EPISODE · Nov 11, 2024 · 1H 22M
Static Analysis, LLMs, and In-The-Wild Exploit Chains
from Day[0] · host dayzerosec
Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insights via Google's Threat Analysis Group. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/262.html [00:00:00] Introduction [00:00:35] Discovering Hidden Vulnerabilities in Portainer with CodeQL [00:18:12] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX [00:28:25] From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code [00:50:00] Hexacon2024 - Caught in the Wild, Past, Present and Future by Clem1 [01:06:34] Hexacon 2024 Videos [01:11:34] WOOT 2024 Videos [01:18:38] Securing the open source supply chain: The essential role of CVEs [01:20:19] A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
What this episode covers
Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insights via Google's Threat Analysis Group. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/262.html [00:00:00] Introduction [00:00:35] Discovering Hidden Vulnerabilities in Portainer with CodeQL [00:18:12] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX [00:28:25] From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code [00:50:00] Hexacon2024 - Caught in the Wild, Past, Present and Future by Clem1 [01:06:34] Hexacon 2024 Videos [01:11:34] WOOT 2024 Videos [01:18:38] Securing the open source supply chain: The essential role of CVEs [01:20:19] A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
NOW PLAYING
Static Analysis, LLMs, and In-The-Wild Exploit Chains
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m