LLMs at the Forefront Pioneering the Future of Fuzz Testing
https://www.youtube.com/watch?v=k9gt7MNXPDY
https://www.youtube.com/watch?v=k9gt7MNXPDY
YouTube
DEF CON 31 - LLMs at the Forefront Pioneering the Future of Fuzz Testing - X
Large Language Models are already revolutionizing the software development landscape. As hackers we can only do what we've always done, embrace the machine and use it to do our bidding.
There are many valid criticisms of GPT models for writing code like…
There are many valid criticisms of GPT models for writing code like…
Chalk™ captures metadata at build time, and can add a small 'chalk mark' (metadata) to any artifacts, so they can be identified in production. Chalk can also extract chalk marks and collect additional metadata about the operating environment when it does this.
https://github.com/crashappsec/chalk
https://github.com/crashappsec/chalk
GitHub
GitHub - crashappsec/chalk: Chalk allows you to follow code from development, through builds and into production.
Chalk allows you to follow code from development, through builds and into production. - crashappsec/chalk
Snapshot fuzzing direct composition with WTF
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
Cisco Talos Blog
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
👍1
Do Language Models Learn Semantics of Code? A Case Study in Vulnerability Detection
https://arxiv.org/pdf/2311.04109.pdf
https://arxiv.org/pdf/2311.04109.pdf
FASER: Binary Code Similarity Search through the use of Intermediate Representations
https://arxiv.org/pdf/2310.03605.pdf
https://arxiv.org/pdf/2310.03605.pdf
👍1
Escaping the sandbox: A bug that speaks for itself
https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
Microsoft Browser Vulnerability Research
Escaping the sandbox: A bug that speaks for itself
Introduction
🔥1
GWP-ASan: Sampling-Based Detection of Memory-Safety Bugs in Production
This paper describes a family of tools that detect these two classes of memory-safety bugs, while running in production, at near-zero overhead. These tools combine page-granular guarded allocation and low-rate sampling. In other words, we added an “if” statement to a 36-year-old idea and made it work at scale
https://arxiv.org/pdf/2311.09394.pdf
This paper describes a family of tools that detect these two classes of memory-safety bugs, while running in production, at near-zero overhead. These tools combine page-granular guarded allocation and low-rate sampling. In other words, we added an “if” statement to a 36-year-old idea and made it work at scale
https://arxiv.org/pdf/2311.09394.pdf
Introducing broad C/C++ vulnerability management support
https://osv.dev/blog/posts/introducing-broad-c-c++-support/
https://osv.dev/blog/posts/introducing-broad-c-c++-support/
osv.dev
OSV - Open Source Vulnerabilities
Comprehensive vulnerability database for your open source projects and dependencies.
Lost in Translation: A Study of Bugs Introduced by Large Language Models while Translating Code
https://arxiv.org/abs/2308.03109
https://arxiv.org/abs/2308.03109
arXiv.org
Lost in Translation: A Study of Bugs Introduced by Large Language...
Code translation aims to convert source code from one programming language (PL) to another. Given the promising abilities of large language models (LLMs) in code synthesis, researchers are...
👍2
Underutilized Fuzzing Strategies for Modern Software Testing
https://www.youtube.com/watch?v=fMzeIv4U4LI
https://www.youtube.com/watch?v=fMzeIv4U4LI
YouTube
Underutilized Fuzzing Strategies for Modern Software Testing
Trail of Bits hosted one of LibAFL's maintainers and CISPA PhD candidate, Addison Crump, for our weekly internal Lunch and Learn session. While fuzzing is commonly associated with memory corruption vulnerabilities, it also has great potential for invariant…
Continuously fuzzing Python C extensions
https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/
https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/
The Trail of Bits Blog
Continuously fuzzing Python C extensions
Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in all programming languages. Fortunately for…