AnyPoC: Universal Proof-Of-Concept Test Generation for Scalable LLM-Based Bug Detection

While recent LLM-based agents can identify many candidate bugs in source code, their reports remain static hypotheses that require manual validation, limiting the practicality of automated bug detection. We frame this challenge as a test generation task: given a candidate report, synthesizing an...

Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

Large-scale cyberattacks, referred to as campaigns, are documented across multiple CTI reports from diverse sources, with some providing a high-level overview of attack techniques and others providing technical details. Extracting attack techniques from reports is essential for organizations to...

OSV-2020-1422 Segv on unknown address in llvm::APInt::trunc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21207 Crash type: Segv on unknown address Crash state: llvm::APInt::trunc AnalyzeBitFieldAssignment clang::InitializationSequence::Perform...

AQUATONE - A Tool for Domain Flyovers

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and...

Loki - Scanner for Simple Indicators of Compromise

Simple IOC Scanner Detection is based on four detection methods: 1. File Name IOC Regex match on full file path/name 2. Yara Rule Check Yara signature match on file data and process memory 3. Hash check Compares known malicious hashes MD5, SHA1, SHA256 with scanned files The Windows binary is...

CVE-2024-11288

...