Caleb Gross is the Director of Capability Development at Bishop Fox, where he leads a team of offensive security professionals specializing in attack surface research and vulnerability intelligence. Prior to coming to Bishop Fox, he served as an exploitation operator in the US Department of Defense’s most elite computer network exploitation (CNE) unit. As a top-rated military officer, Caleb led an offensive operations team in the US Air Force’s premier selectively manned cyber attack squadron. He studied at the University of Virginia and holds two degrees in computer science.
Josh Shomo leads the vulnerability research team within Bishop Fox’s Capability Development group. He investigates security issues in widely used applications and appliances, and produces vulnerability intelligence to prioritize offensive security research at Bishop Fox. Josh earned a master’s degree in computer science from Johns Hopkins University. Before joining Bishop Fox, Josh attended the Computer Network Operations Development Program (CNODP), the US Department of Defense’s foremost vehicle for developing technical leaders in information security. X (Twitter): @noperator
Patch Perfect: Harmonizing with LLMs to Find Security Vulns (<– add to your schedule)
Are LLMs a revolutionary leap forward for security research—or just spicy auto-complete?
The truth lies somewhere in between. This talk cuts through the hype and offers a practical perspective that’s grounded in real-world analysis of critical bugs in widely used products. We’ll walk through our process of harnessing large language models (LLMs) for patch-diffing in the context of N-day vulnerability research. Given a vague security advisory and some complicated code diffs, can an LLM get you closer to finding the right spot in the code to dig deeper? Which models work best for this task, and why? Let’s ditch the theory and get our hands dirty with iterative experimentation. Whether you’re a seasoned pentester, applied researcher, or budding practitioner, you’ll take away tactical lessons for incorporating AI into your security toolkit.