One Weird Trick to Improve Bug Finding With ASAN - https://landaire.net/one-weird-asan-trick/
landaire.net
One Weird Trick to Improve Bug Finding With ASAN
A light exploration into how abstractions harm ASAN's effectiveness
👍3
cURL audit: How a joke led to significant findings - https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
The Trail of Bits Blog
cURL audit: How a joke led to significant findings
In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Trail of Bits maker week, which meant that we had more manpower than we usually…
❤1👍1
The Hunt for CVE-2023-0286: Replicating OpenSSL's Latest Vulnerability - https://www.youtube.com/watch?v=_sh7qUUx9eo
YouTube
The Hunt for CVE-2023-0286: Replicating OpenSSL's Latest Vulnerability
In this video, we take a deep dive into the recently discovered vulnerability in #OpenSSL, #CVE-2023-0286. We'll show you how to replicate the vulnerability using OpenSSL's test case, and walk through the steps taken to fix the issue.
We'll also cover how…
We'll also cover how…
👍1
CODAMOSA: Escaping Coverage Plateaus in Test Generation with Pre-trained Large Language Models - https://www.carolemieux.com/codamosa_icse23.pdf
👍1
How To Fuzz JavaScript With Jest And Jazzer.Js - https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js
Code-Intelligence
How to Fuzz JavaScript with Jest and Jazzer.js
Learn how to fuzz JavaScript using Jest. With the integration of the open-source fuzzing engine Jazzer.js, JavaScript fuzzing is as easy as unit testing.
UDS Fuzzing and the Path to Game Over - https://youtu.be/c_DqxHmH7kc
YouTube
TROOPERS22: UDS Fuzzing and the Path to Game Over
Talk by Thomas Sermpinis - 30.06.2022
#TROOPERS22 #ITsecurity
https://troopers.de/troopers22/agenda/tr22-993-uds-fuzzing-and-the-path-to-game-over/
More impressions:
https://twitter.com/WEareTROOPERS
https://twitter.com/ERNW_ITSec
https://infosec.exch…
#TROOPERS22 #ITsecurity
https://troopers.de/troopers22/agenda/tr22-993-uds-fuzzing-and-the-path-to-game-over/
More impressions:
https://twitter.com/WEareTROOPERS
https://twitter.com/ERNW_ITSec
https://infosec.exch…
CI Rewind - Introduction to JavaScript Fuzzing - https://www.youtube.com/watch?v=caRTEawjL1Q
YouTube
CI Rewind - Introduction to JavaScript Fuzzing
JavaScript is widely used in backend and frontend applications that rely on trust and good user experience, including e-commerce platforms, and consumer-apps. Fuzz testing helps secure these applications against bugs and vulnerabilities that cause downtime…
Using the "World's Worst Fuzzer" To Find A Kernel Bug In The FiiO M6 - https://stigward.github.io/posts/fiio-m6-kernel-bug/
Stigward’s Security Journal
Rooting the FiiO M6 - Part 1 - Using the “World’s Worst Fuzzer” To Find A Kernel Bug
Overview: A few months ago, I was cleaning off my hardware workbench when I came across my FiiO M6, an Android-based “portable high-resolution lossless music player”. I originally purchased the device to aid in my language learning studies and dabble in the…
Hacking APIs: Fuzzing 101 - https://youtu.be/M_guA0wjrLg
YouTube
Hacking APIs: Fuzzing 101
00:00 Intro
00:34 What is Fuzzing?
02:00 Hands-on lab
13:18 Outro
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com
Sponsorship…
00:34 What is Fuzzing?
02:00 Hands-on lab
13:18 Outro
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com
Sponsorship…
🔥1
Recon 2019 - Vectorized Emulation Putting it all together by Brandon Falk - https://youtu.be/UKuIohEnqvU
YouTube
Recon 2019 - Vectorized Emulation Putting it all together by Brandon Falk
Vectorized emulation leverages AVX-512 to run 8 64-bit (or 16 32-bit) VMs in parallel per core. By running 8 VMs in lock step, we can determine very cheaply when a VM diverged due to the input. This allows us to track what aspects of the fuzz input caused…
🔥2
PRINCIPAL LANGUAGE FUZZING ENGINEER - https://www.epicgames.com/site/en-US/careers/jobs/4572681004
Epic Games
Join Epic Games Today! See Our Latest Career and Job Opportunities.
Visit Epic Games Careers to see the latest jobs and employment opportunities. Join an exciting team pushing the limits in gaming and interactive entertainment.
🤯3👍2
Large Language Models are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models - https://arxiv.org/pdf/2212.14834.pdf
🤯1
$100,000 in Bug Bounty 💸 by learning Smart Contract Auditing from CODE4RENA Reports! - https://youtu.be/gPgMW_kheFU
YouTube
$100,000 in Bug Bounty 💸 by learning Smart Contract Auditing from CODE4RENA Reports!
📥 Download source code and materials: https://academy.fuzzinglabs.com/introduction-to-ethereum-security?coupon=YOUTUBE
How to become an Ethereum/Solidity smart contract auditor? Where to start? How to improve your smart contract auditing process? Which…
How to become an Ethereum/Solidity smart contract auditor? Where to start? How to improve your smart contract auditing process? Which…
❤3🔥2