The Discovery of Zenbleed ft. Tavis Ormandy - https://youtu.be/neWc0H1k2Lc
YouTube
The Discovery of Zenbleed ft. Tavis Ormandy
How did Tavis Ormandy fuzz CPUs to discover Zenbleed? In this video we learn about the techniques to make this work!
Watch part 2: https://www.youtube.com/watch?v=9EY_9KtxyPg
buy my font (advertisement): https://shop.liveoverflow.com/
This video is sponsored…
Watch part 2: https://www.youtube.com/watch?v=9EY_9KtxyPg
buy my font (advertisement): https://shop.liveoverflow.com/
This video is sponsored…
👍1
ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP - https://arxiv.org/pdf/2308.02122.pdf
Google Online Security Blog: Android Goes All-in on Fuzzing
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
Google Online Security Blog
Android Goes All-in on Fuzzing
Posted by Hamzeh Zawawy and Jon Bottarini, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over ...
Libprotobuf Fuzzing - https://www.mobilehackinglab.com/blog/libprotobuf-fuzzing
Mobilehackinglab
Libprotobuf Fuzzing
In this article we are going to dive into Libprotobuf structure-aware fuzzing to learn how to perform fuzzing against functions that accept only complex data types likes Structures, Classes or other structured data.
❤1👍1
https://github.com/intel/tsffs: A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS
GitHub
GitHub - intel/tsffs: A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS
A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS - intel/tsffs
❤2👍1
DEF CON 31 - LLMs at the Forefront Pioneering the Future of Fuzz Testing - https://www.youtube.com/watch?v=k9gt7MNXPDY
YouTube
DEF CON 31 - LLMs at the Forefront Pioneering the Future of Fuzz Testing - X
Large Language Models are already revolutionizing the software development landscape. As hackers we can only do what we've always done, embrace the machine and use it to do our bidding.
There are many valid criticisms of GPT models for writing code like…
There are many valid criticisms of GPT models for writing code like…
👍2
Tickling ksmbd: fuzzing SMB in the Linux kernel - https://pwning.tech/ksmbd-syzkaller/
Pwning Tech
Tickling ksmbd: fuzzing SMB in the Linux kernel
Following the adventure of manually discovering network-based vulnerabilities in the Linux kernel, I'm adding ksmbd-fuzzing functionality to the already extensive kernel-fuzzing tool that is Syzkaller.
🔥1
Breaking the Barrier of Dynamic Testing: Detect and Autoconfigure Entry Points With CI Spark - https://www.code-intelligence.com/blog/ci-spark
Code-Intelligence
CI Spark - LLM-Powered Entry Point Detection and Configuration
CI Spark leverages LLMs to automatically detect and configure entry points for dynamic white-box testing. Find out how it works!
Fuzzing ntopng - https://github.com/quarkslab/conf-presentations/blob/master/Confs/ntopconf-2023/ntopconf-2023-fuzzing-ntop-rmori.pdf
GitHub
conf-presentations/Confs/ntopconf-2023/ntopconf-2023-fuzzing-ntop-rmori.pdf at master · quarkslab/conf-presentations
Quarkslab conference talks. Contribute to quarkslab/conf-presentations development by creating an account on GitHub.
The WebP 0day - https://blog.isosceles.com/the-webp-0day/
Isosceles Blog
The WebP 0day
Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image…
👍1
AI Hacking 🔥 OWASP Top 10 Vulnerabilities in LLM Applications - https://www.youtube.com/watch?v=engR9tYSsug
YouTube
AI Hacking 🔥 OWASP Top 10 Vulnerabilities in LLM Applications
In the rapidly changing world of AI and LLM applications, security is paramount. This video provides a deep dive into the OWASP Top 10 vulnerabilities for LLM applications 🤖. We'll cover critical issues like Prompt Injection, Insecure Output Handling, Model…
🔥2❤1
UBfuzz: Finding Bugs in Sanitizer Implementations - https://shao-hua-li.github.io/files/2024_ASPLOS_UBFUZZ.pdf
GPTFUZZER: Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts - https://arxiv.org/pdf/2309.10253.pdf
ADVANCED FUZZING UNMASKS ELUSIVE VULNERABILITIES - https://www.srlabs.de/blog-post/advanced-fuzzing-unmasks-elusive-vulnerabilities
Snapshot fuzzing direct composition with WTF - https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
Cisco Talos Blog
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
Large Language Model guided Protocol Fuzzing - https://mpi-softsec.github.io/papers/NDSS24-chatafl.pdf
Cascade: CPU Fuzzing via Intricate Program Generation - https://comsec.ethz.ch/research/hardware-design-security/cascade-cpu-fuzzing-via-intricate-program-generation/
Writing a Windows Fuzzer From Scratch
- https://www.legacyy.xyz/vr/windows/2023/10/23/writing-a-windows-fuzzer-from-scratch.html
- https://www.legacyy.xyz/vr/windows/2023/10/23/writing-a-windows-fuzzer-from-scratch.html
Legacyy
Writing a Windows Fuzzer From Scratch
Over the past year, I have dedicated a large majority of my spare time to studying Windows internals. Doing so got me hooked on content from vulnerability research space, and such I have started learning how to fuzz simple windows targets.