Based on our security audit of VLC Media Player, we share some common fuzzing challenges, and practical ways to address them. Read on to discover a variety of fuzzing strategies.

Based on our security audit of VLC Media Player, we share some common fuzzing challenges, and practical ways to address them. Read on to discover a variety of fuzzing strategies.

Version ++2.59c (release):

qbdi_mode: fuzz android native libraries via QBDI framework
unicorn_mode: switched to the new unicornafl, thanks domenukk
(see https://github.com/vanhauser-thc/unicorn)
...

red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security

Code Intelligence recently detected a CVE in the open-source software ZINT with modern fuzzing. Learn more about it in this blog post.

Posted by Samuel Groß, Project Zero This blog post discusses an old type of issue, vulnerabilities in image format parsers, in a new(er)...

Research By: Netanel Ben-Simon and Yoav Alon Background: In our previous research, we used WinAFL to fuzz user-space applications running on Windows, and found over 50 vulnerabilities in Adobe Reader and Microsoft Edge. For our next challenge, we decided…

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing - google/fuzzing

https://www.offensivecon.org/speakers/2020/netanel-ben-simon-yoav-alon.html

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April. - 0xricksanchez/fisy-fuzz

gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats. - d0c-s4vage/gramfuzz

Summary

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing - HexHive/FuZZan

Posted by Mateusz Jurczyk, Project Zero This post is the first of a multi-part series capturing my journey from discovering a vulnerable...

TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt…