Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Alex Plaskett Profile picture
@alexjplaskett
Oct 12, 2024 15 tweets 6 min read Read on X
Scrolly
Applying LLMs for security related tasks has been a hot topic recently.

Here's a thread of certain material which caught my eye! 🧵 Image
1/ eyeballvul: a future-proof benchmark for vulnerability detection in the wild by @timotheechauvin

arxiv.org/pdf/2407.08708Image
2/ The DL on LLM Code Analysis by @richinseattle

fuzzing.io/Presentations/…Image
3/ An Empirical Study of LLM for Code Analysis: Understanding Syntax and Semantics

openreview.net/pdf/61d43ad4ea…Image
4/ NExT: Teaching Large Language Models to Reason about Code Execution

arxiv.org/pdf/2404.14662Image
5/ How Does Naming Affect LLMs on Code Analysis Tasks?

arxiv.org/pdf/2307.12488Image
6/ AI Powered Bug Hunting by @ortegaalfredo

github.com/ortegaalfredo/…
The second big area is augmenting language models with the ability to use tools and agentic approaches:
7/ Augmented Language Models: a Survey

arxiv.org/pdf/2302.07842Image
8/ An Empirical Evaluation of LLMs for Solving Offensive Security Challenges

arxiv.org/pdf/2402.11814Image
9/ EnIGMA: Enhanced Interactive Generative Model Agent for CTF Challenges

enigma-agent.github.io/assets/paper.p…Image
10/ Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

googleprojectzero.blogspot.com/2024/06/projec…
11/ Automated LLM Bugfinders by @daveaitel

cybersecpolitics.blogspot.com/2024/06/automa…
12/ More software engineering than security directly, however, core concepts agentic frameworks are built on:

OpenHands - A platform for software development agents powered by AI

github.com/All-Hands-AI/O…

SWE-Agent - GitHub issue tracker fixer

github.com/princeton-nlp/…
There's so much going on in this area right now! What have I missed?

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alex Plaskett

Alex Plaskett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @alexjplaskett

Alex Plaskett Profile picture
Mar 18, 2024
The amount of free training courses available these days for #cybersecurity is wild. People ask me if its worth paying for a specific course? First, have you seen all the free material out there?

Lets dig into a selection! 👇 Image
1/ Modern Binary Exploitation by @RPISEC. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.

github.com/RPISEC/MBE
Image
2/ OpenSecurityTraining by @XenoKovah Not strictly binary exploitation but all the fundementals needed for this. Architecture, debugging, reverse engineering, vulns and exploitation courses.

p.ost2.fyi/courses
Read 23 tweets
Alex Plaskett Profile picture
Feb 4, 2024
Continuing on from my previous thread on remote exploits (macOS/Linux) here is the eagerly antipated Windows version!

A small selection from multiple areas!

#cybersecurity #windows Image
TCP/IP

1/ ICMPv6 Router Advertisement packets by @0vercl0k



A remote kernel DoS vulnerability when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. Patch diffing, reverse engineering tcpip.sys and creating a POC.doar-e.github.io/blog/2021/04/1…
2/ Sending a IPv6 fragmented datagram via IPsec ESP packets leads to a OOB write by @chompie1337



Another critical issue in tcpip.sys, patch diffing + investigation of the bug. A DoS poc and possible exploit primitives which could be used for RCE.securityintelligence.com/x-force/dissec…
Read 12 tweets
Alex Plaskett Profile picture
Dec 4, 2023
Jailbreaking the Sonos Era 100



The Era 100 is Sonos’s flagship device, released on March 28th 2023 and is a notable step up from the Sonos One. @NCCGroupInfosec found multiple weaknesses within the bootloader which could lead to full compromise

#sonos research.nccgroup.com/2023/12/04/sho…
Image
2/ According to Sonos, the issues reported were patched in an update released on the 15th of November with no CVE issued or public details of the security weakness. Users of Sonos devices should ensure to apply any recent updates to remediate the risk.
3/ In this article we document the process of analysing the hardware, discovering several issues and developing a persistent secure boot bypass for
the Sonos Era 100.
Read 13 tweets
Alex Plaskett Profile picture
Apr 2, 2023
Everyone knows that a firewall is meant to provide network security. However, what happens if that appliance has vulnerabilities on your external perimeter?

Here’s 5 firewall and VPN exploit research from the past:
1/ Cisco - @saidelike found and exploited a pre-auth RCE vuln in Cisco ASA firewalls recon.cx/2018/brussels/…
2/ Fortigate and Pulse Secure SSL VPN by @orange_8361 and @mehqq_ i.blackhat.com/USA-19/Wednesd… and followed up with more fortigate exploits by @hacks_zach github.com/horizon3ai/CVE… and blog.scrt.ch/2023/03/14/pro…
Read 7 tweets
Alex Plaskett Profile picture
Mar 4, 2023
Want to know how to find bugs through fuzzing others miss? 10 insights from practical experience 👇 Image
1/ Identify fresh attack surface - if there’s a public tool out there it’s likely either been published when it stops finding bugs or the vendor themselves are running at a scale you can’t match and your issues will likely become dupes.
2/ Develop custom tooling or extend reliable public fuzzers - Most the interesting bugs I have found have been from private tooling or massively extended public tools. Certain types of bugs (e.g. race condition issues) can be difficult to trigger with non specialist fuzzers.
Read 12 tweets
Alex Plaskett Profile picture
Feb 8, 2023
At the end of last year I decide to take a look into consumer router security (Netgear, TP-Link, Synology) and dam was there a lot of great previous research! Here are some articles which practically demonstrate RCE from a LAN or WAN perspective: Image
Netgear Routers Image
1/ Puckungfu: A NETGEAR WAN Command Injection @_mccaulay

research.nccgroup.com/2022/12/22/puc…

The pucfu binary executes during boot and will attempt to connect to a domain and retrieve a JSON response. This is hijacked with a specially crafted JSON response to perform command injection.
Read 19 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(