GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation
https://www.usenix.org/system/files/sec23summer_249-peng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_249-peng-prepub.pdf
Reverse Engineering TikTok's VM Obfuscation (Part 2)
https://ibiyemiabiodun.com/projects/reversing-tiktok-pt2/
https://ibiyemiabiodun.com/projects/reversing-tiktok-pt2/
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
Unit 42
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
Bad things come in large packages: .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar/
https://sector7.computest.nl/post/2023-01-xar/
Sector 7
Bad things come in large packages: .pkg signature verification bypass on macOS
Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files). During a short review of the xar source code, we found a vulnerability (CVE-2022-42841) that…
kaijie-liu-malicious-code-classification-method-of.pdf
1.1 MB
Malicious Code Classification Method of Advanced Persistent Threat Based on Asm2Vec
alrabaee-saed-a-survey-of-binary-code-fingerprinting.pdf
2.2 MB
A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and Features
Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing
https://arxiv.org/pdf/2301.09258.pdf
https://arxiv.org/pdf/2301.09258.pdf
Taking the next step: OSS-Fuzz in 2023
https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
Google Online Security Blog
Taking the next step: OSS-Fuzz in 2023
Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016 , Google's free OSS-Fuzz code testing service has helped get over 8800 vul...
Active Directory: Using LDAP Queries for Stealthy Enumeration
https://snikt.net/blog/2023/01/25/active-directory-using-ldap-queries-for-stealthy-enumeration/
https://snikt.net/blog/2023/01/25/active-directory-using-ldap-queries-for-stealthy-enumeration/
snikt.net
Active Directory: Using LDAP Queries for Stealthy Enumeration -
Andreas Happe sometimes blogs about development, life or security.
Behind the Scenes: How we are securing our new PDF stack
https://microsoftedge.github.io/edgevr/posts/How-we-are-securing-our-new-PDF-stack/
https://microsoftedge.github.io/edgevr/posts/How-we-are-securing-our-new-PDF-stack/
Microsoft Browser Vulnerability Research
Behind the Scenes: How we are securing our new PDF stack
As we recently published on the Microsoft Edge Dev blog, Adobe and Microsoft are enhancing the PDF experience and value users have come to expect in Microsoft Edge. Adobe brings an unrivalled breadth of experience in the PDF space, and we are looking forward…
How To Fuzz JavaScript With Jest And Jazzer.Js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
Code-Intelligence
How to Fuzz JavaScript with Jest and Jazzer.js
Learn how to fuzz JavaScript using Jest. With the integration of the open-source fuzzing engine Jazzer.js, JavaScript fuzzing is as easy as unit testing.
Drone Security and
the Mysterious Case of DJI’s DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
the Mysterious Case of DJI’s DroneID
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f217_paper.pdf
POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf
https://www.usenix.org/system/files/sec23summer_411-li_wen-prepub.pdf