: What have we learned from fuzzing the eBPF verifier
https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf
https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf
Google & Arm - Raising The Bar on GPU Security
https://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
https://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Google Online Security Blog
Google & Arm - Raising The Bar on GPU Security
Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team;
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
Fuzzing for complex bugs across languages in JavaScript Engines
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
🔥1
Known Vulnerabilities of Open Source Projects: Where Are the Fixes?
https://ieeexplore.ieee.org/document/10381645
https://ieeexplore.ieee.org/document/10381645
👍1
Leveling Up Fuzzing: Finding more vulnerabilities with AI
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Google Online Security Blog
Leveling Up Fuzzing: Finding more vulnerabilities with AI
Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities...
The plugin provides a custom navigation interface within IDA. It examines execution paths from entry points, breaks down the binary into clusters of related functions, and highlights downstream behaviors and artifacts for quicker insights. XRefer can incorporate external data (e.g., API traces, capa results, user-defined xrefs) and provides path graphs for richer context. It integrates with Google's Gemini model to produce natural language descriptions of code relationships and behaviors. Additionally, XRefer can provide cluster based labels for functions, aiming to accelerate the manual static analysis process.
https://github.com/mandiant/xrefer
GitHub
GitHub - mandiant/xrefer: FLARE Team's Binary Navigator
FLARE Team's Binary Navigator. Contribute to mandiant/xrefer development by creating an account on GitHub.
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
https://connormcgarr.github.io/km-shadow-stacks/
https://connormcgarr.github.io/km-shadow-stacks/
Connor McGarr’s Blog
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
Using SourcePoint’s JTAG debugger to investigate the implementation of Intel CET Shadow Stacks in kernel-mode on Windows
🔥3
Minimal LLM-based fuzz harness generator
https://adalogics.com/blog/minimal-llm-based-fuzz-harness-generator
https://adalogics.com/blog/minimal-llm-based-fuzz-harness-generator
👍5
ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
https://github.com/LaurieWired/GhidraMCP
https://github.com/LaurieWired/GhidraMCP
GitHub
GitHub - LaurieWired/GhidraMCP: MCP Server for Ghidra
MCP Server for Ghidra. Contribute to LaurieWired/GhidraMCP development by creating an account on GitHub.
🔥3
2409.16165v2-2.pdf
2.4 MB
Interactive Tools Substantially Assist LM Agents in Finding Security VulnerabilitiesKernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
https://i.blackhat.com/Asia-25/Asia-25-Ruan-KernJC.pdf
https://i.blackhat.com/Asia-25/Asia-25-Ruan-KernJC.pdf
A Framework for Evaluating Emerging Cyberattack Capabilities of AI by Google DeepMind
https://arxiv.org/pdf/2503.11917
https://arxiv.org/pdf/2503.11917
Page-Oriented Programming: Subverting Control-Flow
Integrity of Commodity Operating System Kernels
with Non-Writable Code Pages
https://www.usenix.org/system/files/usenixsecurity24-han-seunghun.pdf
Integrity of Commodity Operating System Kernels
with Non-Writable Code Pages
https://www.usenix.org/system/files/usenixsecurity24-han-seunghun.pdf
🔥3