Static Analysis, LLMs, and In-The-Wild Exploit Chains episode artwork

EPISODE · Nov 11, 2024 · 1H 22M

Static Analysis, LLMs, and In-The-Wild Exploit Chains

from Day[0] · host dayzerosec

Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insights via Google's Threat Analysis Group. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/262.html [00:00:00] Introduction [00:00:35] Discovering Hidden Vulnerabilities in Portainer with CodeQL [00:18:12] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX [00:28:25] From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code [00:50:00] Hexacon2024 - Caught in the Wild, Past, Present and Future by Clem1 [01:06:34] Hexacon 2024 Videos [01:11:34] WOOT 2024 Videos [01:18:38] Securing the open source supply chain: The essential role of CVEs [01:20:19] A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Episode metadata supplied by the publisher feed · Published Nov 11, 2024

Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite vulnerability. Finally, we wrap up with some discussion on Hexacon and WOOT talks, with a focus on Clem1's In-The-Wild exploit chains insights via Google's Threat Analysis Group. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/262.html [00:00:00] Introduction [00:00:35] Discovering Hidden Vulnerabilities in Portainer with CodeQL [00:18:12] Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX [00:28:25] From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code [00:50:00] Hexacon2024 - Caught in the Wild, Past, Present and Future by Clem1 [01:06:34] Hexacon 2024 Videos [01:11:34] WOOT 2024 Videos [01:18:38] Securing the open source supply chain: The essential role of CVEs [01:20:19] A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Static Analysis, LLMs, and In-The-Wild Exploit Chains

0:00 1:22:02

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 22 minutes long.

When was this Day[0] episode published?

This episode was published on November 11, 2024.

What is this episode about?

Methodology is the theme of this week's episode. We cover posts about static analysis via CodeQL, as well as a novel blackbox binary querying language called QueryX. Project Zero also leverages Large Language Models to successfully find a SQLite...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!