Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine
https://www.anvilsecure.com/blog/compromising-garmins-sport-watches-a-deep-dive-into-garminos-and-its-monkeyc-virtual-machine.html
https://www.anvilsecure.com/blog/compromising-garmins-sport-watches-a-deep-dive-into-garminos-and-its-monkeyc-virtual-machine.html
Anvil Secure
Compromising Garmin's Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine - Anvil Secure
I reversed the firmware of my Garmin Forerunner 245 Music back in 2022 and found a dozen or so vulnerabilities in their support for Connect IQ applications. They can be exploited…
Testing and Fuzzing the Kubernetes Admission Configuration
https://troopers.de/downloads/troopers23/TR23_TestingAndFuzzingTheKubernetes.pdf
https://troopers.de/downloads/troopers23/TR23_TestingAndFuzzingTheKubernetes.pdf
AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html
Google Online Security Blog
AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team Since 2016, OSS-Fuzz has been at the forefront of automated v...
Android Goes All-in on Fuzzing
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
Google Online Security Blog
Android Goes All-in on Fuzzing
Posted by Hamzeh Zawawy and Jon Bottarini, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over ...
ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP
https://arxiv.org/pdf/2308.02122.pdf
https://arxiv.org/pdf/2308.02122.pdf
https://github.com/intel/tsffs
A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS
A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS
GitHub
GitHub - intel/tsffs: A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS
A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS - intel/tsffs
LLMs at the Forefront Pioneering the Future of Fuzz Testing
https://www.youtube.com/watch?v=k9gt7MNXPDY
https://www.youtube.com/watch?v=k9gt7MNXPDY
YouTube
DEF CON 31 - LLMs at the Forefront Pioneering the Future of Fuzz Testing - X
Large Language Models are already revolutionizing the software development landscape. As hackers we can only do what we've always done, embrace the machine and use it to do our bidding.
There are many valid criticisms of GPT models for writing code like…
There are many valid criticisms of GPT models for writing code like…
Chalk™ captures metadata at build time, and can add a small 'chalk mark' (metadata) to any artifacts, so they can be identified in production. Chalk can also extract chalk marks and collect additional metadata about the operating environment when it does this.
https://github.com/crashappsec/chalk
https://github.com/crashappsec/chalk
GitHub
GitHub - crashappsec/chalk: Chalk allows you to follow code from development, through builds and into production.
Chalk allows you to follow code from development, through builds and into production. - crashappsec/chalk
Snapshot fuzzing direct composition with WTF
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
Cisco Talos Blog
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
Do Language Models Learn Semantics of Code? A Case Study in Vulnerability Detection
https://arxiv.org/pdf/2311.04109.pdf
https://arxiv.org/pdf/2311.04109.pdf
FASER: Binary Code Similarity Search through the use of Intermediate Representations
https://arxiv.org/pdf/2310.03605.pdf
https://arxiv.org/pdf/2310.03605.pdf
Escaping the sandbox: A bug that speaks for itself
https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
Microsoft Browser Vulnerability Research
Escaping the sandbox: A bug that speaks for itself
Introduction