BinWhisper：基于LLM的推理技术实现名人堂背后的自动化漏洞发现.pdf

《BinWhisper：基于LLM的推理技术实现名人堂背后的自动化漏洞发现.pdf》由会员分享，可在线阅读，更多相关《BinWhisper：基于LLM的推理技术实现名人堂背后的自动化漏洞发现.pdf（80页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsBinWhisperBinWhisper:LLM:LLM-Driven Reasoning for Automated Driven Reasoning for Automated Vulnerability Discovery Behind HallVulnerability Discovery Behind Hall-ofof-FameFameQinrun DaiYifei Xie#BHUSA BlackHatEventsQinrun Dai(2st_ _ _)CS PhD student,research interest:exploit ana

2、lysis&formalizationWindows SecurityExploitation DevelopmentSpeaker at Black Hat USA 2024,Linux Security Summit Europe 2024About UsYifei Xie(iceflying2005)Undergraduate student&Independent Security ResearcherBinary Security,AI for vulnerability discoveryHall of Fame of the Samsung Mobile Security Rew

3、ards Program 2024#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents Manual Vulnerability Auditing:A Deep Dive into CVE-2024-34587 Exploring LLMs Strengths in Code Reasoning Improving Code Analysis with LLMs via CVE-2024-34587 Applying LLMs to Real-World Vulnerability AnalysisAgenda#BHUS

4、A BlackHatEventsManual Vulnerability Auditing:A Deep Dive into CVE-2024-34587#BHUSA BlackHatEventsThis function is responsible for parsing rtcp app packets from the other end.The three parameters of PSIMemcpy:App_data_buf:size is 1024 bytesrtcp_pkt:size is 1560 bytesApp_data_len:value is 0-0 xffffBu

5、g is easy,journey is hard.Quick Review:CVE-2024-34587 heap overflow of parsing app rtcp function#BHUSA BlackHatEventsPSIMemcpy(DST:*(_QWORD*)(a1+1184),SRC:a2+(unsigned int)*a4,Length:4*(_WORD*)(a1+12)8):19752:19764:20936struct3:176struct2struct1:1704:2440char1024:6848char1600#BHUSA BlackHatEvents#BH

6、USA BlackHatEventslibsamsung_videoengine_9_0.solibrtp.so#BHUSA BlackHatEventslibsamsung_videoengine_9_0.so!CTransportManager:StartReceive(CTransportManager)libsamsung_videoengine_9_0.solibrtp.soCTransportManager:StartReceive#BHUSA BlackHatEventslibrtp.so!RTP_RtpCreatertp_content=PSIMallocEx(216LL)li