Solana - JIT - Lessons from fuzzing a smart contract compiler - https://www.youtube.com/watch?v=8E7XOHQiRPE
YouTube
DEF CON 30 - Thomas Roth , Solana - JIT - Lessons from fuzzing a smart contract compiler
Solana is a blockchain with a $37 billion dollar market cap with the security of that chain relying on the security of the smart contracts on the chain - and we found very little research on the actual execution environment of those contracts. In contrast…
Concurrence: library for fuzzing multi-threaded targets - https://github.com/googleprojectzero/SockFuzzer/tree/main/third_party/concurrence
GitHub
SockFuzzer/third_party/concurrence at main · googleprojectzero/SockFuzzer
Contribute to googleprojectzero/SockFuzzer development by creating an account on GitHub.
ISLa is a grammar-aware string constraint solver with its own specification language - https://rindphi.github.io/isla/
ISLa Specs
ISLa: Inputs on Demand!
ISLa is a grammar-aware string constraint solver with its own specification language.
👍1
Fuzzing XSS Sanitizers for Fun and Profit - https://youtu.be/gJGbS8UELGw
YouTube
Fuzzing XSS Sanitizers for Fun and Profit | Tom Anthony
In 1998 Tom was arrested for hacking, and was told he was looking at over 270 years in prison. Time for a career change! Tom went on to a life as an academic, earning a PhD in Artificial Intelligence, before starting a career as an SEO consultant (you think…
Replicating OpenSSL vulnerabilities with OpenSSL test cases and finding them with libfuzzer - https://youtu.be/vhTuXph1dtY
YouTube
[Vulnerability Analysis] How to replicate OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786
0:00 introduction
0:32 Looking at the fixed code
05:08 Cloning OpenSSL Repo and looking at the code
11:05 Compiling OpenSSL-3.0.7 version
13:21 Running test case binary
14:40 Getting vulnerable version of OpenSSL
16:32 Copying test cases for CVEs from openssl…
0:32 Looking at the fixed code
05:08 Cloning OpenSSL Repo and looking at the code
11:05 Compiling OpenSSL-3.0.7 version
13:21 Running test case binary
14:40 Getting vulnerable version of OpenSSL
16:32 Copying test cases for CVEs from openssl…
🔥2
GopherCon 2022: Katie Hockman - Fuzz Testing Made Easy - https://www.youtube.com/watch?v=7KWPiRq3ZYI
YouTube
GopherCon 2022: Fuzz Testing Made Easy - Katie Hockman
Go now supports fuzz testing natively as of Go 1.18, a tool that can be used to identify bugs and security vulnerabilities in your code. This talk will discuss how and why fuzzing can be used in Go, introduce differential fuzzing, and describe the mechanics…
👍1
Symbolic Triage: Making the Best of a Good Situation - https://www.atredis.com/blog/2022/10/29/symbolic-triage-making-the-best-of-a-good-situation
Atredis Partners
Symbolic Triage: Making the Best of a Good Situation — Atredis Partners
Symbolic Execution can get a bad rap. Generic symbex tools have a hard time proving their worth when confronted with a sufficiently complex target. However, I have found symbolic execution can be very helpful in certain targeted situations. One of those situations…
👍1
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries - https://blog.impalabs.com/2211_hyperpom.html
Impalabs
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
Impalabs is releasing Hyperpom, a 64-bit ARM binary fuzzer written in Rust and based on the Apple Silicon's hypervisor. It is mutation-based and coverage-guided. This article gives an overview of its internals, presents the different components it consists…
👍1🔥1
ajpfuzzer: A command-line fuzzer for the Apache JServ Protocol (ajp13) - https://github.com/doyensec/ajpfuzzer
GitHub
GitHub - doyensec/ajpfuzzer: A command-line fuzzer for the Apache JServ Protocol (ajp13)
A command-line fuzzer for the Apache JServ Protocol (ajp13) - doyensec/ajpfuzzer
Learn how to fuzz like a pro: Introduction to (smart contract) fuzzing - https://www.youtube.com/watch?v=QofNQxW_K08
YouTube
Learn how to fuzz like a pro: Introduction to fuzzing
Trail of Bits engineer Anish Naik guides you through Echidna, our Ethereum smart contract fuzzer. We will cover fuzzer setup, how to identify invariants—from simple to complex—and how to translate these invariants into code.
You can find more tutorials on…
You can find more tutorials on…
🔥3
Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing - https://www.youtube.com/watch?v=OpQvXGJcH4s
YouTube
Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing
Finding concurrency bugs has presented a challenge for security and development teams. Race condition-based vulnerabilities are a growing category of bugs reported to vendors and have been observed in in-the-wild exploits. Coverage-guided fuzzing has been…
👍4
[Fuzzing with Jackalope] How to install jackalope and fuzz a simple program on MacOS - https://www.youtube.com/watch?v=rXbaHSXiCtg
YouTube
[MacOS Fuzzing] How to install jackalope and fuzz a simple program on MacOS
00:00 Introduction
01:30 Cloning and compiling jackalope
04:45 Jackalope command line options
08:11 Damn Vulnerable C program compilation
11:05 Finding fuzzing function
12:43 Fuzzing with jackalope
17:30 Conclusion
In this video, we will show you how to…
01:30 Cloning and compiling jackalope
04:45 Jackalope command line options
08:11 Damn Vulnerable C program compilation
11:05 Finding fuzzing function
12:43 Fuzzing with jackalope
17:30 Conclusion
In this video, we will show you how to…
A Journey into Fuzzing WebAssembly Virtual Machine [BHUSA 2022] - https://youtu.be/fnprmz2IBm0
YouTube
A Journey into Fuzzing WebAssembly Virtual Machine [BHUSA 2022]
📥 Slides: https://fuzzinglabs.com/wp-content/uploads/2022/08/BHUSA22_fuzzing_webassembly_vm_patrick_ventuzelo.pdf
Since the MVP release in 2017, WebAssembly evolve gradually, bringing new adepts and new VM implementations over time. It’s now possible to…
Since the MVP release in 2017, WebAssembly evolve gradually, bringing new adepts and new VM implementations over time. It’s now possible to…
👍2
🤯 Mind-Blowing examples of OpenAI ChatGPT for Security, Infosec & Hacking - https://youtu.be/mh7wzbWAHFE
YouTube
🤯 Mind-Blowing examples of OpenAI ChatGPT for Security, Infosec & Hacking
It's just mind-blowing! it's so impressive that this AI is able to answer such complex subjects as exploitation, reversing, decompilation, etc.
The is a huge potential for us in the future to go even faster into learning IT security and hacking by being helped…
The is a huge potential for us in the future to go even faster into learning IT security and hacking by being helped…
🔥6
Fuzzing ping(8) … and finding a 24 year old bug - https://tlakh.xyz/fuzzing-ping.html
fpicker-aflpp-android: About Fpicker with AFL++ on Android (device or emulator) - https://github.com/marcinguy/fpicker-aflpp-android
GitHub
GitHub - marcinguy/fpicker-aflpp-android
Contribute to marcinguy/fpicker-aflpp-android development by creating an account on GitHub.
🔥2
[OpenAI ChatGPT] ChatGPT for programming, infosec, fuzzing and day to day use - Part1 - https://youtu.be/PKOtDJIwCjM
YouTube
[OpenAI ChatGPT] Mind blowing ChatGPT examples for programming, infosec, fuzzing and day to day use
00:00 Introduction
00:42 Chat GPT overview
02:20 Writing a song for hackers
04:00 Getting a rental agreement and name change application from ChatGPT
05:55 Programming
08:00 Security related things fuzzing, identifying vulnerabilities, writing a fuzzer etc.…
00:42 Chat GPT overview
02:20 Writing a song for hackers
04:00 Getting a rental agreement and name change application from ChatGPT
05:55 Programming
08:00 Security related things fuzzing, identifying vulnerabilities, writing a fuzzer etc.…
👍1
YARPGen: A Compiler Fuzzer for Loop Optimizations and Data-Parallel Languages - https://www.youtube.com/watch?v=Yyj2Fex9yEo
YouTube
2022 LLVM Dev Mtg: YARPGen: A Compiler Fuzzer for Loop Optimizations and Data-Parallel Languages
2022 LLVM Developers' Meeting
https://llvm.org/devmtg/2022-11/
------
YARPGen: A Compiler Fuzzer for Loop Optimizations and Data-Parallel Languages
Speaker: Vsevolod Livinskii
------
Slides: https://llvm.org/devmtg/2022-11/slides/TechTalk20-YARPGen-CompilerFuzzer.pdf…
https://llvm.org/devmtg/2022-11/
------
YARPGen: A Compiler Fuzzer for Loop Optimizations and Data-Parallel Languages
Speaker: Vsevolod Livinskii
------
Slides: https://llvm.org/devmtg/2022-11/slides/TechTalk20-YARPGen-CompilerFuzzer.pdf…
👍4
How OSS-Fuzz Works: A Guide to Fuzz Testing for Open Source Projects - https://youtu.be/OBxCDsJ-0aM
YouTube
[Fuzzing with OSS-Fuzz] How OSS-Fuzz Works: A Guide to Fuzz Testing for Open Source Projects
00:00 Introduction
00:30 What is oss-fuzz
03:50 oss-fuzz github repo, projects, dockers files etc.
07:35 Understaning libtiff oss-fuzz build file and fuzzing harness
18:21 Configuring oss-fuzz on local system creating docker image and building fuzzers
25:16…
00:30 What is oss-fuzz
03:50 oss-fuzz github repo, projects, dockers files etc.
07:35 Understaning libtiff oss-fuzz build file and fuzzing harness
18:21 Configuring oss-fuzz on local system creating docker image and building fuzzers
25:16…
👍1
How to fuzz your Java projects using CI Fuzz CLI in Gradle - https://youtu.be/sBycRQfnAv4
YouTube
How to fuzz your Java projects using CI Fuzz CLI in Gradle
With CI Fuzz CLI, Java, developers can integrate fuzz tests into their unit testing setups (e.g. JUnit).
In this video, Josh demos how easy this can be done in Gradle.
For a deeper dive, check out our live stream: https://www.code-intelligence.com/webinar/beyond…
In this video, Josh demos how easy this can be done in Gradle.
For a deeper dive, check out our live stream: https://www.code-intelligence.com/webinar/beyond…