Background

Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes ...

Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering The US Defense Advanced Research Projects Agency, DARPA , rec...

Lyrics:

[Verse]
In the code we search and find
Tiny glitches intertwined
Through the bytes we take a spin
Fuzzing makes the errors thin

[Verse 2]
With each cycle tests unfold
In the depths where bugs are bold
Patterns break and flaws appear
Fuzzing shows…

Okay, if you’re reading this, you probably know what fuzzing is. As an incredibly reductive summary: fuzzing is an automated, random testing process which tries to explore the state space (e.g., different interpretations of the input or behaviour) of a program…

syzkaller, our award-winning kernel fuzzer
https://t.co/fHjR40rzU8

got snapshot-based mode
https://t.co/YIY1gR3617

It's not very fast but based 100% on stock qemu: savevm/loadvm+ivshmem

Significantly improves reproducibility for corpus&crashes but we just…

Fuzzing applications needs no introduction, and I have written about some interesting problems related to fuzzing in the past [0][1][2][3]. At scale, fuzzing has traditionally focused on compiled binaries and detecting crashes and other memory corruption…

Fuzz anything with Program Environment Fuzzing. Contribute to GJDuck/EnvFuzz development by creating an account on GitHub.

Hello everyone,

Hey Everyone,

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries.

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor.

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.