Slava Moskvin
@sl4v.bsky.social
📤 12
đź“Ą 25
đź“ť 9
Hacker
Proof that AI can now find 0-days even w/o agents or advanced tooling. Also pretty cool: o3 managed to find the vulnerability only 8 out of 100 times. I hadn’t realized it might take that many tries to get a useful result from AI.
sean.heelan.io/2025/05/22/h...
#linux
#infosec
#llm
loading . . .
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API ̵…
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
4 months ago
0
0
0
The sheer scale of this operation, as well as the investigation, is fascinating
www.inversecos.com/2025/02/an-i...
loading . . .
An inside look at NSA (Equation Group) TTPs from China’s lense
https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html
7 months ago
0
0
0
Creating a fuzzer for Chrome’s V8. Down to earth blogpost w/o any illusions
apt29a.blogspot.com/2022/01/fuzz...
loading . . .
Fuzzing Chromes JavaScript Engine v8
tltr; I developed a coverage-guided (v8) JavaScript fuzzer similar to Fuzzilli  (but without an intermediate language and developed in Py...
https://apt29a.blogspot.com/2022/01/fuzzing-chromes-javascript-engine-v8.html
8 months ago
0
0
0
Fuzzing the Linux kernel: start the campaign, go to sleep, wake up to mysteries you may never solve. Here’s what happened when I took on TIPC network subsystem in Linux:
slavamoskvin.com/finding-bugs...
#fuzzing
#cybersecurity
#pentesting
#kernel
loading . . .
Finding Bugs in Kernel. Part 2: Fuzzing the Actual Kernel · Slava Moskvin
https://slavamoskvin.com/finding-bugs-in-kernel.-part-2-fuzzing-the-actual-kernel/
8 months ago
0
0
0
Setting up syzkaller and crashing a vulnerable driver:
slavamoskvin.com/finding-bugs...
#linux
#infosec
#fuzzing
loading . . .
Finding Bugs in Kernel. Part 1: Crashing a Vulnerable Driver with Syzkaller · Slava Moskvin
https://slavamoskvin.com/finding-bugs-in-kernel.-part-1-crashing-a-vulnerable-driver-with-syzkaller/
9 months ago
0
0
0
This year, I came across many articles, but those really caught my eye: Google Project Zero's LLM-fuzzing series where they're using LLMs to generate fuzzing test cases
googleprojectzero.blogspot.com/2024/06/proj...
googleprojectzero.blogspot.com/2024/10/from...
loading . . .
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and e...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
10 months ago
1
0
0
I tried to discover the same bug in a linux kernel module with and without KASAN. Here's what's happened:
slavamoskvin.com/hunting-bugs...
#linux
#fuzzing
#cybersecurity
11 months ago
0
2
0
you reached the end!!
feeds!
log in
