GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days - https://youtu.be/oz_GLVbJllI
YouTube
GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days
I gave some snippets of code (where I already found bugs) to OpenAI GPT-4 and I ask him to find vulnerabilities for me. It's mind-blowing, it even found some 0 days.
#ChatGPT #gpt4 #bugbounty
==== 💻 FuzzingLabs Training ====
- C/C++ Whitebox Fuzzing:…
#ChatGPT #gpt4 #bugbounty
==== 💻 FuzzingLabs Training ====
- C/C++ Whitebox Fuzzing:…
👍3😁1
How to avoid the aCropalypse - https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/
The Trail of Bits Blog
How to avoid the aCropalypse
The aCropalypse is upon us! Last week, news about CVE-2023-21036, nicknamed the “aCropalypse,” spread across Twitter and other media, and I quickly realized that the underlying flaw could be detected by our tool, PolyTracker. I’ll explain how PolyTracker…
UTopia: From Unit Tests To Fuzzing - https://research.samsung.com/blog/UTopia-From-unit-tests-to-fuzzing
BLOG | Samsung Research
UTopia: From Unit Tests To Fuzzing
👍1
Random Fuzzy Thoughts - https://tigerbeetle.com/blog/2023-03-28-random-fuzzy-thoughts/
VIDEZZO: Dependency-aware Virtual Device Fuzzing - https://nebelwelt.net/files/23Oakland4.pdf / https://github.com/HexHive/ViDeZZo
👍1
Fuzzing Web Applications with Wfuzz - https://www.youtube.com/watch?v=008QxzctzqQ
YouTube
Fuzzing Web Applications with Wfuzz | CTF Walkthrough
In this video walk-through, we covered Fuzzing Web Applications with Wfuzz specifically fuzzing API endpoints. This was part of HackThe OWASP TOP 10 Track baby todo or not todo challenge.
**********
Receive Cyber Security Field Notes, Certification Notes…
**********
Receive Cyber Security Field Notes, Certification Notes…
❤1😁1
EF/CF - Extremely Fast smart Contract Fuzzing (evm2cpp + AFL++) - https://github.com/uni-due-syssec/efcf-framework
GitHub
GitHub - uni-due-syssec/efcf-framework: EF/CF - Extremely Fast smart Contract Fuzzing
EF/CF - Extremely Fast smart Contract Fuzzing . Contribute to uni-due-syssec/efcf-framework development by creating an account on GitHub.
👍4
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services - https://blog.thalium.re/posts/fuzzing-samsung-system-services/
THALIUM
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed…
Why fuzzing tools should be part of your security toolkit - https://snyk.io/blog/fuzzing-tools-in-your-security-toolkit/
Snyk
Why fuzzing tools should be part of your security toolkit | Snyk
To understand how fuzzing tools improve security, let’s explore the benefits of fuzzing, discuss some use cases for fuzzing, and review an example of how fuzzing would work in a real-world test.
👍2
Buzzer - An eBPF Fuzzer toolchain - https://github.com/google/buzzer
GitHub
GitHub - google/buzzer
Contribute to google/buzzer development by creating an account on GitHub.
👍2❤1
ityfuzz: Blazing Fast Hybrid Fuzzer for Smart Contracts - https://github.com/fuzzland/ityfuzz/
GitHub
GitHub - fuzzland/ityfuzz: Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts
Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts - fuzzland/ityfuzz
❤1👍1😁1
Using AI to find software vulnerabilities in XNU - https://www.inulledmyself.com/2023/05/using-ai-to-find-software.html
Inulledmyself
Using AI to find software vulnerabilities in XNU
Note : This work took place in May-Aug of 2022. It just took me this long to finally finish writing this (Too busy playing with my SRD 😅) L...
🔥2❤1
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework - https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
Amazon
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework | Amazon Web Services
Today we are happy to announce Snapchange, a new open source fuzzing tool from the AWS Find and Fix (F2) open source security research team.
👍3
CS:GO: From Zero to 0-day - https://neodyme.io/blog/csgo_from_zero_to_0day/
neodyme.io
CS:GO: From Zero to 0-day
We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our…
❤6
$22k awarded to SBFT ‘23 fuzzing competition winners - https://security.googleblog.com/2023/05/22k-awarded-to-sbft-23-fuzzing.html
Google Online Security Blog
$22k awarded to SBFT ‘23 fuzzing competition winners
Dongge Liu, Jonathan Metzman and Oliver Chang, Google Open Source Security Team Google’s Open Source Security Team recently sponsored a fuzz...
🤩2
Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0 - https://github.com/star-sg/Presentations/blob/main/Offensivecon%202023/Unearthing%20Vulnerabilities%20in%20the%20Apple%20Ecosystem%20The%20Art%20of%20KidFuzzerV2.0.pdf
GitHub
Presentations/Offensivecon 2023/Unearthing Vulnerabilities in the Apple Ecosystem The Art of KidFuzzerV2.0.pdf at main · star-…
Contribute to star-sg/Presentations development by creating an account on GitHub.