Taking the next step: OSS-Fuzz in 2023
https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
Google Online Security Blog
Taking the next step: OSS-Fuzz in 2023
Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016 , Google's free OSS-Fuzz code testing service has helped get over 8800 vul...
π1π₯1
Active Directory: Using LDAP Queries for Stealthy Enumeration
https://snikt.net/blog/2023/01/25/active-directory-using-ldap-queries-for-stealthy-enumeration/
https://snikt.net/blog/2023/01/25/active-directory-using-ldap-queries-for-stealthy-enumeration/
snikt.net
Active Directory: Using LDAP Queries for Stealthy Enumeration -
Andreas Happe sometimes blogs about development, life or security.
π₯1
Behind the Scenes: How we are securing our new PDF stack
https://microsoftedge.github.io/edgevr/posts/How-we-are-securing-our-new-PDF-stack/
https://microsoftedge.github.io/edgevr/posts/How-we-are-securing-our-new-PDF-stack/
Microsoft Browser Vulnerability Research
Behind the Scenes: How we are securing our new PDF stack
As we recently published on the Microsoft Edge Dev blog, Adobe and Microsoft are enhancing the PDF experience and value users have come to expect in Microsoft Edge. Adobe brings an unrivalled breadth of experience in the PDF space, and we are looking forwardβ¦
π1
How To Fuzz JavaScript With Jest And Jazzer.Js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
Code-Intelligence
How to Fuzz JavaScript with Jest and Jazzer.js
Learn how to fuzz JavaScript using Jest. With the integration of the open-source fuzzing engine Jazzer.js, JavaScript fuzzing is as easy as unit testing.
Drone Security and
the Mysterious Case of DJIβs DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
the Mysterious Case of DJIβs DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
π1π₯1
POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf
VulChecker: Graph-based Vulnerability Localization in Source Code
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
UnGANable: Defending Against GAN-based Face Manipulation
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
Large Language Models are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
https://arxiv.org/pdf/2212.14834.pdf
https://arxiv.org/pdf/2212.14834.pdf
π2
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
MDSec
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
π1
Hacking AI: System and Cloud Takeover via MLflow Exploit
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
Protectai
Hacking AI: System Takeover in MLflow Strikes Again (And Again)
2 patch bypasses found for severe MLflow LFI/RFI vulnerability
All patched in MLflow version 2.2.3
Protect AIβs vulnerability scanning and exploit tools updated with bypasses
All patched in MLflow version 2.2.3
Protect AIβs vulnerability scanning and exploit tools updated with bypasses
π1π₯1
Forwarded from idapro (Not official)
IDA Rust Demangler, the project provides a script that demangles Rust function names and normalize it for IDA, making it easier to read and understand the code.
https://github.com/timetravelthree/IDARustDemangler
https://github.com/timetravelthree/IDARustDemangler
GitHub
GitHub - timetravelthree/IDARustDemangler: Rust Demangler & Normalizer plugin for IDA
Rust Demangler & Normalizer plugin for IDA. Contribute to timetravelthree/IDARustDemangler development by creating an account on GitHub.
π₯1
UTopia: From Unit Tests To Fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
BLOG | Samsung Research
UTopia: From Unit Tests To Fuzzing
When an N-Day turns into a 0day. (Part 1 of 2)
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
GitHub
vulnerability-write-ups/TP-Link/WR940N/112022/Part1.md at master Β· b1ack0wl/vulnerability-write-ups
This repo contains write ups of vulnerabilities I've found and exploits I've publicly developed. - b1ack0wl/vulnerability-write-ups