VulChecker: Graph-based Vulnerability Localization in Source Code
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
UnGANable: Defending Against GAN-based Face Manipulation
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
Large Language Models are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
https://arxiv.org/pdf/2212.14834.pdf
https://arxiv.org/pdf/2212.14834.pdf
π2
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
MDSec
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
π1
Hacking AI: System and Cloud Takeover via MLflow Exploit
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
Palo Alto Networks Blog
Network Security - Palo Alto Networks Blog
Secure your enterprise against tomorrow's threats, today. Protect users, applications and data anywhere with intelligent network security from Palo Alto Networks.
π1π₯1
Forwarded from idapro (Not official)
IDA Rust Demangler, the project provides a script that demangles Rust function names and normalize it for IDA, making it easier to read and understand the code.
https://github.com/timetravelthree/IDARustDemangler
https://github.com/timetravelthree/IDARustDemangler
GitHub
GitHub - timetravelthree/IDARustDemangler: Rust Demangler & Normalizer plugin for IDA
Rust Demangler & Normalizer plugin for IDA. Contribute to timetravelthree/IDARustDemangler development by creating an account on GitHub.
π₯1
UTopia: From Unit Tests To Fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
BLOG | Samsung Research
UTopia: From Unit Tests To Fuzzing
When an N-Day turns into a 0day. (Part 1 of 2)
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
GitHub
vulnerability-write-ups/TP-Link/WR940N/112022/Part1.md at master Β· b1ack0wl/vulnerability-write-ups
This repo contains write ups of vulnerabilities I've found and exploits I've publicly developed. - b1ack0wl/vulnerability-write-ups
Introducing Socket AI β ChatGPT-Powered Threat Analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
π2
Dissecting redis CVE-2023-28425 with chatGPT as assistant
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
Lambda driver blog
Dissecting redis CVE-2023-28425 with chatGPT as assistant
Intro
π₯2
An awesome & curated list of binary code similarity papers
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
GitHub
GitHub - SystemSecurityStorm/Awesome-Binary-Similarity: An awesome & curated list of binary code similarity papers
An awesome & curated list of binary code similarity papers - SystemSecurityStorm/Awesome-Binary-Similarity
We put GPT-4 in Semgrep to point out false positives & fix code
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
Semgrep
We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also triedβ¦
π2π₯1
Root Cause Analysis of the in the wild JIT bug (CVE-2022-42856)
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
π1
VIDEZZO: Dependency-aware Virtual Device Fuzzing
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
Manage (and soon deploy) Android machines with pre-defined behaviors for CyberRange environments.
https://github.com/cybersecsi/robodroid
https://github.com/cybersecsi/robodroid
GitHub
GitHub - cybersecsi/robodroid: Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments.
Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments. - cybersecsi/robodroid