Sudipta

49

153

25K

Sudipta@chatsudi·28 Mar

#ORANClaw released (github.com/asset-group/OR…) with all artifact badges. Meet us at WiSec'26 @Saarbrücken to know how 71 new flaws across open-source gNB/RIC and commercial/closed @ViaviSolutions were uncovered. #5G #Wireless #Fuzzing #Cybersecurity Web: asset-group.github.io/ORANClaw-E2-Mi…

English

1

417

Sudipta@chatsudi·7 Kas

#Sni5Gect (sni5gect.com) version 3 released with **Uplink Injection Support**. Jam/crash/fuzz or have fun hacking the 5G base station (ethically) now without even a rogue UE. We will release gNB vulnerabilities/exploits after the embargo. #5G #CyberSecurity #Wireless

#Sni5Gect version 2 is released with FDD support for all attacks. Additionally, we include demo videos for CVD-2024-0096 and a 5Ghoul DoS attack without rogue base station. Enjoy!!! #5G #CyberSecurity #Wireless

English

2

811

Sudipta@chatsudi·22 Eyl

#Sni5Gect version 2 is released with FDD support for all attacks. Additionally, we include demo videos for CVD-2024-0096 and a 5Ghoul DoS attack without rogue base station. Enjoy!!! #5G #CyberSecurity #Wireless

#Sni5Gect is now open-source (github.com/asset-group/Sn…) and received all artifact badges (available, functional, reproduced). Meet us @USENIXSecurity on Friday the 15th. #5G #CyberSecurity #Wireless Website: sni5gect.com A quick read: isc.sans.edu/diary/rss/32202

English

2

4

2.3K

Sudipta@chatsudi·3 Eyl

Did you know we can use non AI/ML techniques (as basic as mutation and sorting) to expose malicious behaviours in (poisoned) models e.g., CodeLlama, CodeGemma and Gemini; and still present in AI/ML conference? Meet the #FreqRank @emnlpmeeting #LLMs #cybersecurity #EMNLP2025

English

0

4

596

Sudipta@chatsudi·15 Ağu

#Sni5Gect is now open-source (github.com/asset-group/Sn…) and received all artifact badges (available, functional, reproduced). Meet us @USENIXSecurity on Friday the 15th. #5G #CyberSecurity #Wireless Website: sni5gect.com A quick read: isc.sans.edu/diary/rss/32202

Introducing #Sni5Gect (real-time 5G sniffing and injection) -- an era of ASSET group research beyond (Wireless) Fuzzing. Found CVD-2024-0096 (gsma.com/solutions-and-…). To be presented at @USENIXSecurity 2025. Preprint/tools will be available soon. #5G #CyberSecurity #Wireless

English

7

30

4.9K

Sudipta@chatsudi·6 Ağu

I am still watching you BaseBand 😈: #5Ghoul discovers another 12 new vulnerabilities (**10 with HIGH severity**) in baseband modems from a major vendor. Exploits and other details will be released after the embargo. Watch this space. #5G #Fuzzing #Wireless #Cybersecurity

The brain behind #Fuzzing every(5G) layer, everywhere (including #DEFCON32) and over-the-air will appear in IEEE TDSC. Feel free to use the open source tool, it is quite popular. Tool: github.com/asset-group/5g… Brain: asset-group.github.io/papers/5Ghoul.… #5G #Fuzzing #Wireless #CyberSecurity

English

1

8

723

Sudipta@chatsudi·17 Haz

The brain behind #Fuzzing every(5G) layer, everywhere (including #DEFCON32) and over-the-air will appear in IEEE TDSC. Feel free to use the open source tool, it is quite popular. Tool: github.com/asset-group/5g… Brain: asset-group.github.io/papers/5Ghoul.… #5G #Fuzzing #Wireless #CyberSecurity

English

29

121

10.8K

Sudipta@chatsudi·7 Haz

Introducing #Sni5Gect (real-time 5G sniffing and injection) -- an era of ASSET group research beyond (Wireless) Fuzzing. Found CVD-2024-0096 (gsma.com/solutions-and-…). To be presented at @USENIXSecurity 2025. Preprint/tools will be available soon. #5G #CyberSecurity #Wireless

English

IEEE Transactions on Software Engineering@ieeetse

3

9

4.1K

Sudipta@chatsudi·28 Şub

Many thanks and looking forward to serve @ieeetse in my best capacity. All it took was 1) getting 40 years old, 2) completing 61 TSE reviews, 3) eight years of teaching, 4) one tenure completion, 5) three PhD graduates, 6) one marriage and 7) learning a lot #SoftwareEngineering

Pleased to announce five new board members: - Andrea Zisman open.ac.uk/people/az2276 - Sudipta Chattopadhyay sutd.edu.sg/profile/sudipt… - Shane McIntosh shanemcintosh.org - Esther Guerra arantxa.ii.uam.es/~eguerra/ - Yuriy Brun people.cs.umass.edu/~brun/

English

5

733

Sudipta@chatsudi·26 Oca

Do smart contract users understand risks arising from *intentional* contract features (not software bugs)? All answers to appear @acm_chi #CHI2025 #SmartContract #Blockchain Preprint: arxiv.org/abs/2407.11440 Tools/Data: zenodo.org/records/108425… Frontend: linktr.ee/tethersurvey

English

5

1

6

1.2K

Sudipta@chatsudi·5 Ara

If we discover a wireless bug over-the-air, can't we always reproduce it by replaying the attack traffic? Can we create a minimal traffic to reproduce the same attack? All answers in #AirBugCatcher @ACSAC_Conf #Fuzzing #wireless #CyberSecurity Project: github.com/asset-group/ai…

English

4

29

4K

Sudipta@chatsudi·15 Kas

Five years post #SweynTooth mayhem, we present its nemesis #VaktBLE, a friendly MiTM link-layer bridge: no #patching, no reverse engineering, completely out-of-the-box. Meet #VaktBLE @ACSAC_Conf #cybersecurity #IoT code: github.com/asset-group/va… Video: youtube.com/watch?v=RhDDp_…

YouTube

English

12

16

3.5K

Sudipta@chatsudi·23 Eyl

LLMs are imperfect, but can we design a *systematic/automated* way to expose LLM errors and measure its knowledge gaps? All answers in #KonTest, to appear in @emnlpmeeting. A non-final version is available (arxiv.org/abs/2407.12830) #LLMs #SoftwareTesting #AITesting #EMNLP2024

English

1

10

3.7K

Sudipta@chatsudi·11 Ağu

Full house today in the #5Ghoul demo session at #defcon32 . Thanks @poppopretn for the picture and we had the best badge in our career so far 😀. Great feedback and questions, all slides will be posted in #5Ghoul website soon. #5gsecurity #cybersecurity #Wireless

English

3

10

1.8K

Sudipta@chatsudi·11 Ağu

@cemaxecuter If you are attending tomorrow, let's catch up 😀

English

1

37

cemaxecuter@cemaxecuter·11 Ağu

Apparently I missed the 5Ghoul talk this morning 🤦‍♂️

English

0

5

1.2K

Sudipta@chatsudi·19 Haz

Together with @MatheusGarbelin , we will present #5Ghoul (github.com/asset-group/5g…) at #DEFCON32 demo labs. Over a two-hour session, join us to see the capability of 5G NR fuzzing tool and live over-the-air attacks on 5G smartphones. #5G #cybersecurity #wireless #fuzzing

English

28

92

10.6K

Sudipta@chatsudi·27 Şub

Preprint will be available soon. U-Fuzz tool is open source for research, reproduction and extension: github.com/asset-group/U-… #Fuzzing

English

2

6

1.6K

Sudipta@chatsudi·27 Şub

I am U-Fuzz ("You Fuzz") to unleash stateful fuzzing of arbitrary IoT protocols. I found 11 new vulnerabilities (11 CVEs) across 5G NR, Zigbee, CoAP. Both my paper and tool version to be presented @icstconference in Toronto. #ICST2024 #cybersecurity #fuzzing #5gsecurity #Wireless

English

26

141

10.9K

Sudipta@chatsudi·22 Oca

@QaM_Section31 @AnilGanti We have not had a device using Exynos modem in our lab, thus, we do not know (yet). We will be glad if someone else uses the fuzzing tool and/or PoC to test them. Thanks.

English

66

Sudipta@chatsudi·19 Oca

After re-assessment of #5Ghoul (corp.mediatek.com/product-securi…), three @MediaTek modem vulnerabilities are elevated from *Medium* to *High* severity (CVE-2023-32841/42/43). 6/10 #5Ghoul CVEs now have vendor *High* severity rating. Where are these modems used??? #5G #CyberSecurity

English