Proof that AI can now find 0-days even w/o agents or advanced tooling. Also pretty cool: o3 managed to find the vulnerability only 8 out of 100 times. I hadn’t realized it might take that many tries to get a useful result from AI.
sean.heelan.io/2025/05/22/h...
#linux #infosec #llm
sean.heelan.io/2025/05/22/h...
#linux #infosec #llm
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API ̵…
sean.heelan.io
June 19, 2025 at 7:46 PM
Proof that AI can now find 0-days even w/o agents or advanced tooling. Also pretty cool: o3 managed to find the vulnerability only 8 out of 100 times. I hadn’t realized it might take that many tries to get a useful result from AI.
sean.heelan.io/2025/05/22/h...
#linux #infosec #llm
sean.heelan.io/2025/05/22/h...
#linux #infosec #llm
The sheer scale of this operation, as well as the investigation, is fascinating www.inversecos.com/2025/02/an-i...
An inside look at NSA (Equation Group) TTPs from China’s lense
www.inversecos.com
March 2, 2025 at 8:44 PM
The sheer scale of this operation, as well as the investigation, is fascinating www.inversecos.com/2025/02/an-i...
Creating a fuzzer for Chrome’s V8. Down to earth blogpost w/o any illusions apt29a.blogspot.com/2022/01/fuzz...
Fuzzing Chromes JavaScript Engine v8
tltr; I developed a coverage-guided (v8) JavaScript fuzzer similar to Fuzzilli (but without an intermediate language and developed in Py...
apt29a.blogspot.com
February 16, 2025 at 9:58 AM
Creating a fuzzer for Chrome’s V8. Down to earth blogpost w/o any illusions apt29a.blogspot.com/2022/01/fuzz...
Fuzzing the Linux kernel: start the campaign, go to sleep, wake up to mysteries you may never solve. Here’s what happened when I took on TIPC network subsystem in Linux: slavamoskvin.com/finding-bugs...
#fuzzing #cybersecurity #pentesting #kernel
#fuzzing #cybersecurity #pentesting #kernel
Finding Bugs in Kernel. Part 2: Fuzzing the Actual Kernel · Slava Moskvin
slavamoskvin.com
February 2, 2025 at 12:15 PM
Fuzzing the Linux kernel: start the campaign, go to sleep, wake up to mysteries you may never solve. Here’s what happened when I took on TIPC network subsystem in Linux: slavamoskvin.com/finding-bugs...
#fuzzing #cybersecurity #pentesting #kernel
#fuzzing #cybersecurity #pentesting #kernel
Setting up syzkaller and crashing a vulnerable driver: slavamoskvin.com/finding-bugs...
#linux #infosec #fuzzing
#linux #infosec #fuzzing
Finding Bugs in Kernel. Part 1: Crashing a Vulnerable Driver with Syzkaller · Slava Moskvin
slavamoskvin.com
December 26, 2024 at 7:57 PM
Setting up syzkaller and crashing a vulnerable driver: slavamoskvin.com/finding-bugs...
#linux #infosec #fuzzing
#linux #infosec #fuzzing
This year, I came across many articles, but those really caught my eye:
Google Project Zero's LLM-fuzzing series where they're using LLMs to generate fuzzing test cases
googleprojectzero.blogspot.com/2024/06/proj...
googleprojectzero.blogspot.com/2024/10/from...
Google Project Zero's LLM-fuzzing series where they're using LLMs to generate fuzzing test cases
googleprojectzero.blogspot.com/2024/06/proj...
googleprojectzero.blogspot.com/2024/10/from...
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...
googleprojectzero.blogspot.com
December 16, 2024 at 9:03 PM
This year, I came across many articles, but those really caught my eye:
Google Project Zero's LLM-fuzzing series where they're using LLMs to generate fuzzing test cases
googleprojectzero.blogspot.com/2024/06/proj...
googleprojectzero.blogspot.com/2024/10/from...
Google Project Zero's LLM-fuzzing series where they're using LLMs to generate fuzzing test cases
googleprojectzero.blogspot.com/2024/06/proj...
googleprojectzero.blogspot.com/2024/10/from...
I tried to discover the same bug in a linux kernel module with and without KASAN. Here's what's happened: slavamoskvin.com/hunting-bugs...
#linux #fuzzing #cybersecurity
#linux #fuzzing #cybersecurity
November 16, 2024 at 12:27 AM
I tried to discover the same bug in a linux kernel module with and without KASAN. Here's what's happened: slavamoskvin.com/hunting-bugs...
#linux #fuzzing #cybersecurity
#linux #fuzzing #cybersecurity