An awesome & curated list of binary code similarity papers - SystemSecurityStorm/Awesome-Binary-Similarity

Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also tried…

Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments. - cybersecsi/robodroid

Analyzing an arm64 mach-O version of LockBit

Fuzzle: Making a Puzzle for Fuzzers (ASE'22). Contribute to SoftSec-KAIST/Fuzzle development by creating an account on GitHub.

A standard-format Red Team Capability Maturity Model to guide and report on team maturity.

Most EDRs generally use a combination of user space and kernel space components, or the kernel components often form the basis for implementing user space protection mechanisms. A good example of this is the interaction between callback routines and user…

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You may…

At the RSA Conference 2023 today, we are excited to unveil VirusTotal Code Insight, a cutting-edge feature that leverages artificial intelli...

Contribute to google/buzzer development by creating an account on GitHub.

Introduction While analyzing CVE-2022-41082, also known as ProxyNotShell, we discovered this vulnerability which we have detailed in this blog. However, for a comprehensive understanding, we highly recommend reading the thorough analysis written by team ZDI.…