Lessons from the buzz: What have we learned from fuzzing the eBPF verifier
https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf
https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf
Google & Arm - Raising The Bar on GPU Security
https://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
https://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Google Online Security Blog
Google & Arm - Raising The Bar on GPU Security
Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team;
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - ...
Fuzzing for complex bugs across languages in JavaScript Engines
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
🔥1
Known Vulnerabilities of Open Source Projects: Where Are the Fixes?
https://ieeexplore.ieee.org/document/10381645
https://ieeexplore.ieee.org/document/10381645
👍1
Leveling Up Fuzzing: Finding more vulnerabilities with AI
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Google Online Security Blog
Leveling Up Fuzzing: Finding more vulnerabilities with AI
Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities...
The plugin provides a custom navigation interface within IDA. It examines execution paths from entry points, breaks down the binary into clusters of related functions, and highlights downstream behaviors and artifacts for quicker insights. XRefer can incorporate external data (e.g., API traces, capa results, user-defined xrefs) and provides path graphs for richer context. It integrates with Google's Gemini model to produce natural language descriptions of code relationships and behaviors. Additionally, XRefer can provide cluster based labels for functions, aiming to accelerate the manual static analysis process.
https://github.com/mandiant/xrefer
GitHub
GitHub - mandiant/xrefer: FLARE Team's Binary Navigator
FLARE Team's Binary Navigator. Contribute to mandiant/xrefer development by creating an account on GitHub.
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
https://connormcgarr.github.io/km-shadow-stacks/
https://connormcgarr.github.io/km-shadow-stacks/
Connor McGarr’s Blog
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
Using SourcePoint’s JTAG debugger to investigate the implementation of Intel CET Shadow Stacks in kernel-mode on Windows
🔥3
Minimal LLM-based fuzz harness generator
https://adalogics.com/blog/minimal-llm-based-fuzz-harness-generator
https://adalogics.com/blog/minimal-llm-based-fuzz-harness-generator
👍5
ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
https://github.com/LaurieWired/GhidraMCP
https://github.com/LaurieWired/GhidraMCP
GitHub
GitHub - LaurieWired/GhidraMCP: MCP Server for Ghidra
MCP Server for Ghidra. Contribute to LaurieWired/GhidraMCP development by creating an account on GitHub.
🔥3
2409.16165v2-2.pdf
2.4 MB
Interactive Tools Substantially Assist LM Agents in Finding Security VulnerabilitiesKernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
https://i.blackhat.com/Asia-25/Asia-25-Ruan-KernJC.pdf
https://i.blackhat.com/Asia-25/Asia-25-Ruan-KernJC.pdf
A Framework for Evaluating Emerging Cyberattack Capabilities of AI by Google DeepMind
https://arxiv.org/pdf/2503.11917
https://arxiv.org/pdf/2503.11917
Page-Oriented Programming: Subverting Control-Flow
Integrity of Commodity Operating System Kernels
with Non-Writable Code Pages
https://www.usenix.org/system/files/usenixsecurity24-han-seunghun.pdf
Integrity of Commodity Operating System Kernels
with Non-Writable Code Pages
https://www.usenix.org/system/files/usenixsecurity24-han-seunghun.pdf
🔥3
Large Language Model-Driven Concolic Execution
for Highly Structured Test Input Generation
https://arxiv.org/pdf/2504.17542
for Highly Structured Test Input Generation
https://arxiv.org/pdf/2504.17542
👍1
OSVBench: Benchmarking LLMs on Specification Generation Tasks for
Operating System Verification
https://arxiv.org/pdf/2504.20964
Operating System Verification
https://arxiv.org/pdf/2504.20964
AutoPatchBench, a benchmark for the automated repair of vulnerabilities identified through fuzzing
https://engineering.fb.com/2025/04/29/ai-research/autopatchbench-benchmark-ai-powered-security-fixes/
https://engineering.fb.com/2025/04/29/ai-research/autopatchbench-benchmark-ai-powered-security-fixes/
Engineering at Meta
Introducing AutoPatchBench: A Benchmark for AI-Powered Security Fixes
We are introducing AutoPatchBench, a benchmark for the automated repair of vulnerabilities identified through fuzzing. By providing a standardized benchmark, AutoPatchBench enables researchers and …
👍3🔥2