July 31, 2024

                July 31, 2024

            July 31, 2024

            July 31, 2024

I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: https://t.co/P2HB4xMwEK
— chompie (@chompie1337) July 30, 2024

Unbelievable. Top leaders of Hezbollah and Hamas both liquidated in the space of about twelve hours in two different capitals, Beirut and Tehran. Israel has put Iran on notice that its proxies are no longer safe, anywhere. https://t.co/OLroDDtqXU
— Michael Weiss (@michaeldweiss) July 31, 2024

Amazon ($19.99) is a showroom for Aliexpress

Aliexpress ($5.17) is a showroom for Taobao

Taobao ($2.48) is a showroom for Alibaba

Alibaba ($0.69) is a showroom for well whoever actually makes the thing!

Via @pandrewhk https://t.co/5XMxaJ0g8Q pic.twitter.com/rNgYyMkeuC
— @levelsio (@levelsio) July 30, 2024

Declassified UK MoD study that gives a good overview of how the Soviet co-orbital anti-satellite weapon engaged its target pic.twitter.com/Am9fOmsxOj
— Aaron Bateman (@aaronbateman22) July 30, 2024

lol, removing is-number from this package saves 440gb weeklyhttps://t.co/92et4T71rb pic.twitter.com/ZZesaqjq9i
— Passle (@passle_) July 30, 2024

I'm happy to share my article 'AI-Powered Bug Hunting - Evolution and benchmarking' where I released several open-source tools, including a simple benchmark, a bug auto-finder (AutoKaker) and auto-patcher (1/2) pic.twitter.com/KQIcaxvvSD
— AIfredo Ortega (@ortegaalfredo) July 29, 2024

I also make the the observation that it’s often easier to fix a vulnerability than to create an exploit for it, so this asymmetry between defense and attack will cause offensive AI-generated exploits to almost never succeed, because less complex defensive AI will discover and…
— AIfredo Ortega (@ortegaalfredo) July 29, 2024

So while it has found several bugs, I think the autopatcher is more interesting. Here we have the OpenBSD 7.5 kernel, booting with over 10,000 additional AI-generated patches and input checks within the IPv6 and IPv4 stacks. The cost to implement these improvements was ~ $6 USD. pic.twitter.com/KZ6ZPhGrE8
— AIfredo Ortega (@ortegaalfredo) July 29, 2024

https://github.com/ortegaalfredo/autokaker/blob/main/doc/AI-powered-bughunting-aortega-paper.pdf

Please don’t touch that, 

it’s my emotional support Any Any Any Allow rule
— rekdt (@rekdt) July 30, 2024

Our audit of Homebrew — Trail of Bits

                  Our audit of Homebrew | Trail of Bits Blog
By William Woodruff This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself…            

Wrote up some notes on trying out Aider, a neat open source Python terminal tool for working with codebases on disk via a variety of LLMs https://t.co/gE1GcWBnto pic.twitter.com/VBMNmgR93K
— Simon Willison (@simonw) July 31, 2024

Refreshing our technical deep dive into DNS exploitation which is still very relevant.

Watch and learn how we uncover the entire process of finding and exploiting a vulnerability in a DNS parser. From zero to exploit, it's all here.

Part1:https://t.co/TOKDIdX1MG
— Rado RC1 (@RabbitPro) July 30, 2024

Part2:https://t.co/QmebH4JVyh
— Rado RC1 (@RabbitPro) July 30, 2024

Don't miss what's next. Subscribe to the grugq's newsletter:

Start the conversation: