VulChecker: Graph-based Vulnerability Localization in Source Code
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
https://www.usenix.org/system/files/sec23summer_449-mirsky-prepub.pdf
UnGANable: Defending Against GAN-based Face Manipulation
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
https://www.usenix.org/system/files/sec23summer_136-li_zheng-prepub.pdf
Large Language Models are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models
https://arxiv.org/pdf/2212.14834.pdf
https://arxiv.org/pdf/2212.14834.pdf
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
MDSec
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
Hacking AI: System and Cloud Takeover via MLflow Exploit
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
Protectai
Hacking AI: System Takeover in MLflow Strikes Again (And Again)
2 patch bypasses found for severe MLflow LFI/RFI vulnerability
All patched in MLflow version 2.2.3
Protect AI’s vulnerability scanning and exploit tools updated with bypasses
All patched in MLflow version 2.2.3
Protect AI’s vulnerability scanning and exploit tools updated with bypasses
Forwarded from idapro (Not official)
IDA Rust Demangler, the project provides a script that demangles Rust function names and normalize it for IDA, making it easier to read and understand the code.
https://github.com/timetravelthree/IDARustDemangler
https://github.com/timetravelthree/IDARustDemangler
GitHub
GitHub - timetravelthree/IDARustDemangler: Rust Demangler & Normalizer plugin for IDA
Rust Demangler & Normalizer plugin for IDA. Contribute to timetravelthree/IDARustDemangler development by creating an account on GitHub.
UTopia: From Unit Tests To Fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
BLOG | Samsung Research
UTopia: From Unit Tests To Fuzzing
When an N-Day turns into a 0day. (Part 1 of 2)
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
GitHub
vulnerability-write-ups/TP-Link/WR940N/112022/Part1.md at master · b1ack0wl/vulnerability-write-ups
This repo contains write ups of vulnerabilities I've found and exploits I've publicly developed. - b1ack0wl/vulnerability-write-ups
Introducing Socket AI – ChatGPT-Powered Threat Analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis
Dissecting redis CVE-2023-28425 with chatGPT as assistant
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
Lambda driver blog
Dissecting redis CVE-2023-28425 with chatGPT as assistant
Intro
An awesome & curated list of binary code similarity papers
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
https://github.com/SystemSecurityStorm/Awesome-Binary-Similarity
GitHub
GitHub - SystemSecurityStorm/Awesome-Binary-Similarity: An awesome & curated list of binary code similarity papers
An awesome & curated list of binary code similarity papers - SystemSecurityStorm/Awesome-Binary-Similarity
We put GPT-4 in Semgrep to point out false positives & fix code
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
https://semgrep.dev/blog/2023/gpt4-and-semgrep-detailed
Semgrep
Semgrep | We put GPT-4 in Semgrep to point out false positives & fix code
Semgrep is a code search tool many use for security scanning (SAST). We added GPT-4 to our cloud service to ask which Semgrep findings matter before we notify developers, and on our internal projects, it seemed to reason well about this task. We also tried…
Root Cause Analysis of the in the wild JIT bug (CVE-2022-42856)
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
https://voidistaff.github.io/safari/2023/02/20/CVE-2022-42856.html
VIDEZZO: Dependency-aware Virtual Device Fuzzing
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
https://nebelwelt.net/files/23Oakland4.pdf
https://github.com/HexHive/ViDeZZo
exploit_reversing_01-1.pdf
4.1 MB
Exploiting Reversing (ER) series
Article 01
Article 01
Manage (and soon deploy) Android machines with pre-defined behaviors for CyberRange environments.
https://github.com/cybersecsi/robodroid
https://github.com/cybersecsi/robodroid
GitHub
GitHub - cybersecsi/robodroid: Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments.
Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments. - cybersecsi/robodroid