Fuzz Introspector: optimizing fuzzing workflows - https://openssf.org/blog/2023/07/20/fuzz-introspector-optimizing-fuzzing-workflows/
π3
Fuzzing on-chain contracts with Echidna - https://blog.trailofbits.com/2023/07/21/fuzzing-on-chain-contracts-with-echidna/
The Trail of Bits Blog
Fuzzing on-chain contracts with Echidna
With the release of version 2.1.0 of Echidna, our fuzzing tool for Ethereum smart contracts, weβve introduced new features for direct retrieval of on-chain data, such as contract code and storage slot values. This data can be used to fuzz deployed contractsβ¦
π1
Zenbleed: use-after-free in AMD Zen2 processors - https://lock.cmpxchg8b.com/zenbleed.html
Cmpxchg8B
Zenbleed
π3
Testing and Fuzzing the Kubernetes Admission Configuration - https://troopers.de/troopers23/talks/cffrvv/
troopers.de
Testing and Fuzzing the Kubernetes Admission Configuration
TROOPERS is more than just an infoSec con. Hands-on, high-end knowledge sharing leaves you motivated and charged to
π2
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework - https://aws.amazon.com/blogs/opensource/announcing-snapchange-an-open-source-kvm-backed-snapshot-fuzzing-framework/
Amazon
Announcing Snapchange: An Open Source KVM-backed Snapshot Fuzzing Framework | Amazon Web Services
Today we are happy to announce Snapchange, a new open source fuzzing tool from the AWS Find and Fix (F2) open source security research team.
π₯3π1
AFLSmart++: Smarter Greybox Fuzzing - https://thuanpv.github.io/publications/AFLSmart_plusplus_SBFT23.pdf
FUZZING β23: 2nd International Fuzzing Workshop papers - https://dl.acm.org/doi/pdf/10.1145/3605157
ACM Conferences
Proceedings of the 2nd International Fuzzing Workshop | ACM Conferences
It is our great pleasure to welcome you to the 2nd International Workshop on Fuzzing (FUZZING 2023), co-located with ISSTA in Seattle, Washington, USA on 17 July 2023. This workshop is the continua...
π₯1
The art of fuzzing-A Step-by-Step Guide to Coverage-Guided Fuzzing with LibFuzzer - https://aviii.hashnode.dev/the-art-of-fuzzing-a-step-by-step-guide-to-coverage-guided-fuzzing-with-libfuzzer
π2
Fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification - https://github.com/avolens/kubefuzz
GitHub
GitHub - avolens/kubefuzz: Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing theβ¦
Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification. - avolens/kubefuzz
π4
Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge - https://www.usenix.org/system/files/usenixsecurity23-bars.pdf
π1
MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced
Synchronizable Co-simulation - https://www.usenix.org/system/files/sec23fall-prepub-7-xu-jinyan.pdf
Synchronizable Co-simulation - https://www.usenix.org/system/files/sec23fall-prepub-7-xu-jinyan.pdf
π1
Fuzz4All: Universal Fuzzing via Large Language Models - https://arxiv.org/pdf/2308.04748.pdf
AI-Powered Fuzzing: Breaking the Bug Hunting Barrier - https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html?m=1
Googleblog
AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team Since 2016, OSS-Fuzz has been at the forefront of automated v...
π₯8
How to Build a Fuzzing Corpus - https://blog.isosceles.com/how-to-build-a-corpus-for-fuzzing/
Isosceles Blog
How to Build a Fuzzing Corpus
Fuzzing for security vulnerabilities is a strange thing. Throwing randomly generated or mutated data at an application until it crashes sounds like an extremely primitive way to find vulnerabilities, and yet the last decade is full of fuzzing success stories.β¦
MachFuzzer: Fuzzing IPC with Knowledge Inference - https://wcventure.github.io/FuzzingPaper/Paper/SRDS19_MachFuzzer.pdf
Google tutorials, examples, discussions, research proposals, and other resources related to fuzzing - https://github.com/google/fuzzing
GitHub
GitHub - google/fuzzing: Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
Tutorials, examples, discussions, research proposals, and other resources related to fuzzing - google/fuzzing
Exploit Equivalence Classes - https://blog.isosceles.com/exploit-equivalence-classes/
Isosceles Blog
Exploit Equivalence Classes
A long time ago I went to a small university in New Zealand to get a math degree. It was one of those things that happened mostly through inertia -- like most kids I knew, I wasn't super interested in studying. I signed up for a bunch of classes, but
Application security orchestration with GitHub Advanced Security - https://github.blog/2023-03-08-application-security-orchestration-with-github-advanced-security/
The GitHub Blog
Application security orchestration with GitHub Advanced Security
Learn how teams can leverage the power of GitHub Advanced Securityβs code scanning and GitHub Actions to integrate the right security testing tools at the right time.
π1