In recent years, vulnerability discovery has largely relied on static analysis tools with predefined pattern matching and taint analysis. These traditional methods are not as efficient for complex codebases that span multiple files and utilize atypical input processing techniques. While successful for common vulnerability patterns, they frequently miss sophisticated attack vectors that operate across multiple functions, and sometimes multiple files. In this talk, we will be covering Tree-of-AST, a new framework that combines large language models with abstract syntax tree analysis to address the limitations above. This approach leverages a unique Locate-Trace-Vote (LTV) methodology that enables autonomous tracking of data flows within large-scale projects, even in the absence of predefined source patterns. We will be sharing conclusive benchmark analysis showing that the Tree-of-AST method outperforms established tools by discovering previously undetected vulnerabilities. The study was done on widely-used open-source projects. Further, we demonstrate that our system autonomously generates working exploits with a success rate above the industry average for similar tools. We would wrap up the talk by examining practical defensive strategies developers could implement to protect their codebases from similar emerging techniques, and discuss how automatic exploitation capabilities reshape the modern digital security landscape. By: Sasha Zyuzin | Student, Bachelor's Degree, University of Maryland Ruikai Peng | Founder, Pwno Presentation Materials Available at: https://ift.tt/MBxqKGU
source https://www.youtube.com/watch?v=VNBEoLE_bGA
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment