Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline
https://insinuator.net/2020/12/root-cause-analysis-of-a-heap-based-buffer-overflow-in-gnu-readline/
https://insinuator.net/2020/12/root-cause-analysis-of-a-heap-based-buffer-overflow-in-gnu-readline/
Insinuator.net
Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline
In the last blog post, we discussed how fuzzers determine the uniqueness of a crash. In this blog post, we discuss how we can manually triage a crash and determine the root cause. As an example, we use a heap-based buffer overflow I found in GNU readline…
Fuzzing. Interesting.
https://youtu.be/17ebHty54T4
"Not many know about this and that needs to change."
https://youtu.be/17ebHty54T4
"Not many know about this and that needs to change."
YouTube
Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuzz testing, is and how you can use it to improve application security and speed up your software development.
Get more tech tips, reviews and news…
Get more tech tips, reviews and news…
New release: 0d1n OdinV34 (fuzzing tool for web applications)
https://linuxsecurity.expert/tools/0d1n/
https://linuxsecurity.expert/tools/0d1n/
Linux Security Expert
0d1n review (fuzzing tool for web applications)
0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.
Remember this? https://github.com/groundx/monocerus
going to bring lightweight EVM emulation + instrumentation engine to qiling framework. Fuzzing smart contract without the full official EVM is possible now!
ETA: when https://github.com/qilingframework/qiling reaches 2000 starts
going to bring lightweight EVM emulation + instrumentation engine to qiling framework. Fuzzing smart contract without the full official EVM is possible now!
ETA: when https://github.com/qilingframework/qiling reaches 2000 starts
GitHub
GitHub - groundx/monocerus: Monocerus emulator framework
Monocerus emulator framework. Contribute to groundx/monocerus development by creating an account on GitHub.
Mutiny - mutational fuzzer: Fuzzing Framework and Decept Proxy
https://github.com/Cisco-Talos/mutiny-fuzzer
https://github.com/Cisco-Talos/mutiny-fuzzer
GitHub
GitHub - Cisco-Talos/mutiny-fuzzer
Contribute to Cisco-Talos/mutiny-fuzzer development by creating an account on GitHub.
Fuzzing the Windows Kernel
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/amp/
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/amp/
JavaScript project for fuzzing browser cookies...
https://github.com/javanoscript-utilities/toxic-cookies
const tc = new Toxic_Cookies();
tc.poisionAllCookies();
New Issues and/or Pull Requests are certainly welcomed!
https://github.com/javanoscript-utilities/toxic-cookies
const tc = new Toxic_Cookies();
tc.poisionAllCookies();
New Issues and/or Pull Requests are certainly welcomed!
GitHub
GitHub - javanoscript-utilities/toxic-cookies: Tool for poisoning browser cookies of currently loaded domain
Tool for poisoning browser cookies of currently loaded domain - javanoscript-utilities/toxic-cookies
[PT008] Fuzzing Linux kernel with Syzkaller
https://blog.vincss.net/2020/12/pt008-en-fuzzing-linux-kernel-with-syzkaller.html
Vietnamese version: https://blog.vincss.net/2020/12/pt008-vi-fuzzing-linux-kernel-voi-syzkaller.html
https://blog.vincss.net/2020/12/pt008-en-fuzzing-linux-kernel-with-syzkaller.html
Vietnamese version: https://blog.vincss.net/2020/12/pt008-vi-fuzzing-linux-kernel-voi-syzkaller.html
blog.vincss.net
[PT008] Fuzzing Linux kernel with Syzkaller
Syzkaller is a very effective fuzzer for Linux kernel that has found a lot of bugs in recent years. You may have heard of names like Dirty...
Facebook AI Introduces N-Bref: A Neural-Based Decompiler Framework
https://www.marktechpost.com/2021/01/28/facebook-ai-introduces-n-bref-a-neural-based-decompiler-framework/
https://www.marktechpost.com/2021/01/28/facebook-ai-introduces-n-bref-a-neural-based-decompiler-framework/
MarkTechPost
Facebook AI Introduces N-Bref: A Neural-Based Decompiler Framework
Facebook AI introduces a neural-based decompiler framework called N-Bref, which improves traditional decompilation systems’ performance accuracy. The research led by Jishen Zhao is a collaboration between FAIR and UCSD STABLE Lab. This study presents a comprehensive…
FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques.
http://arxiv.org/abs/2102.02527
https://twitter.com/arxiv_org/status/1357999368788271105
http://arxiv.org/abs/2102.02527
https://twitter.com/arxiv_org/status/1357999368788271105
Twitter
arxiv
FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques. https://t.co/zEOhlaw592
ImHex - Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM.
https://github.com/WerWolv/ImHex
https://github.com/WerWolv/ImHex
GitHub
GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3…
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - WerWolv/ImHex
Learn how to take aim at HTTP attack surfaces in https://twitter.com/Nosoynadiemas series on fuzzing the Apache Web Server
https://securitylab.github.com/research/fuzzing-apache-1
https://securitylab.github.com/research/fuzzing-apache-1
Twitter
Antonio Morales (@Nosoynadiemas) | Twitter
The latest Tweets from Antonio Morales (@Nosoynadiemas). Security Researcher at @GitHub @GHSecurityLab working on OSS
fpicker: Fuzzing with Frida
https://insinuator.net/2021/03/fpicker-fuzzing-with-frida/
Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida.
https://github.com/ttdennis/fpicker
https://insinuator.net/2021/03/fpicker-fuzzing-with-frida/
Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida.
https://github.com/ttdennis/fpicker
USENIX Security '20 - Analysis of DTLS Implementations Using Protocol State Fuzzing
https://youtube.com/watch?v=GSCFqDVCwB0&feature=youtu.be
https://youtube.com/watch?v=GSCFqDVCwB0&feature=youtu.be
YouTube
USENIX Security '20 - Analysis of DTLS Implementations Using Protocol State Fuzzing
Analysis of DTLS Implementations Using Protocol State Fuzzing
Paul Fiterau-Brostean and Bengt Jonsson, Uppsala University; Robert Merget, Ruhr-University Bochum; Joeri de Ruiter, SIDN Labs; Konstantinos Sagonas, Uppsala University; Juraj Somorovsky, Paderborn…
Paul Fiterau-Brostean and Bengt Jonsson, Uppsala University; Robert Merget, Ruhr-University Bochum; Joeri de Ruiter, SIDN Labs; Konstantinos Sagonas, Uppsala University; Juraj Somorovsky, Paderborn…
NDSS 2020 HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
https://youtube.com/watch?v=GmIlLKT_nH8&feature=youtu.be
https://youtube.com/watch?v=GmIlLKT_nH8&feature=youtu.be
YouTube
NDSS 2020 HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
SESSION 1B-1 HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
Applying modern fuzzers to novel targets is often a very lucrative venture. Hypervisors are part of a very critical code base: compromising them could allow an attacker to compromise the whole…
Applying modern fuzzers to novel targets is often a very lucrative venture. Hypervisors are part of a very critical code base: compromising them could allow an attacker to compromise the whole…