[CCS'24] An LLM-based, fully automated fuzzing tool for option combination testing. - NASP-THU/ProphetFuzz

Fuzzing—one of the most successful techniques for finding security bugs, consistently featured in articles and industry conferences—has become so popular that you may think most important software has already been extensively fuzzed. But that’s not always…

One of the biggest issues with LLM-generated code is a lack of trust, mostly stemming from a lack of understanding from not having written it personally, which leads to reduced confidence that the code handles edge cases properly.

This blog post is the result of some weekend research, where I delved into Pishi, a static macOS kernel binary rewriting tool, which I presented at POC2024. During the weekdays, I focus on Linux kernel security at my job and would rather not investigate the…

Journal of Hardware and Systems Security - Trusted execution environments (TEE) are deployed on many platforms to provide both confidentiality and integrity, and their extensive use offers a secure...

Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities...

Posted by Ivan Fratric, Google Project Zero Recently, one of the projects I was involved in had to do with video decoding on Apple pla...

Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.

Our security analysis of the Mongoose Web Server Library’s TLS implementation identified 10 significant vulnerabilities.

Fuzzing is the art of uncovering vulnerabilities through rapid target re-executions and intelligent input mutations.

In this talk, we'll dive deep into LibAFL, the state-of-the-art fuzzing library by the AFLplusplus project, and explore its more advanced…

In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.

Contribute to nedwill/presentations development by creating an account on GitHub.

Live streaming from the 38th Chaos Communication Congress