Skip Navigation
What book(s) are you currently reading? 03 August
  • My favorite Discworld book is his last, The Shepherd's Crown. After doing the whole library, I felt it ending well. Then you read the afterword by Rob Wilkins... you get all the feels.

  • What book(s) are you currently reading? 03 August
  • Re-reading the original Ringworld series by Larry Niven so that I can read the newer Fleet of World series. Currently on Ringworld Throne.

    Did you know there is a fediverse reading tracker called Bookwyrm? You can find me here! https://books.infosec.exchange/user/xavier

  • Google camera requires Google photos, is there any workaround?
  • Have you tried Open Camera or Cymera? May be easier to use another camera app.

  • Deleted
    *Permanently Deleted*
  • AHHH! NATION STATE!!!

  • Never do this!
  • This applies to you monogamous people, as well as us poly folks.

  • Discussions related to Infosec.pub @infosec.pub Xavier Ashe @infosec.pub
    Feature Request: Open external links in new tab

    Is there a setting to default all external links to a new tab? I'm used to that behavior from infosec.exchange. I keep finding myself having to reopen infosec.pub after going down a rabbit hole.

    0
    Looking For Something to Read
  • I'm currently going through Niven's work. I'd suggest The Mote in God's Eye by Larry Niven and Jerry Pournelle.

    Project Hail Mary by Andy Weir is also an amazing book if you haven't read it yet.

    One more suggestion: Rendezvous with Rama by Arthur C. Clarke

  • GitHub - JetP1ane/Callisto: Callisto - An Intelligent Binary Vulnerability Analysis Tool
    github.com GitHub - JetP1ane/Callisto: Callisto - An Intelligent Binary Vulnerability Analysis Tool

    Callisto - An Intelligent Binary Vulnerability Analysis Tool - GitHub - JetP1ane/Callisto: Callisto - An Intelligent Binary Vulnerability Analysis Tool

    GitHub - JetP1ane/Callisto: Callisto - An Intelligent Binary Vulnerability Analysis Tool

    Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the psuedo code output looking for potential security vulnerabilities in that pseudo c code. Ghidra's headless decompiler is what drives the binary decompilation and analysis portion. The pseudo code analysis is initially performed by the Semgrep SAST tool and then transferred to GPT-3.5-Turbo for validation of Semgrep's findings, as well as potential identification of additional vulnerabilities.

    This tool's intended purpose is to assist with binary analysis and zero-day vulnerability discovery. The output aims to help the researcher identify potential areas of interest or vulnerable components in the binary, which can be followed up with dynamic testing for validation and exploitation. It certainly won't catch everything, but the double validation with Semgrep to GPT-3.5 aims to reduce false positives and allow a deeper analysis of the program.

    !

    0
    GitHub - mahaloz/DAILA: A decompiler-unified plugin for accessing the OpenAI API to improve your decompilation experience
    github.com GitHub - mahaloz/DAILA: A decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4 and local models supported!

    A decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4 and local models supported! - GitHub - mahaloz/DAILA: A decompiler-agnostic plugin for interacting with AI in your dec...

    GitHub - mahaloz/DAILA: A decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4 and local models supported!

    A decompiler-unified plugin by Zion Basque that leverages the OpenAI API to enhance your decompilation process by offering function identification, function summarisation and vulnerability detection. The plugin currently supports IDA, Binja and Ghidra.

    !

    0
    GitHub - trailofbits/Codex-Decompiler
    github.com GitHub - trailofbits/Codex-Decompiler

    Contribute to trailofbits/Codex-Decompiler development by creating an account on GitHub.

    GitHub - trailofbits/Codex-Decompiler

    Codex Decompiler is a Ghidra plugin that utilizes OpenAI's models to improve the decompilation and reverse engineering experience. It currently has the ability to take the disassembly from Ghidra and then feed it to OpenAI's models to decompile the code. The plugin also offers several other features to perform on the decompiled code such as finding vulnerabilities using OpenAI, generating a description using OpenAI, or decompiling the Ghidra pseudocode.

    0
    G-3PO: A Protocol Droid for Ghidra
    medium.com G-3PO: A Protocol Droid for Ghidra

    (A Script that Solicits GPT-3 for Comments on Decompiled Code)

    In this post, I introduce a new Ghidra script that elicits high-level explanatory comments for decompiled function code from the GPT-3 large language model. This script is called G-3PO. In the first few sections of the post, I discuss the motivation and rationale for building such a tool, in the context of existing automated tooling for software reverse engineering. I look at what many of our tools — disassemblers, decompilers, and so on — have in common, insofar as they can be thought of as automatic paraphrase or translation tools. I spend a bit of time looking at how well (or poorly) GPT-3 handles these various tasks, and then sketch out the design of this new tool.

    If you want to just skip the discussion and get yourself set up with the tool, feel free to scroll down to the last section, and then work backwards from there if you like.

    The Github repository for G-3PO can be found HERE.

    0
    GitHub - ant4g0nist/polar: A LLDB plugin which queries OpenAI's davinci-003 language model to explain the disassembly
    github.com GitHub - ant4g0nist/polar: A LLDB plugin which queries OpenAI's davinci-003 language model to explain the disassembly

    A LLDB plugin which queries OpenAI's davinci-003 language model to explain the disassembly - GitHub - ant4g0nist/polar: A LLDB plugin which queries OpenAI's davinci-003 language model to ex...

    GitHub - ant4g0nist/polar: A LLDB plugin which queries OpenAI's davinci-003 language model to explain the disassembly

    LLDB plugin which queries OpenAI's davinci-003 language model to speed up reverse-engineering. Treat it like an extension of Lisa.py, an Exploit Dev Swiss Army Knife.

    At the moment, it can ask davinci-003 to explain what the current disassembly does. Here is a simple example of what results it can provide:

    !

    0
    GitHub - MayerDaniel/ida_gpt
    github.com GitHub - MayerDaniel/ida_gpt

    Contribute to MayerDaniel/ida_gpt development by creating an account on GitHub.

    GitHub - MayerDaniel/ida_gpt

    IDAPython script by Daniel Mayer that uses the unofficial ChatGPT API to generate a plain-text description of a targeted routine. The script then leverages ChatGPT again to obtain suggestions for variable and function names.

    0
    GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering
    github.com GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering

    IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering - GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo language model...

    GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering

    Gepetto is a Python script which uses OpenAI's gpt-3.5-turbo and gpt-4 models to provide meaning to functions decompiled by IDA Pro. At the moment, it can ask gpt-3.5-turbo to explain what a function does, and to automatically rename its variables.

    0
    GitHub - moyix/gpt-wpre: Whole-Program Reverse Engineering with GPT-3
    github.com GitHub - moyix/gpt-wpre: Whole-Program Reverse Engineering with GPT-3

    Whole-Program Reverse Engineering with GPT-3. Contribute to moyix/gpt-wpre development by creating an account on GitHub.

    GitHub - moyix/gpt-wpre: Whole-Program Reverse Engineering with GPT-3

    This is a little toy prototype of a tool that attempts to summarize a whole binary using GPT-3 (specifically the text-davinci-003 model), based on decompiled code provided by Ghidra. However, today's language models can only fit a small amount of text into their context window at once (4096 tokens for text-davinci-003, a couple hundred lines of code at most) -- most programs (and even some functions) are too big to fit all at once.

    GPT-WPRE attempts to work around this by recursively creating natural language summaries of a function's dependencies and then providing those as context for the function itself. It's pretty neat when it works! I have tested it on exactly one program, so YMMV.

    0
    Discussions related to Infosec.pub @infosec.pub Xavier Ashe @infosec.pub
    Integrations with Mastodon?

    Hey everyone. I just joined and am a current member over at infosec.exchange. Is there any good way to leverage Mastodon in Lemmy, or visa-versa?

    0
    xavier Xavier Ashe @infosec.pub

    What am I doing now:

    • #Infosec Executive in Financial Services
    • #SecurityOperations, #ProductionSupport, and #Firewall management
    • Board Chairman TAG Information #Security Society
    • Member of #EFGA, #ATL2600, #DC404, #DC770, #DC706
    • Father of 8 kids including 🇭🇳x2, 🏳️‍🌈, 🏳️‍⚧️, ♾️
    • #Speake
    Posts 10
    Comments 7