Code Security Vulnerability Repair Using Reinforcement Learning with Large Language Models
https://arxiv.org/pdf/2401.07031.pdf
https://arxiv.org/pdf/2401.07031.pdf
Prompt Fuzzer: open-source tool to help you harden your GenAI applications
https://github.com/prompt-security/ps-fuzz
https://github.com/prompt-security/ps-fuzz
GitHub
GitHub - prompt-security/ps-fuzz: Make your GenAI Apps Safe & Secure Test & harden your system prompt
Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt - GitHub - prompt-security/ps-fuzz: Make your GenAI Apps Safe & Secure Test & harden your system prompt
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
Talos releases new macOS open-source fuzzer
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
Cisco Talos Blog
Talos releases new macOS open-source fuzzer
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.
SCAML_PHD2.pdf
19.4 MB
Introducing LLM-based harness synthesis for unfuzzed projects
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/
OSS-Fuzz blog
Introducing LLM-based harness synthesis for unfuzzed projects
Introducing LLM-based harness generation for unfuzzed projects.
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
https://www.youtube.com/watch?v=U-xSM159YLI&list=PLYvhPWR_XYJlg1SfcKdZY6eXUTPPqnh_G&index=9
YouTube
OffensiveCon24 - Eugene Rodionov,Zi Fan Tan and Gulshan Singh
How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
https://www.offensivecon.org/speakers/2024/eugene-rodionov,-zi-fan-tan-and-gulshan-singh.html
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Blogspot
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
https://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
Google Online Security Blog
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering The US Defense Advanced Research Projects Agency, DARPA , rec...
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
https://www.mlsec.org/docs/2024c-asiaccs.pdf
https://www.mlsec.org/docs/2024c-asiaccs.pdf
Expand the reach of Fuzzing
https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf
LLM-Assisted Static Analysis for Detecting Security Vulnerabilities
https://arxiv.org/pdf/2405.17238v1
https://arxiv.org/pdf/2405.17238v1
Code Structure-Aware through Line-level Semantic Learning for Code Vulnerability Detection
https://arxiv.org/pdf/2407.18877
https://arxiv.org/pdf/2407.18877
On Understanding and Forecasting Fuzzers Performance with Static Analysis
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
https://s3.eurecom.fr/docs/ccs24_zhang.pdf
ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software
https://arxiv.org/pdf/2408.02153
https://arxiv.org/pdf/2408.02153
Transferring Backdoors between Large Language Models by Knowledge Distillation
https://arxiv.org/pdf/2408.09878
https://arxiv.org/pdf/2408.09878
Top Score on the Wrong Exam:
On Benchmarking in Machine Learning for Vulnerability Detection
https://arxiv.org/pdf/2408.12986
On Benchmarking in Machine Learning for Vulnerability Detection
https://arxiv.org/pdf/2408.12986
Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser