Extracting a 19 Year Old Code Execution from WinRAR https://research.checkpoint.com/extracting-code-execution-from-winrar/ #expdev #afl #fuzzing
Check Point Research
Extracting a 19 Year Old Code Execution from WinRAR - Check Point Research
Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and…
Fuzzing Adobe Reader for exploitable vulns using AFL
https://kciredor.com/fuzzing-adobe-reader-for-exploitable-vulns-fun-not-profit.html #fuzzing
https://kciredor.com/fuzzing-adobe-reader-for-exploitable-vulns-fun-not-profit.html #fuzzing
kciredor’s engineering and security blog
Fuzzing Adobe Reader for exploitable vulns (fun != profit)
Binaries vs websites It has been half a year since my last blog post covering an IDOR in a website API. About time to write about something new and hopefully interesting! Having switched my focus from websites to binaries a new world opened up to me.
Modular And Compositional analysis with KLEE Engine https://github.com/tum-i22/macke #klee #symbolic #fuzzing
GitHub
GitHub - tum-i4/macke: Modular And Compositional analysis with KLEE Engine
Modular And Compositional analysis with KLEE Engine - tum-i4/macke
A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU
https://github.com/andreafioraldi/WineAFLplusplusDEMO #fuzzing
https://github.com/andreafioraldi/WineAFLplusplusDEMO #fuzzing
GitHub
GitHub - AFLplusplus/Fuzz-With-Wine-Demo: A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU
A set of helpers and examples to fuzz Win32 binaries with AFL++ QEMU - AFLplusplus/Fuzz-With-Wine-Demo
FI(le) SY(stem) - full file system fuzzing framework
Source: https://github.com/0xricksanchez/fisy-fuzz
Video from HITB 2020: https://www.youtube.com/watch?v=VNzKVOsn5qQ&feature=youtu.be&t=17032
Materials: https://github.com/0xricksanchez/HITB2020_FSFUZZER
#fuzzing
Source: https://github.com/0xricksanchez/fisy-fuzz
Video from HITB 2020: https://www.youtube.com/watch?v=VNzKVOsn5qQ&feature=youtu.be&t=17032
Materials: https://github.com/0xricksanchez/HITB2020_FSFUZZER
#fuzzing
GitHub
GitHub - 0xricksanchez/fisy-fuzz: This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown…
This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April. - 0xricksanchez/fisy-fuzz
The release of hypothesis package 5.41.5 is now available. 🥳
A library for property-based testing
https://github.com/HypothesisWorks/hypothesis
#python #fuzzing #testing #hypothesis #propertybasedtesting
A library for property-based testing
https://github.com/HypothesisWorks/hypothesis
#python #fuzzing #testing #hypothesis #propertybasedtesting
GitHub
GitHub - HypothesisWorks/hypothesis: The property-based testing library for Python
The property-based testing library for Python. Contribute to HypothesisWorks/hypothesis development by creating an account on GitHub.
afl++ 3.00c has arrived! Huge performance increase, great new features, many default+structural changes ... read the top of the README!
https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.0c #fuzz #fuzzer #fuzzing #afl
https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.0c #fuzz #fuzzer #fuzzing #afl
GitHub
Release 3.00c · AFLplusplus/AFLplusplus
Version ++3.00c (release)
llvm_mode/ and gcc_plugin/ moved to instrumentation/
examples/ renamed to utils/
moved libdislocator, libtokencap and qdbi_mode to utils/
all compilers combined to afl-cc...
llvm_mode/ and gcc_plugin/ moved to instrumentation/
examples/ renamed to utils/
moved libdislocator, libtokencap and qdbi_mode to utils/
all compilers combined to afl-cc...
#fuzzing v8
Fuzzing Chromes JavaScript Engine v8
https://apt29a.blogspot.com/2022/01/fuzzing-chromes-javascript-engine-v8.html
Fuzzing Chromes JavaScript Engine v8
https://apt29a.blogspot.com/2022/01/fuzzing-chromes-javascript-engine-v8.html
Blogspot
Fuzzing Chromes JavaScript Engine v8
tltr; I developed a coverage-guided (v8) JavaScript fuzzer similar to Fuzzilli (but without an intermediate language and developed in Py...