Fuzzing IDOR Vulnerability With ZAP! - https://www.youtube.com/watch?v=GAQd85oo6ZU
YouTube
Fuzzing IDOR Vulnerability With ZAP!
Burp is great, but ZAP has been around awhile. ZAP's version of Burp's repeater is so simple to use. I highly recommend adding ZAP to your list of go-to tools.
Thanks for watching
https://www.buymeacoffee.com/redbluelabs
https://apt-secure.ca
0:00-0:38…
Thanks for watching
https://www.buymeacoffee.com/redbluelabs
https://apt-secure.ca
0:00-0:38…
👍1
GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation - https://www.usenix.org/system/files/sec23summer_249-peng-prepub.pdf
👍3
Fuzzing Hidden Directories & Files with Ffuf - https://blog.stealthsecurity.io/fuzzing-hidden-directories-files-with-ffuf/
👍3
Fuzzing goblin (Rust:crab:!) project with Sydr and AFLplusplus - https://github.com/ispras/oss-sydr-fuzz/wiki/Fuzzing-goblin-(Rust:crab:!)-project-with-Sydr-and-AFLplusplus
GitHub
Fuzzing goblin (Rust:crab:!) project with Sydr and AFLplusplus
OSS-Sydr-Fuzz - OSS-Fuzz fork for hybrid fuzzing (fuzzer+DSE) open source software. - Fuzzing goblin (Rust:crab:!) project with Sydr and AFLplusplus · ispras/oss-sydr-fuzz Wiki
🔥7👍1🎉1
Keeping the wolves out of wolfSSL - https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
The Trail of Bits Blog
Keeping the wolves out of wolfSSL
Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS scores ranging from medium to critical, can all result in a denial of service…
🔥3
Comparative fuzzing parallel Rust tools - https://medium.com/@adetaylor/comparative-fuzzing-parallel-rust-tools-fac5ce9c9c2d
Medium
Comparative fuzzing parallel Rust tools
I previously wrote about how we can use Rust’s “fearless concurrency”, resulting in a tool called ripunzip. (Here are some performance…
❤1👍1
Registered Report: Dissecting American Fuzzy Lop: A FuzzBench Evaluation - https://www.s3.eurecom.fr/docs/fuzzing22_fioraldi_report.pdf
🔥2
Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing - https://arxiv.org/pdf/2301.09258.pdf
🔥1
A Framework for Feedback-Enabled Blackbox Fuzzing Using Context-Free Grammars - https://www.diva-portal.org/smash/get/diva2:1729911/FULLTEXT01.pdf
Taking the next step: OSS-Fuzz in 2023 - https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html
Google Online Security Blog
Taking the next step: OSS-Fuzz in 2023
Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016 , Google's free OSS-Fuzz code testing service has helped get over 8800 vul...
👍5
LibAFL 0.9.0 is out - https://github.com/AFLplusplus/LibAFL/releases/tag/0.9.0
GitHub
Release 0.9.0 · AFLplusplus/LibAFL
Highlights
Userspace snapshot-fuzzing using libafl_qemu
QEMU system mode fuzzing with fast snapshots
Tuneable Stage, Scheduler, ScheduledMutator to change behavior on the fly
Differential observer...
Userspace snapshot-fuzzing using libafl_qemu
QEMU system mode fuzzing with fast snapshots
Tuneable Stage, Scheduler, ScheduledMutator to change behavior on the fly
Differential observer...
🔥4
Reachable Coverage: Estimating Saturation in Fuzzing - https://mboehme.github.io/paper/ICSE23.Effectiveness.pdf
🔥1
Research for Practice: The Fun in Fuzzing - https://queue.acm.org/detail.cfm?id=3580504
👍1
Icicle: A Re-Designed Emulator for Grey-Box Firmware Fuzzing - https://arxiv.org/pdf/2301.13346.pdf
👍1
Fuzzers for stateful systems: Survey and Research Directions - https://arxiv.org/pdf/2301.02490.pdf
🔥2
Behind the Scenes: How we are securing our new PDF stack - https://microsoftedge.github.io/edgevr/posts/How-we-are-securing-our-new-PDF-stack/
Microsoft Browser Vulnerability Research
Behind the Scenes: How we are securing our new PDF stack
As we recently published on the Microsoft Edge Dev blog, Adobe and Microsoft are enhancing the PDF experience and value users have come to expect in Microsoft Edge. Adobe brings an unrivalled breadth of experience in the PDF space, and we are looking forward…
👍3
Harness the Power of Cannoli: Implementing a Program Backtrace - https://margin.re/2023/02/harness-the-power-of-cannoli/
Margin Research
Harness the Power of Cannoli: Implementing a Program Backtrace
So, you’ve heard about Cannoli, the high-performance tracing engine, but don’t know where to start. Perhaps you read the source code but don’t understand how to implement your analysis. Or maybe you’re someone who learns by example and finds inspiration in…
🔥1
Can sanitizers find the two bugs I wrote in C++? - https://ahelwer.ca/post/2023-02-07-cpp-bugs-sanitized/
Andrew Helwer
Can sanitizers find the two bugs I wrote in C++?
A few days ago I published a short post about two bugs I wrote while developing the C++ external scanner for my TLA⁺ tree-sitter grammar.
Reactions were mixed!
Many people were supportive, but there …
Reactions were mixed!
Many people were supportive, but there …
Fuzzing ATM/POS protocols like a Boss - https://www.linkedin.com/pulse/fuzzing-atmpos-protocols-like-boss-karim-reda-fakhir/?published=t
Linkedin
Fuzzing ATM/POS protocols like a Boss
Context Generally Buffers overflow family targets common protocols like HTTP,SMB,FTP,… ; indeed there is lack of papers, tools, exploits targeting financial/payment protocols like NDC and ISO8385. In this article I present two fuzzers for the protocols ISO8385…
👍2
Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge - https://youtu.be/2bTmB3cwhxs
YouTube
Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge
📥 Download source code and materials: https://academy.fuzzinglabs.com/introduction-to-ethereum-security?coupon=YOUTUBE
In this video, I will show how to run and customize Foundry/Forge to fuzz an Ethereum smart contract in Solidity. I will also mention…
In this video, I will show how to run and customize Foundry/Forge to fuzz an Ethereum smart contract in Solidity. I will also mention…
👍4