11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World

o Catch Vulnerabilities In Real-World Code

‫כניסה‬ ‫צור בלוג‬ ‫עוד‬

Project Zero
News and updates from the Project Zero team at Google

Search This Blog

F r i d a y, N o v e m b e r 1 , 2 0 2 4
Search

From Naptime to Big Sleep: Using Large Language Models To Catch Pages

Vulnerabilities In Real-World Code

About Project Zero

Posted by the Big Sleep team Working at Project Zero

0day "In the Wild"
Introduction 0day Exploit Root Cause Analyses
Vulnerability Disclosure FAQ
In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models,
we introduced our framework for large-language-model-assisted vulnerability research and demonstrated
its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since
Archives
then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google
DeepMind.
2024
Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an From Naptime to Big Sleep: Using
exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered Large Language Mo... (Oct)
the vulnerability and reported it to the developers in early October, who fixed it on the same day.
The Windows Registry Adventure
Fortunately, we found this issue before it appeared in an official release, so SQLite users were not #4: Hives and the r... (Oct)
impacted.
Effective Fuzzing: A Dav1d Case
We believe this is the first public example of an AI agent finding a previously unknown exploitable memory- Study (Oct)
safety issue in widely used real-world software. Earlier this year at the DARPA AIxCC event, Team Atlanta The Windows Registry Adventure
discovered a null-pointer dereference in SQLite, which inspired us to use it for our testing to see if we could #3: Learning resources (Jun)
find a more serious vulnerability. Project Naptime: Evaluating
Offensive Security Cap... (Jun)
We think that this work has tremendous defensive potential. Finding vulnerabilities in software before it's
even released, means that there's no scope for attackers to compete: the vulnerabilities are fixed before Driving forward in Android drivers
(Jun)
attackers even have a chance to use them. Fuzzing has helped significantly, but we need an approach that
can help defenders to find the bugs that are difficult (or impossible) to find by fuzzing, and we're hopeful The Windows Registry Adventure
#2: A brief history... (Apr)
that AI can narrow this gap. We think that this is a promising path towards finally turning the tables and
achieving an asymmetric advantage for defenders. The Windows Registry Adventure
#1: Introduction an... (Apr)
The vulnerability itself is quite interesting, along with the fact that the existing testing infrastructure for
SQLite (both through OSS-Fuzz, and the project's own infrastructure) did not find the issue, so we did some 2023
further investigation. First handset with MTE on the
market (Nov)
Methodology An analysis of an in-the-wild iOS
Safari WebConten... (Oct)
A key motivating factor for Naptime and now for Big Sleep has been the continued in-the-wild discovery of
Analyzing a Modern In-the-wild
exploits for variants of previously found and patched vulnerabilities. As this trend continues, it's clear that Android Exploit (Sep)
fuzzing is not succeeding at catching such variants, and that for attackers, manual variant analysis is a cost-
MTE As Implemented, Part 1:
effective approach.
Implementation Testing (Aug)
We also feel that this variant-analysis task is a better fit for current LLMs than the more general open-ended MTE As Implemented, Part 3: The
vulnerability research problem. By providing a starting point – such as the details of a previously fixed Kernel (Aug)
vulnerability – we remove a lot of ambiguity from vulnerability research, and start from a concrete, well- MTE As Implemented, Part 2:
founded theory: "This was a previous bug; there is probably another similar one somewhere". Mitigation Case Studies (Aug)

Our project is still in the research stage, and we are currently using small programs with known Summary: MTE As Implemented
(Aug)
vulnerabilities to evaluate progress. Recently, we decided to put our models and tooling to the test by
running our first extensive, real-world variant analysis experiment on SQLite. We collected a number of Release of a Technical Report into
Intel Trust Dom... (Apr)
recent commits to the SQLite repository, manually removing trivial and documentation-only changes. We
then adjusted the prompt to provide the agent with both the commit message and a diff for the change, Multiple Internet to Baseband
Remote Code Executio... (Mar)

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 1/8
11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
and asked the agent to review the current repository (at HEAD) for related issues that might not have been Exploiting null-dereferences in the
fixed. Linux kernel (Jan)
DER Entitlements: The (Brief)
Discovered Vulnerability Return of the Psychi... (Jan)

The vulnerability is an interesting one where a special sentinel value -1 is used in an (otherwise) index-typed 2022
field iColumn: Exploiting CVE-2022-42703 -
Bringing back the stac... (Dec)
7476: struct sqlite3_index_constraint {
Mind the Gap (Nov)
7477: int iColumn; /* Column constrained. -1 for ROWID */
7478: unsigned char op; /* Constraint operator */ A Very Powerful Clipboard:
7479: unsigned char usable; /* True if this constraint is usable */ Analysis of a Samsung i... (Nov)
7480: int iTermOffset; /* Used internally - xBestIndex should ignore */ Gregor Samsa: Exploiting
7481: } *aConstraint; /* Table of WHERE clause constraints */ Java's XML Signature Veri...
(Nov)
This pattern creates a potential edge-case that needs to be handled by all code that uses the field, since the RC4 Is Still Considered Harmful
expectation would be that a valid column index is non-negative. (Oct)

The function seriesBestIndex failed to correctly handle this edge-case, resulting in a write into a stack The quantum state of Linux kernel
garbage collecti... (Aug)
buffer with a negative index when handling a query with a constraint on the rowid column. In the build that
we provided to our agent, debug assertions were enabled, and this condition was checked by the assertion 2022 0-day In-the-Wild
at line 706: Exploitation…so far (Jun)
The curious tale of a fake
619 static int seriesBestIndex( Carrier.app (Jun)
620 sqlite3_vtab *pVTab,
An Autopsy on a Zombie In-the-
621 sqlite3_index_info *pIdxInfo Wild 0-day (Jun)
622 ){
Release of Technical Report into
...
the AMD Security ... (May)
630 int aIdx[7]; /* Constraints on start, stop, step, LIMIT, OFFSET,
631 ** and value. aIdx[5] covers value=, value>=, and The More You Know, The More
You Know You Don’t Know (Apr)
632 ** value>, aIdx[6] covers value<= and value< */
633 const struct sqlite3_index_constraint *pConstraint; CVE-2021-1782, an iOS in-the-wild
vulnerability in... (Apr)
...
642 for(i=0; i<pIdxInfo->nConstraint; i++, pConstraint++){ CVE-2021-30737, @xerub&#39;s
643 int iCol; /* 0 for start, 1 for stop, 2 for step */ 2021 iOS ASN.1 Vulnerability (Apr)
644 int iMask; /* bitmask for those column */ FORCEDENTRY: Sandbox Escape
645 int op = pConstraint->op; (Mar)
... Racing against the clock -- hitting a
705 iCol = pConstraint->iColumn - SERIES_COLUMN_START; tiny kernel ... (Mar)
706 assert( iCol>=0 && iCol<=2 ); A walk through Project Zero
707 iMask = 1 << iCol; metrics (Feb)
... Zooming in on Zero-click Exploits
713 if( pConstraint->usable==0 ){ (Jan)
714 unusableMask |= iMask;
715 continue; 2021
716 }else if( op==SQLITE_INDEX_CONSTRAINT_EQ ){ A deep dive into an NSO zero-click
717 idxNum |= iMask; iMessage exploi... (Dec)
718 aIdx[iCol] = i; This shouldn&#39;t have
719 } happened: A vulnerability post...
720 } (Dec)
Windows Exploitation Tricks:
In a release build, however, this assertion is not present, and in our testing (this will vary depending on
Relaying DCOM Authent... (Oct)
compiler and optimization level) the subsequent write at line 718 will write below the aIdx buffer,
corrupting the least significant 32 bits of the pConstraint pointer, which will be dereferenced in the next Using Kerberos for Authentication
Relay Attacks (Oct)
iteration of the loop, leading to a likely exploitable condition.
How a simple Linux kernel memory
However, given this explanation of the vulnerability – it's not trivial (at least for us) as human researchers to corruption bug ca... (Oct)
understand precisely how to trigger it – clearly a constraint on the ROWID column would be a good starting Fuzzing Closed-Source JavaScript
point, but more detailed reading of the code would certainly be required. The agent already seems to know Engines with Cove... (Sep)
a lot more about SQLite than we do, so it can cut some corners! Understanding Network Access in
Windows AppContainers (Aug)
One common case of this is that the model would immediately use the generate_series virtual table
when generating testcases. (We also saw cases where the model researched the available virtual tables An EPYC escape: Case-study of a
KVM breakout (Jun)
first, but it's clearly able to apply pre-existing knowledge here).
Fuzzing iOS code on macOS at
native speed (May)
Designing sockfuzzer, a network
syscall fuzzer for... (Apr)

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 2/8
11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Policy and Disclosure: 2021 Edition
(Apr)
Trajectory Highlights Who Contains the Containers?
(Apr)
In this successful run based on Gemini 1.5 Pro, the seed commit was [1976c3f7]; which is a fairly large and
In-the-Wild Series: October 2020
non-obvious change. The bug found by our agent is only loosely related to the changes in the seed commit
0-day discovery (Mar)
- this is not uncommon in manual variant analysis, understanding one bug in a codebase often leads a
researcher to other problems. Déjà vu-lnerability (Feb)
A Look at iMessage in iOS 14 (Jan)
Selected highlights are below, with our commentary in italics – all text in the ASSISTANT blocks comes Windows Exploitation Tricks:
directly from the agent. Trapping Virtual Memo... (Jan)

The agent produces a reasonable assessment of the changes in the diff, and uses this to form a starting The State of State Machines (Jan)
point for research: Hunting for Bugs in Windows Mini-
Filter Drivers (Jan)

ASSISTANT In-the-Wild Series: Android Exploits

(Jan)

The CL improves the handling of WHERE terms shared between OR branches in virtual table queries In-the-Wild Series: Android Post-
by introducing the termFromWhereClause function. This function retrieves a specific term from a Exploitation (Jan)
WhereClause, considering nested clauses. Prior to this change, common terms were likely not In-the-Wild Series: Windows
handled correctly due to an incorrect mapping of term indices, potentially leading to inefficient Exploits (Jan)
query plans or incorrect results. The most likely vulnerability would involve incorrect handling of In-the-Wild Series: Chrome
WHERE clause constraints within the allocateIndexInfo and Exploits (Jan)
whereLoopAddVirtualOne functions, where the CL has modified how constraint offsets are used In-the-Wild Series: Chrome Infinity
with the new helper function. I'll first examine the allocateIndexInfo function. Bug (Jan)
Introducing the In-the-Wild Series
... (Jan)

After a several (omitted) steps exploring the relevant code, the agent has formed a more concrete 2020
hypothesis and attempts to check it by running a modified version of the testcase from the patch, but this
An iOS hacker tries Android (Dec)
doesn't work since the testcase included in the patch relies on an extension that is not available in our
configuration: An iOS zero-click radio proximity
exploit odyssey (Dec)
Oops, I missed it again! (Nov)
TOOL(debugger_run)
Enter the Vault: Authentication
The program exited without crashing or hitting the breakpoint. The exit code was 1. Issues in HashiCor... (Oct)
The output on STDERR was: Announcing the Fuzzilli Research
Grant Program (Oct)
Runtime error near line 2: no such module: tcl
Parse error near line 3: no such table: x1 Attacking the Qualcomm Adreno
GPU (Sep)

ASSISTANT JITSploitation I: A JIT Bug (Sep)

JITSploitation II: Getting
The program terminated because the TCL module was not available. The tests rely on the TCL virtual Read/Write (Sep)
table module, which needs to be enabled when compiling SQLite. The provided program input is JITSploitation III: Subverting
based on the bestindexC.test file, which uses the TCL module to test virtual table best index Control Flow (Sep)
selection. MMS Exploit Part 5: Defeating
Android ASLR, Gettin... (Aug)
To fix this, the program input needs to be changed to use a different virtual table that does not
Exploiting Android Messengers
require the TCL module. However, the vulnerability is related to virtual table query planning. So we with WebRTC: Part 3 (Aug)
still need a virtual table to trigger the issue.
Exploiting Android Messengers
I will use the code_browser_source tool to search for examples of built-in virtual tables in SQLite. with WebRTC: Part 2 (Aug)
I'll then adapt the input to use one of these and set a breakpoint in MMS Exploit Part 4: MMS Primer,
whereLoopAddVirtualOne again. Completing the ASL... (Aug)
Exploiting Android Messengers
... with WebRTC: Part 1 (Aug)
The core of Apple is PPL: Breaking
The agent adapts to this setback gracefully, recognises the steps it needs to take to fix the testcase, and a the XNU kernel&#39;... (Jul)
few steps later has retrieved all of the information it needs to build a testcase that reaches One Byte to rule them all (Jul)
whereLoopAddVirtualOne: Detection Deficit: A Year in Review
of 0-days Used... (Jul)
ASSISTANT Root Cause Analyses for 0-day In-
the-Wild Exploits (Jul)
The sqlite3_create_module function registers virtual table modules. The shell.c file contains
MMS Exploit Part 3: Constructing
several instances of this, including the generate_series, fsdir, completion, and the Memory Corrup... (Jul)
expert modules. The json table also looks interesting. I'll focus on generate_series for now as a

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 3/8
11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
starting point. I'll try to craft a query that uses this module and might trigger incorrect constraint MMS Exploit Part 2: Effective
handling. Fuzzing of the Qmage... (Jul)
MMS Exploit Part 1: Introduction to
... the Samsung Qm... (Jul)
How to unc0ver a 0-day in 4 hours
Note above that during the original discovery and reproduction of the vulnerability, the agent was quite or less (Jul)
vague about the "incorrect constraint handling" that it's trying to trigger; and in this case the full trajectories
FF Sandbox Escape (CVE-2020-
read a little bit like a human researcher - starting out with one idea, thinking of a few other ones while
12388) (Jun)
investigating, and in the end producing a test case that reproduces a slightly different bug. In this case,
when whereLoopAddVirtualOne is invoked on a generate_series table, we end up in A survey of recent iOS kernel
exploits (Jun)
seriesBestIndex, where the constraint is indeed handled incorrectly.
Fuzzing ImageIO (Apr)
However, it's particularly interesting to see that once the program has crashed the model does a much
You Won&#39;t Believe what this
better job of explaining things - while producing a root-cause analysis and a full crash report we can see the One Line Change Did to... (Apr)
agent clearly crafting a testcase to trigger the specific, identified edge-case:
TFW you-get-really-excited-you-
ASSISTANT patch-diffed-a-0day... (Apr)
Escaping the Chrome Sandbox
The relevant field is iColumn inside the sqlite3_index_constraint struct. This field represents with RIDL (Feb)
the column number of the constraint. To cause the assertion failure, we need a constraint on a
Mitigations are attack surface, too
column with index greater than 3 or smaller than 1. (Feb)

Let's craft an SQL query that involves constraints on these columns. The generate_series table A day^W^W Several months in the
has columns named value, start, step and stop. The indexes are: life of Project Ze... (Feb)
- value: 0 A day^W^W Several months in the
- start: 1 life of Project Ze... (Feb)
- step: 2 Part II: Returning to Adobe Reader
- stop: 3 symbols on macOS (Jan)
Remote iPhone Exploitation Part 2:
To trigger the bug, we can include a constraint on the ROWID. Constraints on the ROWID use Bringing Light ... (Jan)
iColumn = -1.
Remote iPhone Exploitation Part 3:
Here is an example query: From Memory Cor... (Jan)
Remote iPhone Exploitation Part 1:
SELECT * FROM generate_series(1,10,1) WHERE ROWID = 1; Poking Memory v... (Jan)

This query should cause a crash in the seriesBestIndex function. Policy and Disclosure: 2020 Edition
(Jan)

...
2019
At the end we get a clear and accurate summary of the issue that's almost ready to report directly! Calling Local Windows RPC
Servers from .NET (Dec)
TOOL(debugger_run)
SockPuppet: A Walkthrough of a
Kernel Exploit for ... (Dec)
The program crashed: SIGABRT at :0.
The output on STDERR was: Bad Binder: Android In-The-Wild
Exploit (Nov)
sqlite3: src/shell.c:6816: int seriesBestIndex(sqlite3_vtab *, KTRW: The journey to build a
sqlite3_index_info *): Assertion `iCol>=0 && iCol<=2' failed. debuggable iPhone (Oct)
The story of Adobe Reader
symbols (Oct)
ASSISTANT(report_success)
Windows‌‌Exploitation‌‌Tricks:‌
The program crashes with the input SELECT * FROM generate_series(1,10,1) WHERE ‌Spoofing‌‌Name... (Sep)
ROWID = 1; due to an assertion failure in function seriesBestIndex. A very deep dive into iOS Exploit
chains found in ... (Aug)
The assertion assert(iCol>=0 && iCol<=2) fails because the iColumn field in the In-the-wild iOS Exploit Chain 1
sqlite3_index_info struct can contain values outside of the valid range for column indexes, (Aug)
such as -1 when a constraint involves the ROWID. In-the-wild iOS Exploit Chain 5
(Aug)
This leads to iCol being calculated as -2, causing the assertion to fail.
In-the-wild iOS Exploit Chain 4
(Aug)

What about Fuzzing? In-the-wild iOS Exploit Chain 3

(Aug)
Given the apparent simplicity of the reproduction case, an obvious question arises: why wasn’t this bug
In-the-wild iOS Exploit Chain 2
discovered earlier by traditional fuzzing? The “simple” answer lies in the configuration of the fuzzing (Aug)
harnesses. The harness used by OSS-Fuzz isn't built with the generate_series extension enabled, and
Implant Teardown (Aug)
the alternative fuzzingshell.c harness contained an older version of the seriesBestIndex function,
unaffected by the bug. Although the SQLite AFL repo contains a configuration for fuzzing the same CLI JSC Exploits (Aug)
binary that we provided to the Big Sleep agent, it appears not to be widely used. The Many Possibilities of CVE-
2019-8646 (Aug)

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 4/8
11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
To understand whether the bug is truly “shallow", we attempted to rediscover it through fuzzing. We Down the Rabbit-Hole... (Aug)
followed the fuzzing instructions from the SQLite documentation and used the CLI target. We also verified The Fully Remote Attack Surface
that the fuzzing corpus contained the required generate_series and rowid keywords before launching of the iPhone (Aug)
an AFL run. However, the issue remained undiscovered after 150 CPU-hours of fuzzing.
Trashing the Flow of Data (May)
We then tried to simplify the task for the fuzzer by, for example, adding the necessary keywords to AFL's Windows Exploitation Tricks:
SQL dictionary. However, it seems the bug can only be quickly found if the corpus contains an example very Abusing the User-Mode... (Apr)
close to the crashing input, as code coverage doesn't appear to be a reliable guide for this particular issue. Virtually Unlimited Memory:
Escaping the Chrome Sa... (Apr)
Admittedly, AFL isn't the most suitable tool for a text-based format like SQL, where most inputs are
syntactically invalid and will be rejected by the parser. Nevertheless, it's interesting to compare this result Splitting atoms in XNU (Apr)
with Michal Zalewski’s blog post on fuzzing SQLite from 2015. Back then, AFL was quite effective at Windows Kernel Logic Bug Class:
uncovering bugs in SQLite; after years of fuzzing, it seems the tool has reached a natural saturation point. Access Mode Mismat... (Mar)
While our results so far seem minor in comparison to the dramatic step-change in effectiveness that came Android Messaging: A Few Bugs
with the release of AFL, it's interesting to see that it has its own strengths and might be able to effectively Short of a Chain (Mar)
uncover a distinct set of vulnerabilities. The Curious Case of Convexity
Confusion (Feb)
Examining Pointer Authentication

Conclusion on the iPhone XS (Feb)

voucher_swap: Exploiting MIG
For the team this is a moment of validation and success - finding a vulnerability in a widely-used and well reference counting in... (Jan)
fuzzed open source project is an exciting result! When provided with the right tools, current LLMs can
Taking a page from the
perform vulnerability research.
kernel&#39;s book: A TLB issue ...
(Jan)
However, we want to reiterate that these are highly experimental results. The position of the Big Sleep team
is that at present, it's likely that a target-specific fuzzer would be at least as effective (at finding
2018
vulnerabilities).
On VBScript (Dec)
We hope that in the future this effort will lead to a significant advantage to defenders - with the potential Searching statically-linked
not only to find crashing testcases, but also to provide high-quality root-cause analysis, triaging and fixing vulnerable library fun... (Dec)
issues could be much cheaper and more effective in the future. We aim to continue sharing our research in
Adventures in Video Conferencing
this space, keeping the gap between the public state-of-the-art and private state-of-the-art as small as Part 5: Where Do ... (Dec)
possible.
Adventures in Video Conferencing
Part 4: What Didn... (Dec)
The Big Sleep team will continue to work in this space, advancing Project Zero's mission of making 0-day
hard. Adventures in Video Conferencing
Part 3: The Even ... (Dec)
Adventures in Video Conferencing
The Big Sleep Team Part 2: Fun with ... (Dec)
This isn't just a Project Zero effort any more, and everyone who has contributed to this effort is listed Adventures in Video Conferencing
below (names in alphabetical order): Part 1: The Wild ... (Dec)
Injecting Code into Windows
Miltos Allamanis, Martin Arjovsky, Charles Blundell, Lars Buesing, Mark Brand, Sergei Glazunov, Dominik
Protected Processes us... (Nov)
Maier, Petros Maniatis, Guilherme Marinho, Henryk Michalewski, Koushik Sen, Charles Sutton, Vaibhav
Tulsyan, Marco Vanotti, Theophane Weber, Dan Zheng Heap Feng Shader: Exploiting
SwiftShader in Chrome (Oct)
Deja-XNU (Oct)
Posted by Google Project Zero at 8:12 AM
Injecting Code into Windows
Protected Processes us... (Oct)
365 Days Later: Finding and
Exploiting Safari Bugs... (Oct)
No comments: A cache invalidation bug in Linux
memory management (Sep)
OATmeal on the Universal Cereal
Post a Comment Bus: Exploiting An... (Sep)
The Problems and Promise of
WebAssembly (Aug)
Windows Exploitation Tricks:
Exploiting Arbitrary ... (Aug)
Adventures in vulnerability
reporting (Aug)
Drawing Outside the Box:
Precision Issues in Graph... (Jul)
Detecting Kernel Memory
Disclosure – Whitepaper (Jun)
Bypassing Mitigations by Attacking
JIT Server in M... (May)

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 5/8
11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Windows Exploitation Tricks:
Exploiting Arbitrary ... (Apr)
Reading privileged memory with a
side-channel (Jan)

2017
aPAColypse now: Exploiting
Windows 10 in a Local N... (Dec)
Over The Air - Vol. 2, Pt. 3:
Exploiting The Wi-Fi... (Oct)
Using Binary Diffing to Discover
Windows Kernel Me... (Oct)
Over The Air - Vol. 2, Pt. 2:
Exploiting The Wi-Fi... (Oct)
Over The Air - Vol. 2, Pt. 1:
Exploiting The Wi-Fi... (Sep)
The Great DOM Fuzz-off of 2017
(Sep)
Bypassing VirtualBox Process
Home Older Post Hardening on Windows (Aug)
Subscribe to: Post Comments (Atom) Windows Exploitation Tricks:
Arbitrary Directory C... (Aug)
Trust Issues: Exploiting TrustZone
TEEs (Jul)
Exploiting the Linux kernel via
packet sockets (May)
Exploiting .NET Managed DCOM
(Apr)
Exception-oriented exploitation on
iOS (Apr)
Over The Air: Exploiting
Broadcom’s Wi-Fi Stack (P... (Apr)
Notes on Windows Uniscribe
Fuzzing (Apr)
Pandavirtualization: Exploiting the
Xen hypervisor (Apr)
Over The Air: Exploiting
Broadcom’s Wi-Fi Stack (P... (Apr)
Project Zero Prize Conclusion
(Mar)
Attacking the Windows NVIDIA
Driver (Feb)
Lifting the (Hyper) Visor: Bypassing
Samsung’s Rea... (Feb)

2016
Chrome OS exploit: one byte
overflow and symlinks (Dec)
BitUnmap: Attacking Android
Ashmem (Dec)
Breaking the Chain (Nov)
task_t considered harmful (Oct)
Announcing the Project Zero Prize
(Sep)
Return to libstagefright: exploiting
libutils on A... (Sep)
A Shadow of our Former Self (Aug)
A year of Windows kernel font
fuzzing #2: the tech... (Jul)
How to Compromise the Enterprise
Endpoint (Jun)
A year of Windows kernel font
fuzzing #1: the results (Jun)

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 6/8
11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Exploiting Recursion in the Linux
Kernel (Jun)
Life After the Isolated Heap (Mar)
Race you to the kernel! (Mar)
Exploiting a Leaked Thread Handle
(Mar)
The Definitive Guide on Win32 to
NT Path Conversion (Feb)
Racing MIDI messages in Chrome
(Feb)
Raising the Dead (Jan)

2015
FireEye Exploitation: Project Zero’s
Vulnerability... (Dec)
Between a Rock and a Hard Link
(Dec)
Windows Sandbox Attack Surface
Analysis (Nov)
Hack The Galaxy: Hunting Bugs in
the Samsung Galax... (Nov)
Windows Drivers are True’ly Tricky
(Oct)
Revisiting Apple IPC: (1)
Distributed Objects (Sep)
Kaspersky: Mo Unpackers, Mo
Problems. (Sep)
Stagefrightened? (Sep)
Enabling QR codes in Internet
Explorer, or a story... (Sep)
Windows 10^H^H Symbolic Link
Mitigations (Aug)
One font vulnerability to rule them
all #4: Window... (Aug)
Three bypasses and a fix for one of
Flash&#39;s Vector... (Aug)
Attacking ECMAScript Engines
with Redefinition (Aug)
One font vulnerability to rule them
all #3: Window... (Aug)
One font vulnerability to rule them
all #2: Adobe ... (Aug)
One font vulnerability to rule them
all #1: Introd... (Jul)
One Perfect Bug: Exploiting Type
Confusion in Flash (Jul)
Significant Flash exploit mitigations
are live in ... (Jul)
From inter to intra: gaining
reliability (Jul)
When ‘int’ is the new ‘short’ (Jul)
What is a &quot;good&quot;
memory corruption vulnerability?
(Jun)
Analysis and Exploitation of an
ESET Vulnerability (Jun)
Owning Internet Printing - A Case
Study in Modern ... (Jun)
Dude, where’s my heap? (Jun)
In-Console-Able (May)
A Tale of Two Exploits (Apr)

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 7/8
11/10/24, 8:23 PM Project Zero: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Taming the wild copy: Parallel
Thread Corruption (Mar)
Exploiting the DRAM rowhammer
bug to gain kernel p... (Mar)
Feedback and data-driven updates
to Google’s discl... (Feb)
(^Exploiting)\s*(CVE-2015-0318)\s*
(in)\s*(Flash$) (Feb)
A Token’s Tale (Feb)
Exploiting NVMAP to escape the
Chrome sandbox - CV... (Jan)
Finding and exploiting ntpd
vulnerabilities (Jan)

2014
Internet Explorer EPM Sandbox
Escape CVE-2014-6350 (Dec)
pwn4fun Spring 2014 - Safari - Part
II (Nov)
Project Zero Patch Tuesday
roundup, November 2014 (Nov)
Did the “Man With No Name” Feel
Insecure? (Oct)
More Mac OS X and iPhone
sandbox escapes and kerne... (Oct)
Exploiting CVE-2014-0556 in Flash
(Sep)
The poisoned NUL byte, 2014
edition (Aug)
What does a pointer look like,
anyway? (Aug)
Mac OS X and iPhone sandbox
escapes (Jul)
pwn4fun Spring 2014 - Safari - Part
I (Jul)
Announcing Project Zero (Jul)

Powered by Blogger.

https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html 8/8