BinWhisper: LLM-Driven Reasoning for Automated Vulnerability Discovery Behind Hall-of-Fame
No ratings
Presented at Black Hat USA 2025 by
Vulnerability discovery traditionally relies on two primary approaches: manual auditing and fuzzing. Each method possesses distinct strengths and inherent limitations. Manual auditing is good at identifying complex logic flaws due to its reliance on deep contextual understanding and expert insight, ensuring comprehensive analysis; however, this method is labor-intensive, time-consuming, and heavily dependent on specialized knowledge. Conversely, fuzzing offers automation, scalability, and efficiency, yet it may overlook vulnerabilities that require intricate semantic comprehension or encounter limitations in scenarios where fuzzing is infeasible.Recent advancements in artificial intelligence have created opportunities to bridge the gap between the precision of manual auditing and the scalability of fuzzing, paving the way for more sophisticated vulnerability discovery tools. In this presentation, we will introduce our LLM-powered automated binary vulnerability discovery tool, which integrates LLM reasoning capabilities with established static analysis and dynamic debugging methods. Despite its experimental approach, our tool demonstrates exceptional efficiency and effectiveness in identifying vulnerabilities.We will illustrate the effectiveness of this approach through our application to Samsung's remote attack surface, successfully uncovering multiple sophisticated memory corruption vulnerabilities. This significant achievement secured us the Rank 1 position in the 2024 Hall of Fame for vulnerability research.