DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables - googleprojectzero/DrSancov

A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU - AFLplusplus/Fuzz-With-Wine-Demo

JQF + Zest: Coverage-guided semantic fuzzing for Java. - rohanpadhye/JQF

Frida-based general purpose fuzzer. Contribute to demantz/frizzer development by creating an account on GitHub.

Research By: Slava Makkaveev Trusted Execution Environment TrustZone is a security extension integrated by ARM into the Corex-A processor. This extension creates an isolated virtual secure world which can be used by the main operating system running on the…

An example on how to do performant in-memory fuzzing with AFL++ and Frida - andreafioraldi/frida-js-afl-instr

A fast Rust-based safe and thead-friendly grammar-based fuzz generator - gamozolabs/fzero_fuzzer

pentest research exploits security writeup - you name IT.

This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer

the Network Protocol Fuzzer that we will want to use. - nccgroup/fuzzowski

Fuzzer queue cached in the process to minimize the exchanged messages and speedup remote fuzzing (e.g. Android via adb)
Stalker transform in CModule to speedup not-x64 targets
Support to fuzzer dic...

Based on our security audit of VLC Media Player, we share some common fuzzing challenges, and practical ways to address them. Read on to discover a variety of fuzzing strategies.

Based on our security audit of VLC Media Player, we share some common fuzzing challenges, and practical ways to address them. Read on to discover a variety of fuzzing strategies.

Version ++2.59c (release):

qbdi_mode: fuzz android native libraries via QBDI framework
unicorn_mode: switched to the new unicornafl, thanks domenukk
(see https://github.com/vanhauser-thc/unicorn)
...

red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security

Code Intelligence recently detected a CVE in the open-source software ZINT with modern fuzzing. Learn more about it in this blog post.

Posted by Samuel Groß, Project Zero This blog post discusses an old type of issue, vulnerabilities in image format parsers, in a new(er)...

Research By: Netanel Ben-Simon and Yoav Alon Background: In our previous research, we used WinAFL to fuzz user-space applications running on Windows, and found over 50 vulnerabilities in Adobe Reader and Microsoft Edge. For our next challenge, we decided…