This got me wondering how easy it'd be to automate discovery of BYOVD vulns with LLMs (both offensively and defensively)
Probably not too hard with the LLM side itself assuming latest models and good tooling.
The harder thing probably is getting a dataset for “all x64/ARM64 Windows drivers that aren’t already considered vulnerable”.
Also it depends what’s considered a vulnerability here.
Probably not too hard with the LLM side itself assuming latest models and good tooling.
The harder thing probably is getting a dataset for “all x64/ARM64 Windows drivers that aren’t already considered vulnerable”.
Also it depends what’s considered a vulnerability here.