RVAsec 13

Are LLMs a revolutionary leap forward for security research—or just spicy auto-complete?

The truth lies somewhere in between. This talk cuts through the hype and offers a practical perspective that’s grounded in real-world analysis of critical bugs in widely used products. We’ll walk through our process of harnessing large language models (LLMs) for patch-diffing in the context of N-day vulnerability research. Given a vague security advisory and some complicated code diffs, can an LLM get you closer to finding the right spot in the code to dig deeper? Which models work best for this task, and why? Let’s ditch the theory and get our hands dirty with iterative experimentation. Whether you’re a seasoned pentester, applied researcher, or budding practitioner, you'll take away tactical lessons for incorporating AI into your security toolkit.

We are meant to enjoy our lives; both personal, and professional. As human beings, and as professionals, we all have to learn how to cultivate even-mindedness, balance, and fortitude to meet life/work challenges. Cybersecurity is fascinating because it requires us to constantly learn, and find ways to optimize our process. Burnout is a huge problem many fields, but especially in Cybersecurity. Cultivating a mindfulness or meditation practice is one of the most efficient ways we can support our process, and manage the stress and anxiety that comes with our professional and personal lives.

The focus of this talk is not specifically on work, because it addresses thoughtful ways to approach every aspect of our lives from our mental and physical health, to our relationships both personally and professionally. Whether new to the industry or a seasoned veteran, this talk with give you some insights, guidance, and the opportunity to practice.