#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #breach #malware #ransomware #phishing #cloud #zero-day #authentication
Articles tagged with: #fuzz Clear filter
MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing of Industrial Control Protocols

MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing of Industrial Control Protocols

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02694v1 Announce Type: new Abstract: Industrial control systems (ICS) are vital to modern infrastructure but increasingly vulnerable to cybersecurity threats, particularly through weaknesses in their communication protocols. This paper presents MALF (Multi-Agent LLM Fuzzing Framework), an advanced fuzzing solution that integrates large language models (LLMs) with multi-agent coordination to identify vulnerabilities in industrial control protocols (ICPs). By leveraging...

#security-tools #vulnerability #ai #fuzz
FalseCrashReducer: Mitigating False Positive Crashes in OSS-Fuzz-Gen Using Agentic AI

FalseCrashReducer: Mitigating False Positive Crashes in OSS-Fuzz-Gen Using Agentic AI

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02185v1 Announce Type: cross Abstract: Fuzz testing has become a cornerstone technique for identifying software bugs and security vulnerabilities, with broad adoption in both industry and open-source communities. Directly fuzzing a function requires fuzz drivers, which translate random fuzzer inputs into valid arguments for the target function. Given the cost and expertise required to manually develop fuzz drivers, methods exist that leverage program analysis and Large Language...

#vulnerability #fuzz
E-FuzzEdge: Optimizing Embedded Device Security with Scalable In-Place Fuzzing

E-FuzzEdge: Optimizing Embedded Device Security with Scalable In-Place Fuzzing

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.01393v1 Announce Type: new Abstract: In this paper we show E-FuzzEdge, a novel fuzzing architecture targeted towards improving the throughput of fuzzing campaigns in contexts where scalability is unavailable. E-FuzzEdge addresses the inefficiencies of hardware-in-the-loop fuzzing for microcontrollers by optimizing execution speed. We evaluated our system against state-of-the-art benchmarks, demonstrating significant performance improvements. A key advantage of E-FuzzEdgearchitecture...

#fuzz
Logic Solver Guided Directed Fuzzing for Hardware Designs

Logic Solver Guided Directed Fuzzing for Hardware Designs

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.26509v1 Announce Type: new Abstract: The ever-increasing complexity of design specifications for processors and intellectual property (IP) presents a formidable challenge for early bug detection in the modern IC design cycle. The recent advancements in hardware fuzzing have proven effective in detecting bugs in RTL designs of cutting-edge processors. The modern IC design flow involves incremental updates and modifications to the hardware designs necessitating rigorous verification...

#detection-engineering #fuzz
Divide, Conquer and Verify: Improving Symbolic Execution Performance

Divide, Conquer and Verify: Improving Symbolic Execution Performance

cs.CR updates on arXiv.org arxiv.org

arXiv:2310.03598v3 Announce Type: replace Abstract: Symbolic Execution is a formal method that can be used to verify the behavior of computer programs and detect software vulnerabilities. Compared to other testing methods such as fuzzing, Symbolic Execution has the advantage of providing formal guarantees about the program. However, despite advances in performance in recent years, Symbolic Execution is too slow to be applied to real-world software. This is primarily caused by the \emph{path...

#vulnerability #fuzz
Intelligent Graybox Fuzzing via ATPG-Guided Seed Generation and Submodule Analysis

Intelligent Graybox Fuzzing via ATPG-Guided Seed Generation and Submodule Analysis

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.20808v1 Announce Type: new Abstract: Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize coverage and speed up verification. Coverage-Guided Fuzzing (CGF) methods help explore designs more effectively, but they struggle to focus on specific parts of the hardware. Existing Directed Gray-box Fuzzing (DGF)...

#fuzz
R1-Fuzz: Specializing Language Models for Textual Fuzzing via Reinforcement Learning

R1-Fuzz: Specializing Language Models for Textual Fuzzing via Reinforcement Learning

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.20384v1 Announce Type: new Abstract: Fuzzing is effective for vulnerability discovery but struggles with complex targets such as compilers, interpreters, and database engines, which accept textual input that must satisfy intricate syntactic and semantic constraints. Although language models (LMs) have attracted interest for this task due to their vast latent knowledge and reasoning potential, their practical adoption has been limited. The major challenges stem from insufficient...

#vulnerability #patch-management #fuzz
Semantic-Aware Fuzzing: An Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation

Semantic-Aware Fuzzing: An Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.19533v1 Announce Type: cross Abstract: Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits without semantic reasoning. Coverage-guided tools such as AFL++ use dictionaries, grammars, and splicing heuristics to impose shallow structural constraints, leaving deeper protocol logic, inter-field dependencies,...

#security-tools #vulnerability #ai #fuzz
Orion: Fuzzing Workflow Automation

Orion: Fuzzing Workflow Automation

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.15195v1 Announce Type: cross Abstract: Fuzz testing is one of the most effective techniques for finding software vulnerabilities. While modern fuzzers can generate inputs and monitor executions automatically, the overall workflow, from analyzing a codebase, to configuring harnesses, to triaging results, still requires substantial manual effort. Prior attempts focused on single stages such as harness synthesis or input minimization, leaving researchers to manually connect the pieces...

#vulnerability #fuzz
Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks

Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.13740v1 Announce Type: new Abstract: One of the biggest attack surfaces of embedded systems is their network interfaces, which enable communication with other devices. Unlike their general-purpose counterparts, embedded systems are designed for specialized use cases, resulting in unique and diverse communication stacks. Unfortunately, current approaches for evaluating the security of these embedded network stacks require manual effort or access to hardware, and they generally focus...

#incident #fuzz
IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.09158v1 Announce Type: new Abstract: Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart cameras. Implementation flaws in transport or application-layer security mechanisms can expose IoT devices to a range of threats, including unauthorized...

#vulnerability #patch-management #fuzz
All You Need Is A Fuzzing Brain: An LLM-Powered System for Automated Vulnerability Detection and Patching

All You Need Is A Fuzzing Brain: An LLM-Powered System for Automated Vulnerability Detection and Patching

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.07225v1 Announce Type: new Abstract: Our team, All You Need Is A Fuzzing Brain, was one of seven finalists in DARPA's Artificial Intelligence Cyber Challenge (AIxCC), placing fourth in the final round. During the competition, we developed a Cyber Reasoning System (CRS) that autonomously discovered 28 security vulnerabilities - including six previously unknown zero-days - in real-world open-source C and Java projects, and successfully patched 14 of them. The complete CRS is open...

#vulnerability #patch-management #detection-engineering #ai #fuzz
FuzzBox: Blending Fuzzing into Emulation for Binary-Only Embedded Targets

FuzzBox: Blending Fuzzing into Emulation for Binary-Only Embedded Targets

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.05643v1 Announce Type: new Abstract: Coverage-guided fuzzing has been widely applied to address zero-day vulnerabilities in general-purpose software and operating systems. This approach relies on instrumenting the target code at compile time. However, applying it to industrial systems remains challenging, due to proprietary and closed-source compiler toolchains and lack of access to source code. FuzzBox addresses these limitations by integrating emulation with fuzzing: it dynamically...

#vulnerability #zero-day #fuzz
FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage

FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.04967v1 Announce Type: cross Abstract: Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily using control flow edge coverage, which can overlook bugs not easily exposed through control flow analysis alone. We argue that integrating dataflow analysis into the fuzzing process can enhance its...

#vulnerability #fuzz
Locus: Agentic Predicate Synthesis for Directed Fuzzing

Locus: Agentic Predicate Synthesis for Directed Fuzzing

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.21302v1 Announce Type: new Abstract: Directed fuzzing aims to find program inputs that lead to specified target program states. It has broad applications, such as debugging system crashes, confirming reported bugs, and generating exploits for potential vulnerabilities. This task is inherently challenging because target states are often deeply nested in the program, while the search space manifested by numerous possible program inputs is prohibitively large. Existing approaches rely...

#vulnerability #fuzz
Is there a market for a solo cybersecurity consultant?

Is there a market for a solo cybersecurity consultant?

cybersecurity www.reddit.com

Hey, I'm tired of corporate, O have over a decade of experience at: Security design and code review, setup fuzzer, low-level security research on open source code projects etc. I want to start my own solo consultant service in which I will offer: 1. Threat modeling 2. Security design reviews 3. Security code reviews Any experience to share? submitted by /u/LeftAssociation1119 [link] [comments]

#fuzz #threat-modeling
MultiFuzz: A Dense Retrieval-based Multi-Agent System for Network Protocol Fuzzing

MultiFuzz: A Dense Retrieval-based Multi-Agent System for Network Protocol Fuzzing

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.14300v1 Announce Type: new Abstract: Traditional protocol fuzzing techniques, such as those employed by AFL-based systems, often lack effectiveness due to a limited semantic understanding of complex protocol grammars and rigid seed mutation strategies. Recent works, such as ChatAFL, have integrated Large Language Models (LLMs) to guide protocol fuzzing and address these limitations, pushing protocol fuzzers to wider exploration of the protocol state space. But ChatAFL still faces...

#fuzz