Top Tweets for #Sec_code_review

3 months ago

#MLSecOps #Sec_code_review "SecCodeBench-V2 Technical Report", Feb. 2026. // SecCodeBench-V2 (SCBv2) - https://t.co/IFFzGdXpmA benchmark for evaluating LLM copilots’ capabilities of generating secure code. SCBv2 adopts a function-level task formulation: each scenario provides a complete project scaffold and requires the model to implement or patch a designated target function under fixed interfaces and dependencies. For each scenario, SCBv2 provides executable PoC test cases for both functional validation and security verification. All test cases are authored and double-reviewed by security experts, ensuring high fidelity, broad coverage, and reliable ground truth

0

3

1

2

225

4 months ago

#tools #Sec_code_review #Offensive_security Claude Code in a devcontainer https://t.co/OPDyuMyCf8 // Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review

0

4

0

5

325

5 months ago

#reversing #Kernel_Security #Sec_code_review Exploiting Reversing (ER) series: Part 1 - Windows kernel drivers (1) https://t.co/MoAXZ7pHJK Part 2 - Windows kernel drivers (2) https://t.co/IqZr2h1fuz Part 3 - Chrome https://t.co/7fsTWqsEmw Part 4 - macOS/iOS https://t.co/W7VBr9luVF Part 5 - Hyper-V https://t.co/6LzkwbSrNZ // step-by-step research series on Windows, macOS, hypervisors and browsers

2

325

85

313

17K

5 months ago

#tools #Research #Sec_code_review "AutoBaxBuilder: Bootstrapping Code Security Benchmarking", Dec.2025. ]-> https://t.co/WLrwLncQYE // We introduce a robust pipeline with fine-grained plausibility checks, leveraging the code understanding capabilities of LLMs to construct functionality tests and end-to-end security-probing exploits

0

16

2

6

857

6 months ago

#Research #Sec_code_review #Threat_Research "A Systematic Study of Code Obfuscation Against LLM-based Vulnerability Detection", Dec.2025. ]-> https://t.co/iNl3xeAbCq // We provide a structured systematization of obfuscation techniques and evaluate them under a unified framework. Specifically, we categorize existing obfuscation methods into three major classes (layout, data flow, and control flow) covering 11 subcategories and 19 techniques. We implement these techniques across four programming languages (Solidity, C, C++, Python) using a consistent LLM-driven approach, and evaluate their effects on 15 LLMs spanning four model families (DeepSeek, OpenAI, Qwen, LLaMA), as well as on two coding agents (GitHub Copilot and Codex). Our findings reveal both positive and negative impacts of code obfuscation on LLM-based vulnerability detection, highlighting conditions under which obfuscation leads to performance improvements or degradations

0

59

17

40

2K

7 months ago

#tools #Sec_code_review "Distilling Lightweight Language Models for C/C++ Vulnerabilities", Oct. 2025. ]-> https://t.co/NhFlFOSgOf // This paper presents FineSec - framework that harnesses LLMs through knowledge distillation to enable efficient and precise vulnerability identification in C/C++ codebases. FineSec utilizes knowledge distillation to transfer expertise from large teacher models to compact student models, achieving high accuracy with minimal computational cost. Extensive evaluations on C/C++ codebases demonstrate its superiority over both base models and larger LLMs in identifying complex vulnerabilities and logical flaws

5

11

3

7

908

8 months ago

#tools #Sec_code_review "KNighter: Transforming Static Analysis with LLM-Synthesized Checkers", SOSP 2025. ]-> https://t.co/lHPCHce1Su // KNighter - first approach that unlocks scalable LLM-based static analysis by automatically synthesizing static analyzers from historical bug patterns. Rather than using LLMs to directly analyze massive systems, our key insight is leveraging LLMs to generate specialized static analyzers guided by historical patch knowledge. This work establishes an entirely new paradigm for scalable, reliable, and traceable LLM-based static analysis for real-world systems via checker synthesis

0

4

0

1

220

9 months ago

#Sec_code_review "AutoStub: Genetic Programming-Based Stub Creation for Symbolic Execution", 2025. ]-> All implementation details and datasets - https://t.co/L4KBs4SJRG // In this work, we propose a novel approach to automatically generate symbolic stubs for external functions during symbolic execution that leverages Genetic Programming

0

3

1

232

11 months ago

#Research #Sec_code_review "Explainable Vulnerability Detection in C/C++ Using Edge-Aware Graph Attention Networks", 2025. ]-> https://t.co/N2ayCtPVTL // This paper presents ExplainVulD, a graph-based framework for vulnerability detection in C/C++ code. The method constructs Code Property Graphs and represents nodes using dual-channel embeddings that capture both semantic and structural information. These are processed by an edge-aware attention mechanism that incorporates edge-type embeddings to distinguish among program relations

0

6

1

3

227

over 1 year ago

#tools #Sec_code_review LLVM based static binary analysis framework https://t.co/F6kE1ZSuEm

0

1

0

144

about 2 years ago

#Research #Sec_code_review "Know Your Neighborhood: General and Zero-Shot Capable Binary Function Search Powered by Call Graphlets", 2024. ]-> Repo: https://t.co/KOZmFxO57B

0

21

6

2K

about 2 years ago

#Sec_code_review Dangling Pointer Guide https://t.co/PXbhI4lKzm ]-> Dangling Pointer Detector: https://t.co/FAT3FxoEbX

0

2

0

1

886

over 2 years ago

#Sec_code_review Visual Studio Code Security: Part 1 - Deep Dive into Your Favorite Editor https://t.co/i5Z2vu1p3w Part 2 - Markdown Vulns in Third-Party Extensions https://t.co/rnuiEyRRPL Part 3 - Finding New Vulns in the NPM Integration https://t.co/J9Fktvtx4I

0

3

0

4

1K

over 2 years ago

#Analytics #Sec_code_review Top System Programming Vulnerabilities https://t.co/Uc3SX9af9p

0

3

1

2

1K

over 2 years ago

#tools #Sec_code_review Symbiotic - tool for finding bugs in computer programs based on instrumentation, program slicing and KLEE https://t.co/2VKcuFSBD7

0

4

1

2

937

almost 3 years ago

#Sec_code_review A practical experiment on supply-chain security using reproducible builds https://t.co/ruJJ9NufwJ

0

9

2

1K

almost 3 years ago

#tools #Sec_code_review BINSEC - open-source toolset to help improve software security at the binary level https://t.co/DuxIUbthRU

0

10

1

3

2K