Forwarded from Ghidra (SRE)
LaunchWinAFL Usage:
1) Install dynamorio and winafl
2) add https://gist.github.com/richinseattle/613105953003ec5e1f24ca17b2d8541f to ghidra noscripts, set some one-time config at top; install paths, etc
3) load target exe & coverage dlls into ghidra
4) go to target function in disasm
5) run noscript to start fuzzing!
1) Install dynamorio and winafl
2) add https://gist.github.com/richinseattle/613105953003ec5e1f24ca17b2d8541f to ghidra noscripts, set some one-time config at top; install paths, etc
3) load target exe & coverage dlls into ghidra
4) go to target function in disasm
5) run noscript to start fuzzing!
Gist
LaunchWinAFL.java
GitHub Gist: instantly share code, notes, and snippets.
Extracting a 19 Year Old Code Execution from WinRAR https://research.checkpoint.com/extracting-code-execution-from-winrar/ #expdev #afl #fuzzing
Check Point Research
Extracting a 19 Year Old Code Execution from WinRAR - Check Point Research
Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and…
This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to achieve code execution. The vulnerability was initially found in 2016 and the vendor was contacted however no response was ever received. Now several years later (March 2019 at time of writing), the vulnerability still exists in the latest version.
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3
https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3
Medium
Introduction to File Format Fuzzing & Exploitation
This post will explain the process of finding and exploiting a previously unknown vulnerability in a real-world piece of software to…
Fuzzing Adobe Reader for exploitable vulns using AFL
https://kciredor.com/fuzzing-adobe-reader-for-exploitable-vulns-fun-not-profit.html #fuzzing
https://kciredor.com/fuzzing-adobe-reader-for-exploitable-vulns-fun-not-profit.html #fuzzing
kciredor’s engineering and security blog
Fuzzing Adobe Reader for exploitable vulns (fun != profit)
Binaries vs websites It has been half a year since my last blog post covering an IDOR in a website API. About time to write about something new and hopefully interesting! Having switched my focus from websites to binaries a new world opened up to me.
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
https://github.com/secfigo/Awesome-Fuzzing
https://github.com/secfigo/Awesome-Fuzzing
GitHub
GitHub - secfigo/Awesome-Fuzzing: A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials…
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo...
Modular And Compositional analysis with KLEE Engine https://github.com/tum-i22/macke #klee #symbolic #fuzzing
GitHub
GitHub - tum-i4/macke: Modular And Compositional analysis with KLEE Engine
Modular And Compositional analysis with KLEE Engine - tum-i4/macke
uniFuzzer combines LibFuzzer with Unicorn to fuzz closed source binaries, including Arm & Mips code!
https://github.com/rk700/uniFuzzer
https://github.com/rk700/uniFuzzer
GitHub
GitHub - PAGalaxyLab/uniFuzzer: A fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer
A fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer - GitHub - PAGalaxyLab/uniFuzzer: A fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer
DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables https://github.com/googleprojectzero/DrSancov
GitHub
GitHub - googleprojectzero/DrSancov: DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables
DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables - googleprojectzero/DrSancov
A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU
https://github.com/andreafioraldi/WineAFLplusplusDEMO #fuzzing
https://github.com/andreafioraldi/WineAFLplusplusDEMO #fuzzing
GitHub
GitHub - AFLplusplus/Fuzz-With-Wine-Demo: A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU
A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU - AFLplusplus/Fuzz-With-Wine-Demo
AFL in-memory fuzzing with Frida JS - absolutely useless
https://github.com/andreafioraldi/frida-js-afl-instr
https://github.com/andreafioraldi/frida-js-afl-instr
GitHub
GitHub - andreafioraldi/frida-js-afl-instr: An example on how to do performant in-memory fuzzing with AFL++ and Frida
An example on how to do performant in-memory fuzzing with AFL++ and Frida - andreafioraldi/frida-js-afl-instr
fzero_fuzzer
A fast Rust-based safe and thead-friendly grammar-based fuzz generator
https://github.com/gamozolabs/fzero_fuzzer
A fast Rust-based safe and thead-friendly grammar-based fuzz generator
https://github.com/gamozolabs/fzero_fuzzer
GitHub
GitHub - gamozolabs/fzero_fuzzer: A fast Rust-based safe and thead-friendly grammar-based fuzz generator
A fast Rust-based safe and thead-friendly grammar-based fuzz generator - gamozolabs/fzero_fuzzer