RESTler - Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs
https://github.com/microsoft/restler-fuzzer
https://github.com/microsoft/restler-fuzzer
GitHub
GitHub - microsoft/restler-fuzzer: RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services…
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. - microsoft/restler...
Fuzzing-targets: A collection of widely-fuzzed targets
https://github.com/strongcourage/fuzzing-targets
https://github.com/strongcourage/fuzzing-targets
GitHub
GitHub - strongcourage/fuzzing-targets: A collection of widely-fuzzed targets
A collection of widely-fuzzed targets. Contribute to strongcourage/fuzzing-targets development by creating an account on GitHub.
Fuzzing Zcash with Kubernetes – Electric Coin Company
https://cryptonewmedia.press/fuzzing-zcash-with-kubernetes-electric-coin-company/
https://cryptonewmedia.press/fuzzing-zcash-with-kubernetes-electric-coin-company/
Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol
https://www.synopsys.com/blogs/software-security/fuzzing-bitcoin-protocol-defensics-sdk/
https://www.synopsys.com/blogs/software-security/fuzzing-bitcoin-protocol-defensics-sdk/
Synopsys
Part 2: Enhancing Bitcoin Security with Defensics SDK Fuzzing | Synopsys Blog
Explore part two of our series on using the Defensics SDK for fuzzing the Bitcoin protocol, including creating a data model for enhanced Bitcoin security.
How to build a serial port fuzzer with Defensics SDK
https://www.synopsys.com/blogs/software-security/serial-port-fuzzer-defensics-sdk/
https://www.synopsys.com/blogs/software-security/serial-port-fuzzer-defensics-sdk/
Blackduck
How to Build a Serial Port Fuzzer with Defensics SDK | Black Duck Blog
Boost your custom protocols' security with our guide on creating a serial port fuzzer using Defensics SDK API. Dive into fuzz testing with Defensics SDK.
afl++ 3.00c has arrived! Huge performance increase, great new features, many default+structural changes ... read the top of the README!
https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.0c #fuzz #fuzzer #fuzzing #afl
https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.0c #fuzz #fuzzer #fuzzing #afl
GitHub
Release 3.00c · AFLplusplus/AFLplusplus
Version ++3.00c (release)
llvm_mode/ and gcc_plugin/ moved to instrumentation/
examples/ renamed to utils/
moved libdislocator, libtokencap and qdbi_mode to utils/
all compilers combined to afl-cc...
llvm_mode/ and gcc_plugin/ moved to instrumentation/
examples/ renamed to utils/
moved libdislocator, libtokencap and qdbi_mode to utils/
all compilers combined to afl-cc...
This is a MUST-see for all infosec researchers - "Fuzzing: Breaking Things with Random Inputs" (part of @FuzzingBook) at
https://www.fuzzingbook.org/html/Fuzzer.html
https://www.fuzzingbook.org/html/Fuzzer.html
www.fuzzingbook.org
Fuzzing: Breaking Things with Random Inputs - The Fuzzing Book
In this chapter, we'll start with one of the simplest test generation techniques. The key idea of random text generation, also known as fuzzing, is to feed a string of random characters into a program in the hope to uncover failures.Prerequisites You should…
Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline
https://insinuator.net/2020/12/root-cause-analysis-of-a-heap-based-buffer-overflow-in-gnu-readline/
https://insinuator.net/2020/12/root-cause-analysis-of-a-heap-based-buffer-overflow-in-gnu-readline/
Insinuator.net
Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline
In the last blog post, we discussed how fuzzers determine the uniqueness of a crash. In this blog post, we discuss how we can manually triage a crash and determine the root cause. As an example, we use a heap-based buffer overflow I found in GNU readline…
Fuzzing. Interesting.
https://youtu.be/17ebHty54T4
"Not many know about this and that needs to change."
https://youtu.be/17ebHty54T4
"Not many know about this and that needs to change."
YouTube
Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuzz testing, is and how you can use it to improve application security and speed up your software development.
Get more tech tips, reviews and news…
Get more tech tips, reviews and news…
New release: 0d1n OdinV34 (fuzzing tool for web applications)
https://linuxsecurity.expert/tools/0d1n/
https://linuxsecurity.expert/tools/0d1n/
Linux Security Expert
0d1n review (fuzzing tool for web applications)
0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.
Remember this? https://github.com/groundx/monocerus
going to bring lightweight EVM emulation + instrumentation engine to qiling framework. Fuzzing smart contract without the full official EVM is possible now!
ETA: when https://github.com/qilingframework/qiling reaches 2000 starts
going to bring lightweight EVM emulation + instrumentation engine to qiling framework. Fuzzing smart contract without the full official EVM is possible now!
ETA: when https://github.com/qilingframework/qiling reaches 2000 starts
GitHub
GitHub - groundx/monocerus: Monocerus emulator framework
Monocerus emulator framework. Contribute to groundx/monocerus development by creating an account on GitHub.
Mutiny - mutational fuzzer: Fuzzing Framework and Decept Proxy
https://github.com/Cisco-Talos/mutiny-fuzzer
https://github.com/Cisco-Talos/mutiny-fuzzer
GitHub
GitHub - Cisco-Talos/mutiny-fuzzer
Contribute to Cisco-Talos/mutiny-fuzzer development by creating an account on GitHub.
Fuzzing the Windows Kernel
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/amp/
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/amp/
JavaScript project for fuzzing browser cookies...
https://github.com/javanoscript-utilities/toxic-cookies
const tc = new Toxic_Cookies();
tc.poisionAllCookies();
New Issues and/or Pull Requests are certainly welcomed!
https://github.com/javanoscript-utilities/toxic-cookies
const tc = new Toxic_Cookies();
tc.poisionAllCookies();
New Issues and/or Pull Requests are certainly welcomed!
GitHub
GitHub - javanoscript-utilities/toxic-cookies: Tool for poisoning browser cookies of currently loaded domain
Tool for poisoning browser cookies of currently loaded domain - javanoscript-utilities/toxic-cookies
[PT008] Fuzzing Linux kernel with Syzkaller
https://blog.vincss.net/2020/12/pt008-en-fuzzing-linux-kernel-with-syzkaller.html
Vietnamese version: https://blog.vincss.net/2020/12/pt008-vi-fuzzing-linux-kernel-voi-syzkaller.html
https://blog.vincss.net/2020/12/pt008-en-fuzzing-linux-kernel-with-syzkaller.html
Vietnamese version: https://blog.vincss.net/2020/12/pt008-vi-fuzzing-linux-kernel-voi-syzkaller.html
blog.vincss.net
[PT008] Fuzzing Linux kernel with Syzkaller
Syzkaller is a very effective fuzzer for Linux kernel that has found a lot of bugs in recent years. You may have heard of names like Dirty...
Facebook AI Introduces N-Bref: A Neural-Based Decompiler Framework
https://www.marktechpost.com/2021/01/28/facebook-ai-introduces-n-bref-a-neural-based-decompiler-framework/
https://www.marktechpost.com/2021/01/28/facebook-ai-introduces-n-bref-a-neural-based-decompiler-framework/
MarkTechPost
Facebook AI Introduces N-Bref: A Neural-Based Decompiler Framework
Facebook AI introduces a neural-based decompiler framework called N-Bref, which improves traditional decompilation systems’ performance accuracy. The research led by Jishen Zhao is a collaboration between FAIR and UCSD STABLE Lab. This study presents a comprehensive…