Introducing Java fuzz harness synthesis using LLMs

https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/

OSS-Fuzz blog

Introducing Java fuzz harness synthesis using LLMs

Introducing LLM-based harness generation for Java OSS-Fuzz projects.

A public secret : Research on the CVE-2024-30051 privilege escalation vulnerability in the wild

https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/

Qianxin

奇安信威胁情报中心

Nuxt.js project

Using Symbolic Execution to Devirtualise a Virtualised Binary

https://blog.deobfuscate.io/using-symbolic-execution-for-devirtualisation

Reverse Engineering Blog

Using Symbolic Execution to Devirtualise a Virtualised Binary

Using symbolic execution to reverse engineer and devirtualise a binary using virtual machine obfuscation.

Про обфускацию Control Flow Flattening

https://nerodesu017.github.io/posts/2023-12-01-antibots-part-8

Nerodesu017

ANTIBOTS - PART VIII - Geetest - CFF

In-Depth Control-Flow-Flattening Analysis

Список блогов по malware analysis

https://x.com/embee_research/status/1674001545476861954

X (formerly Twitter)

Matthew (@embee_research) on X

A collection of incredible (non-corporate) malware analysis and reverse engineering blogs that I have personally enjoyed over the years. All focused on education and knowledge sharing of malware/RE topics. [1/14] ***🧵*** (In no particular order) #malware #education

"Becoming a Vulnerability Researcher roadmap: my personal experience"

https://gist.github.com/tin-z/a469e996f8107a5ca8d3c858a2a4b65f

Gist

Becoming a Vulnerability Researcher roadmap: my personal experience

Becoming a Vulnerability Researcher roadmap: my personal experience - VR\_roadmap.md

chatgpt меня заскамил вчера. Сгенерил мне код, который работает неправильно. Я думаю че за херня, думал думал и понял, что (попробуйте сами найти) если обратить внимание на четверый цикл (for d := 48; c < 91; d++), то там должно быть d < 91, а не c < 91 =(

Repurpose EDR as an Offensive Tool

https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

SafeBreach

EDR as an Offensive Tool | SafeBreach

Learn how SafeBreach developed malware integrated within Palo Alto Networks Cortex XDR, exploiting its ransomware protection feature.

How to Keep Your Cool and Write Powerful Incident Response Reports

https://www.youtube.com/watch?v=fMWUDZOkRR4

YouTube

How to Keep Your Cool and Write Powerful Incident Response Reports

Presenter: Lenny Zeltser, CISO, Axonius Learn how to create stronger incident response reports that get read and drive action. We’ll cover report structure, enhancing clarity, capturing crucial technical and business details, and writing summaries decision…

This vulnerability exploits the nuances of the OAuth protocol and iOS’s handling of Custom URL Schemes and Safari browser sessions to steal OAuth Authentication Codes from vulnerable OAuth implementations, thereby allowing an attacker to gain access to a victim’s account.

https://evanconnelly.github.io/post/ios-oauth/

evanconnelly.github.io

Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped

Summary We (Julien Ahrens @MrTuxracer and myself @Evan\_Connelly) identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of…