A deep learning model for identifying and localizing vulnerabilities in C/C++ source code.

Static binary instrumentation for windows kernel drivers, to use with winafl

An LLM-based model for vulnerability patch generation in C/C++ source code

VulZoo: A Comprehensive Vulnerability Intelligence Dataset (ASE 2024 Demo)

The code and dataset of the paper.

An automated static taint analysis tool for the Lua web framework.

Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities

The Implementation of BinGo model (Published on AisaCCS 2024).

Code for the paper - Source Code Vulnerability Detection: Combining Code Language Models and Code Property Graph

PromtFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts.

Binary Code Summarization

ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Syscalls attack, a novel Heaven's Gate, and "shellcodeless" ROP.…

Lightweight fuzzing of a memory snapshot using KVM

Tool to generate ROP gadgets for ARM, AARCH64, x86, MIPS, PPC, RISCV, SH4 and SPARC

一个高价值漏洞采集与推送服务 | A valueable vulnerability collection and push service

Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, exi…

Fork from Usenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation

Precise and high-order static points-to/taint analysis based on LLVM IR.