LLMs for Vuln Discovery: Finding 0days With a Click of a Button | Marcello Salvati, Dan McInerney скачать в хорошем качестве

LLMs for Vuln Discovery: Finding 0days With a Click of a Button | Marcello Salvati, Dan McInerney

🔗 Join us in-person and virtually at our Wild West Hackin' Fest: information security conferences — https://wildwesthackinfest.com/ 🔗 Register for Infosec Webcasts, Anti-casts & Summits. – https://poweredbybhis.com Large Language Models (LLMs) have opened up the floodgates for a whole new generation of security tooling. One of the most obvious applications is automatic discovery of vulnerabilities which so far has had extremely mixed results. Can LLMs “get good” at vulnerability discovery? In this talk, we cover our approach to the problem going into all the success and fails along the way. Finally, we will be tool dropping VulnHuntr, which implements our approach to using LLMs for discovering vulnerabilities through static code analysis along with presenting a number of 0days that were found by it. 00:00 - Welcome & Intro 03:51 - The Goal: create an LLM-powered static code analyzer 05:14 - Overcoming problems 09:09 - How the program actually works 13:57 - Parsing Python code 17:44 - Prompt engineering 20:29 - VULNHUNTR Tool repository address 20:42 - 0-Day Vulns found 30:42 - Q&A - Why did you use Claude? 31:53 - Q&A - How you can contribute - use a pull request 33:04 - Q&A - Can it patch vulnerabilities, too? 33:50 - Q&A - Have you tried plugging it into an agentic framework? 36:08 - Q&A - Does it support automatic verification? 37:19 - Q&A - Which version of Claude did you use? 3.5 Sonnet. 37:41 - Q&A - Can this be used for automatic pentesting? ///Black Hills Infosec Socials Twitter:   / bhinfosecurity   Mastodon: https://infosec.exchange/@blackhillsi... LinkedIn:   / antisyphon-training   Discord:   / discord   ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.mysh... ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/ser... Penetration Testing: https://www.blackhillsinfosec.com/ser... Incident Response: https://www.blackhillsinfosec.com/ser... ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pa... Live Training: https://www.antisyphontraining.com/co... On Demand Training: https://www.antisyphontraining.com/on... Antisyphon Discord:   / discord   Antisyphon Mastodon: https://infosec.exchange/@Antisy_Trai... ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube:    / wildwesthackinfest   Antisyphon Training YouTube:    / antisyphontraining   Active Countermeasures YouTube:    / activecountermeasures   Threat Hunter Community Discord:   / discord   Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/