Posted by Samuel Groß, Project Zero This blog post discusses an old type of issue, vulnerabilities in image format parsers, in a new(er)...

Research By: Netanel Ben-Simon and Yoav Alon Background: In our previous research, we used WinAFL to fuzz user-space applications running on Windows, and found over 50 vulnerabilities in Adobe Reader and Microsoft Edge. For our next challenge, we decided…

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing - google/fuzzing

https://www.offensivecon.org/speakers/2020/netanel-ben-simon-yoav-alon.html

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April. - 0xricksanchez/fisy-fuzz

gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats. - d0c-s4vage/gramfuzz

Summary

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing - HexHive/FuZZan

Posted by Mateusz Jurczyk, Project Zero This post is the first of a multi-part series capturing my journey from discovering a vulnerable...

TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt…

The blog

We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available.…

This playlist contains lots of fuzzing video tutorials on various fuzzers. don't forget to like, subscribe and share my channel. #AFL #AFLplusplus #libafl #h...

For clarity and brevity, the code referenced below has been distilled to simplest form.  The complete versions which were actually used for...

Regularly updated reading list for core concepts required to exploit browsers